SlideShare a Scribd company logo
Who Are You and What Do You Want?
Working with OAuth in SharePoint 2013
CKS:DEV
The
SharePoint
Cowboy
Patterns
&
Practices
Eric Shupps
www.sharepointcowboy.com eshupps@binarywave.com facebook.com/sharepointcowboy @eshupps
Introduction
Farms
On Premise
Apps
OAuth
+
SharePoint
Servers
Cloud
Apps
Agenda
INTRODUCTION
authorization
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
User requests access App requests
Request Token
Provider returns
Request Token
App builds auth link
w/ Request Token
User requests URL +
Request Token
Provider returns
access token
User requests URL +
Access Token
App validates access
token
Access token
validated
User granted
access
1
2
3
User requests access App requests
Request Token
Provider returns
Request Token
App builds auth link
w/ Request Token
User requests URL +
Access Token
App validates access
token
Access token
validated
User granted
access
1
2
OAuth in SharePoint 2013
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Manages identity information for principals (STS)Identity Provider
Handles requests for trusted identity claimsSecurity Token Service
Identity provider associated with a web applicationIdentity Token Issuer
Trusted resource (farm, server, etc.)Security Token Issuer
Resource information and signing certificate (JSON)Metadata Endpoint
Used to request permission to protected resourceRequest Token
Used by App to access resource on behalf of userAccess Token
Operation scope for authorizationRealm
Cloud-based security token service (IP-STS)Azure ACS
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Farms
COLLABORATE
My Sites
Content
Distributed Roles
Enterprise Features
Managed Metadata
Search
Shared Service Applications
Request Management
Consumer
Export Root & STS Certificates
Copy Certificates
Import root certificate(s) and
create trusted root authority
Provider
Export Root Certificate
Copy Certificates
Import STS Certificate
Create Trusted Service Token
Issuer
Import root certificate(s) and
create trusted root authority
Consumer Provider
Create Trusted Root Authority
Set Authentication Realm
Create Trusted Security Token
Issuer
Create App Principals
Create Trusted Root Authority
Create Trusted Security Token
Issuer
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Servers
Other
Lync
Office Web Applications
Workflow
Servers
Exchange
Certificates Metadata
Create security token issuer
Assign app principal permissions
Install client components
Export/Import certificates
Create root authorities
Execute configuration scripts
Execute configuration scripts
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Apps
App establishes context
SP validates S2S trust
App requests access token from SP
Browser POSTS parameters to App
SP returns parameters
User browses to App
User Permissions
App behaves in context of user
Consistent across all requests
Specific access rights and
scope requested by app
App Only Permissions
Granted on app installation
Establish client context
Get access token with S2S
Get claims from Windows identity
Get request parameters
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
CLOUD
App establishes context
ACS provides access token
App requests access token from ACS
Browser POSTS request token to app
SP sends request tokens to browser
SP gets request token from ACS
User browses to app
Get client context from SP with access token
Get access token
Read and validate context token
Parse out Context Token
Get POST parameters from SP
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Description Link
OAuth Working Group http://oauth.net/
OAuth Resource Guide http://bit.ly/14CWPNb
Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh
Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3
Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl
What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv
Creating High-Trust apps with S2S http://bit.ly/18RL8uL

More Related Content

What's hot (20)

PPTX
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Eric Shupps
 
PPTX
SharePoint 2010 Application Development Overview
Rob Windsor
 
DOCX
Working With Sharepoint 2013 Apps Development
Pankaj Srivastava
 
PPTX
Advanced SharePoint Web Part Development
Rob Windsor
 
PPTX
Lyudmila Zharova: Developing Solutions for SharePoint 2010 Using the Client O...
SharePoint Saturday NY
 
PPTX
SharePoint 2010 Client-side Object Model
Phil Wicklund
 
PPTX
[SharePoint Korea Conference 2013 / 강율구] Sharepoint 스마트하게 개발하기
lanslote
 
PPTX
Introduction to SharePoint 2013 REST API
QUONTRASOLUTIONS
 
PPTX
SharePoint 2013 APIs
John Calvert
 
PDF
Developing an intranet on office 365
Eric Shupps
 
PPTX
SPFx Webinar Loading SharePoint data in a SPFx Webpart
Jenkins NS
 
PDF
Rest web services
Paulo Gandra de Sousa
 
PPTX
ASP.NET Web API
habib_786
 
PPT
The RESTful Soa Datagrid with Oracle
Emiliano Pecis
 
PDF
Understanding and testing restful web services
mwinteringham
 
PPTX
How to call REST API without knowing any programming languages
Marc Leinbach
 
