Introduction to OAuth in SharePoint 2013
-
Upload
eric-shupps -
Category
Documents
-
view
224 -
download
0
Transcript of Introduction to OAuth in SharePoint 2013
-
7/22/2019 Introduction to OAuth in SharePoint 2013
1/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
2/42
Sponsored by:
Visit us on the web at www.binarywave.com
Real-time application monitoring, event
management, and operational health
metrics for Microsoft SharePoint
Reduce troubleshooting time by up to 30%
Increase efficiency and improve user satisfactionAvoid downtime and costly outages
Meet or exceed service level agreements
Maximize investment in current infrastructure
-
7/22/2019 Introduction to OAuth in SharePoint 2013
3/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
4/42
CKS:DEV
TheSharePointCowboy
Patterns
&Practices
Eric Shupps
www.sharepointcowboy.com [email protected] facebook.com/sharepointcow
CKS:DEV
TheSharePointCowboy
Patterns
&Practices
www.sharepointcowboy.com [email protected] slideshare.net/eshu
-
7/22/2019 Introduction to OAuth in SharePoint 2013
5/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
6/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
7/42
authorization
-
7/22/2019 Introduction to OAuth in SharePoint 2013
8/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
9/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
10/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
11/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
12/42
ResourceOwnerGrants access to
a protected
resource
ResourceServerHosts theprotected
resource andaccepts access
requests
Client
Applicationmaking
protectedresource
requests onbehalf of the
resource owner
u
Iss
-
7/22/2019 Introduction to OAuth in SharePoint 2013
13/42
Client
R
u
R
Authorization Request
Authorization Grant
Authorization Grant
Access Token
Access Token
Protected Resource
-
7/22/2019 Introduction to OAuth in SharePoint 2013
14/42
User requests access App requestsRequest Token
Provider returnsRequest Token
App builds auth linkw/ Request Token
User requests URL +Request Token
Provider returnsaccess token
User requests URL +Access Token
App validates accesstoken
Access tokenvalidated
User grantedaccess
1
2
3
-
7/22/2019 Introduction to OAuth in SharePoint 2013
15/42
User requests access App requests AccessToken
Provider returnsAccess Token
App builds auth linkw/ Access Token
User requests URL +Access Token
App validates accesstoken
Access tokenvalidated
User grantedaccess
1
2
-
7/22/2019 Introduction to OAuth in SharePoint 2013
16/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
17/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
18/42
Manages identity information for principals (STS)Identity Provider
Handles requests for trusted identity claimsSecurity Token Service
Identity provider associated with a web applicationIdentity Token Issuer
Trusted resource (farm, server, etc.)Security Token Issuer
Resource information and signing certificate (JSON)Metadata Endpoint
Used to request permission to protected resourceRequest TokenUsed by App to access resource on behalf of userAccess Token
Operation scope for authorizationRealm
Cloud-based security token service (IP-STS)Azure ACS
-
7/22/2019 Introduction to OAuth in SharePoint 2013
19/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
20/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
21/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
22/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
23/42
App establishes context
SP validates S2S trust
App requests access token from SP
Browser POSTS parameters to App
SP returns parameters
User browses to App
On
Premise
App establishes context
ACS provides access token
App requests access token from AC
Browser POSTS request token to ap
SP sends request tokens to browse
SP gets request token from ACS
User browses to app
-
7/22/2019 Introduction to OAuth in SharePoint 2013
24/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
25/42
On
Premise
Establish client context
Get access token with S2S
Get claims from Windows identity
Get request parameters
Get client context from SP with access to
Get access token
Read and validate context token
Parse out Context Token
Get POST parameters from SP
-
7/22/2019 Introduction to OAuth in SharePoint 2013
26/42
Client ID App URLTenant ID
Tenant IDAzure ACSStartEnd
SharePointTenant ID
User ID + Issuer + App + RealmIP-STS URL
Browser or Event Receiver
Token sent to IP-STS (Azure ACS)
-
7/22/2019 Introduction to OAuth in SharePoint 2013
27/42
{
"typ":"JWT"
"alg":"RS256"
"x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000
/binarywaveinc.sharepoint.com@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
"iss":"00000001-0000-0000-c000-000000000000@2ae1caa2-a173-4989-b8f5-9da45655b8f
"nbf":1400013357
"exp":1400056557"nameid":"1003000086ad02d6"
"actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@2ae1caa2-a173-4989-b8f5-9da45655b
"identityprovider":"urn:federation:microsoftonline
}
SharePoint
Host Web Tenant ID
Start
Azure ACS Tenant ID
End
Tenant ID
UPN
STS ID
-
7/22/2019 Introduction to OAuth in SharePoint 2013
28/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
29/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
30/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
31/42
Description Link
OAuth Working Group http://oauth.net/
OAuth Resource Guide http://bit.ly/14CWP
Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8W
Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e
Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAg
Whats new in authentication for SharePoint 2013 http://bit.ly/1e6Ka
Creating High-Trust apps with S2S http://bit.ly/18RL8
Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1B
-
7/22/2019 Introduction to OAuth in SharePoint 2013
32/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
33/42
Explore
Give FeedbackGet Answers
Play
Follow
-
7/22/2019 Introduction to OAuth in SharePoint 2013
34/42
Patterns and pra
30+ Visual StudiCommon scenarios
Contribute
-
7/22/2019 Introduction to OAuth in SharePoint 2013
35/42
OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NETDEV-B230 Most Commonly Asked for On-Premises Customizations ReimApplications for SharePointDEV-B319 Get Started Developing Applications for Microsoft Office andSharePoint Server 2013DEV-B231 Office Power Hour: New Developer APIs and Features forApplications for OfficeDEV-B227 Anyone Can Build a SharePoint Application with Microsoft AcceOFC-B274 Implementing Microsoft SharePoint 2013 Hybrid for Search BuConnectivity Services Microsoft OneDrive for Business and Yammer
-
7/22/2019 Introduction to OAuth in SharePoint 2013
36/42
DEV-B232 Creating Cloud Hosted Line-of-Business Applications with AppsMicrosoft Office 365 Microsoft Azure and Windows Phone 8OFC-B311 A Practical Use of External Data SourcesDEV-B357 Developing Office 365 Cloud Business ApplicationsDEV-B387 Deep Dive into Mail Compose Applications APIsDEV-B386 Setting Up Your On-Premises Environment for App DevelopmeDEV-B228 Build Connected Productivity Apps for SharePoint and OfficeDEV-B390 SharePoint Power Hour: New Developer APIs and Features for SharePointDEV-B389 Who Are You and What Do You Want? Working with OAuth inSharePoint 2013
-
7/22/2019 Introduction to OAuth in SharePoint 2013
37/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
38/42
EXM04 Exam Prep: 70 331 and 70 332
-
7/22/2019 Introduction to OAuth in SharePoint 2013
39/42
www.microsoft.com/learning
http://microsoft.com/msdnhttp://microsoft.com/technet
http://channel9.msdn.com/Events/TechEd
http://www.microsoft.com/learninghttp://microsoft.com/msdnhttp://microsoft.com/technethttp://channel9.msdn.com/Events/TechEdhttp://channel9.msdn.com/Events/TechEdhttp://microsoft.com/technethttp://microsoft.com/msdnhttp://www.microsoft.com/learning -
7/22/2019 Introduction to OAuth in SharePoint 2013
40/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
41/42
-
7/22/2019 Introduction to OAuth in SharePoint 2013
42/42