OAuth comes into picture when we want to authenticate and authorize SharePoint 2013 Apps.
It is not the protocol for authenticating users to access SharePoint.
it is the internet protocol for creating and managing app identity.
cross-platform mechanism for authentication and authorizing apps which is also one emerging internet standard.
OAuth gives the power and flexibility of having app identity in addition to the user identity.
Few points of OAuth are:
OAuth allows users to authorize SharePoint to provide access tokens to 3rd party apps. These 3rd party apps will then use the tokens to retrieve data from the SharePoint server for that user.
The user has granted the app access to their data without giving away their username and password
The 3rd party app does not need to store the user’s username and password
The user allows the app to act on its behalf when accessing its data
Some Important concepts of OAuth are:
Each step how OAuth works:
Step 1 –> The user accesses the SharePoint 2013 portal and SharePoint 2013 authenticates the user using Claims Authentication
Step 2 –> SharePoint 2013 requests for the Context Token for the user, from Windows Azure ACS (Access Control Services)
Step 3 –> ACS returns Context Token
Step 4 –> SharePoint 2013 passes the Context Token to the user
Step 5 –> User accesses App using Context Token
Step 6 –> Client App pulls Refresh Token from the Context Token and requests ACS for oAuthToken
Step 7 –> ACS server returns OAuth token to the client app
Step 8 –> Client App makes CSOM/REST calls to SharePoint site by passing OAuth Token
Step 9 –> SharePoint 2013 returns site content to App based on the App Permission Manifests
Step 10 –> Client App returns the App Content to the user
Reference : One Two
It is not the protocol for authenticating users to access SharePoint.
it is the internet protocol for creating and managing app identity.
cross-platform mechanism for authentication and authorizing apps which is also one emerging internet standard.
OAuth gives the power and flexibility of having app identity in addition to the user identity.
Few points of OAuth are:
- App should be granted permissions independently of user permission
- App can request specific permission from the user during installation
- App can be granted more permission than the user (Elevation)
- App is constrained to what it can do during and after installation
OAuth allows users to authorize SharePoint to provide access tokens to 3rd party apps. These 3rd party apps will then use the tokens to retrieve data from the SharePoint server for that user.
The user has granted the app access to their data without giving away their username and password
The 3rd party app does not need to store the user’s username and password
The user allows the app to act on its behalf when accessing its data
Some Important concepts of OAuth are:
- Content Owner – User who grants permission to content in a site
- Client App – This is the remote App (running on a Cloud or Hosted environment) that needs permission to Site Content . In our case it is SharePoint 2013 App
- Content Server – The web server that serves the content to be accessed by App. In our case it is SharePoint 2013 Server (Cloud or On-Premise)
- Authentication Server – Trusted server that authenticates apps and creates oAuth tokens. In our case it is Azure ACS server or oAuth compatible authentication server
Each step how OAuth works:
Step 1 –> The user accesses the SharePoint 2013 portal and SharePoint 2013 authenticates the user using Claims Authentication
Step 2 –> SharePoint 2013 requests for the Context Token for the user, from Windows Azure ACS (Access Control Services)
Step 3 –> ACS returns Context Token
Step 4 –> SharePoint 2013 passes the Context Token to the user
Step 5 –> User accesses App using Context Token
Step 6 –> Client App pulls Refresh Token from the Context Token and requests ACS for oAuthToken
Step 7 –> ACS server returns OAuth token to the client app
Step 8 –> Client App makes CSOM/REST calls to SharePoint site by passing OAuth Token
Step 9 –> SharePoint 2013 returns site content to App based on the App Permission Manifests
Step 10 –> Client App returns the App Content to the user
Reference : One Two
No comments:
Post a Comment