PPTX
Restful web services ppt
OECLIB Odisha Electronics Control Library
 
PPTX
REST & RESTful Web Services
Halil Burak Cetinkaya
 
PPSX
Rest api standards and best practices
Ankita Mahajan
 
PDF
Doing REST Right
Kerry Buckley
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Eric Shupps
 
SharePoint 2010 Application Development Overview
Rob Windsor
 
Working With Sharepoint 2013 Apps Development
Pankaj Srivastava
 
Advanced SharePoint Web Part Development
Rob Windsor
 
Lyudmila Zharova: Developing Solutions for SharePoint 2010 Using the Client O...
SharePoint Saturday NY
 
SharePoint 2010 Client-side Object Model
Phil Wicklund
 
[SharePoint Korea Conference 2013 / 강율구] Sharepoint 스마트하게 개발하기
lanslote
 
Introduction to SharePoint 2013 REST API
QUONTRASOLUTIONS
 
SharePoint 2013 APIs
John Calvert
 
Developing an intranet on office 365
Eric Shupps
 
SPFx Webinar Loading SharePoint data in a SPFx Webpart
Jenkins NS
 
Rest web services
Paulo Gandra de Sousa
 
ASP.NET Web API
habib_786
 
The RESTful Soa Datagrid with Oracle
Emiliano Pecis
 
Understanding and testing restful web services
mwinteringham
 
How to call REST API without knowing any programming languages
Marc Leinbach
 
REST & RESTful Web Services
Halil Burak Cetinkaya
 
Rest api standards and best practices
Ankita Mahajan
 
Doing REST Right
Kerry Buckley
 

Similar to Who Are You and What Do You Want? Working with OAuth in SharePoint 2013. (20)

PDF
SPUnite17 Who Are You and What Do You Want
NCCOMMS
 
PDF
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...
Eric Shupps
 
PPTX
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
PDF
Creating cloud ready enterprise applications with the sharepoint 2013 app model
InnoTech
 
PPTX
SharePoint and Office Development Workshop
Eric Shupps
 
PPTX
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
PPTX
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
PPTX
Spsbe15 high-trust apps for on-premises development
BIWUG
 
PPTX
SPS Belgium 2015 - High-trust Apps for On-Premises Development
Edin Kapic
 
PDF
Webinar - Migrating Legacy On Premise Solutions to SharePoint Online and Wind...
Eric Shupps
 
PPTX
High-Trust Add-Ins SharePoint for On-Premises Development
Edin Kapic
 
PPTX
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
PDF
e-SUAP - Security - Windows azure access control list (english version)
Sabino Labarile
 
PPTX
Securing SharePoint Apps with OAuth
Kashif Imran
 
PPTX
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Nilanjan Roy
 
PPTX
Microsoft Graph API Delegated Permissions
Stefan Weber
 
PPTX
OAuth 2
ChrisWood262
 
PDF
Intro to API Security with Oauth 2.0
Functional Imperative
 
PPTX
Claims Based Identity In Share Point 2010
Steve Sofian
 
PPTX
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
SPUnite17 Who Are You and What Do You Want
NCCOMMS
 
SPS Houston - Who Are You and What Do You Want? Working With OAuth in SharePo...
Eric Shupps
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
Creating cloud ready enterprise applications with the sharepoint 2013 app model
InnoTech
 
SharePoint and Office Development Workshop
Eric Shupps
 
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
Spsbe15 high-trust apps for on-premises development
BIWUG
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
Edin Kapic
 
Webinar - Migrating Legacy On Premise Solutions to SharePoint Online and Wind...
Eric Shupps
 
High-Trust Add-Ins SharePoint for On-Premises Development
Edin Kapic
 
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
e-SUAP - Security - Windows azure access control list (english version)
Sabino Labarile
 
Securing SharePoint Apps with OAuth
Kashif Imran
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Nilanjan Roy
 
Microsoft Graph API Delegated Permissions
Stefan Weber
 
OAuth 2
ChrisWood262
 
Intro to API Security with Oauth 2.0
Functional Imperative
 
Claims Based Identity In Share Point 2010
Steve Sofian
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
Ad

More from Eric Shupps (20)

PPTX
Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Eric Shupps
 
PPTX
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Eric Shupps
 
PDF
A Beginners Guide to Custom Connectors for Power Apps and Power Automate
Eric Shupps
 
PDF
App to AppExchange - A Journey from Idea to Market for Salesforce Developers
Eric Shupps
 
PPTX
Beginners Guide to Custom Connectors for Power Apps and Power Automate
Eric Shupps
 
PPTX
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
Eric Shupps
 
PPTX
OSH01 - Developing SharePoint Framework Solutions for the Enterprise
Eric Shupps
 
PPTX
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Eric Shupps
 
PPTX
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Eric Shupps
 
PPTX
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Eric Shupps
 
PPTX
SharePoint and Office 365 Development Workshop
Eric Shupps
 
PPTX
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
POTX
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
Eric Shupps
 
PPTX
Overcoming Gender Imbalance in the Technical Field
Eric Shupps
 
POTX
Mastering Modern Authentication and Authorization for SharePoint and Office A...
Eric Shupps
 
PPTX
Enterprise Content Management Solutions in SharePoint and Office 365
Eric Shupps
 
PPTX
Introduction to the Office Dev PnP Core Libraries
Eric Shupps
 
PPTX
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
Eric Shupps
 
PPTX
SharePoint and Office 365 Performance Best Practices
Eric Shupps
 
PPTX
Introduction to Azure Web Applications for Office and SharePoint Developers
Eric Shupps
 
Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Eric Shupps
 
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Eric Shupps
 
A Beginners Guide to Custom Connectors for Power Apps and Power Automate
Eric Shupps
 
App to AppExchange - A Journey from Idea to Market for Salesforce Developers
Eric Shupps
 
Beginners Guide to Custom Connectors for Power Apps and Power Automate
Eric Shupps
 
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
Eric Shupps
 
OSH01 - Developing SharePoint Framework Solutions for the Enterprise
Eric Shupps
 
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Eric Shupps
 
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Eric Shupps
 
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Eric Shupps
 
SharePoint and Office 365 Development Workshop
Eric Shupps
 
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
Eric Shupps
 
Overcoming Gender Imbalance in the Technical Field
Eric Shupps
 
Mastering Modern Authentication and Authorization for SharePoint and Office A...
Eric Shupps
 
Enterprise Content Management Solutions in SharePoint and Office 365
Eric Shupps
 
Introduction to the Office Dev PnP Core Libraries
Eric Shupps
 
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
Eric Shupps
 
SharePoint and Office 365 Performance Best Practices
Eric Shupps
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Eric Shupps
 
Ad

Recently uploaded (20)

PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Python basic programing language for automation
DanialHabibi2
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
July Patch Tuesday
Ivanti
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 

Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.

  • 1. Who Are You and What Do You Want? Working with OAuth in SharePoint 2013
  • 7. User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3
  • 8. User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Access Token App validates access token Access token validated User granted access 1 2
  • 11. Manages identity information for principals (STS)Identity Provider Handles requests for trusted identity claimsSecurity Token Service Identity provider associated with a web applicationIdentity Token Issuer Trusted resource (farm, server, etc.)Security Token Issuer Resource information and signing certificate (JSON)Metadata Endpoint Used to request permission to protected resourceRequest Token Used by App to access resource on behalf of userAccess Token Operation scope for authorizationRealm Cloud-based security token service (IP-STS)Azure ACS
  • 14. Farms
  • 15. COLLABORATE My Sites Content Distributed Roles Enterprise Features Managed Metadata Search Shared Service Applications Request Management
  • 16. Consumer Export Root & STS Certificates Copy Certificates Import root certificate(s) and create trusted root authority Provider Export Root Certificate Copy Certificates Import STS Certificate Create Trusted Service Token Issuer Import root certificate(s) and create trusted root authority
  • 17. Consumer Provider Create Trusted Root Authority Set Authentication Realm Create Trusted Security Token Issuer Create App Principals Create Trusted Root Authority Create Trusted Security Token Issuer
  • 21. Certificates Metadata Create security token issuer Assign app principal permissions Install client components Export/Import certificates Create root authorities Execute configuration scripts Execute configuration scripts
  • 23. Apps
  • 24. App establishes context SP validates S2S trust App requests access token from SP Browser POSTS parameters to App SP returns parameters User browses to App
  • 25. User Permissions App behaves in context of user Consistent across all requests Specific access rights and scope requested by app App Only Permissions Granted on app installation
  • 26. Establish client context Get access token with S2S Get claims from Windows identity Get request parameters
  • 28. CLOUD
  • 29. App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app
  • 30. Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP
  • 32. Description Link OAuth Working Group http://oauth.net/ OAuth Resource Guide http://bit.ly/14CWPNb Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3 Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv Creating High-Trust apps with S2S http://bit.ly/18RL8uL