TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
-
Upload
eric-shupps -
Category
Technology
-
view
340 -
download
1
description
Transcript of TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
CKS:DEV
The
SharePoint
Cowboy
Patterns
&
Practices
Eric Shupps
www.sharepointcowboy.com [email protected] facebook.com/sharepointcowboy @eshupps
CKS:DEV
The
SharePoint
Cowboy
Patterns
&
Practices
www.sharepointcowboy.com [email protected] slideshare.net/eshupps
authorization
Resource
Owner
Grants access to
a protected
resource
Resource
Server
Hosts the
protected
resource and
accepts access
requests
Client
Application
making
protected
resource
requests on
behalf of the
resource owner
Authorization
Server
Issues access
tokens
Client
Resource
Owner
Authorization
Server
Resource
Server
Authorization Request
Authorization Grant
Authorization Grant
Access Token
Access Token
Protected Resource
User requests access App requests Request Token
Provider returns Request Token
App builds auth link w/ Request Token
User requests URL + Request Token
Provider returns access token
User requests URL + Access Token
App validates access token
Access token validated
User granted access
1
2
3
User requests access App requests Access Token
Provider returns Access Token
App builds auth link w/ Access Token
User requests URL + Access Token
App validates access token
Access token validated
User granted access
1
2
Manages identity information for principals (STS) Identity Provider
Handles requests for trusted identity claimsSecurity Token Service
Identity provider associated with a web applicationIdentity Token Issuer
Trusted resource (farm, server, etc.)Security Token Issuer
Resource information and signing certificate (JSON)Metadata Endpoint
Used to request permission to protected resourceRequest Token
Used by App to access resource on behalf of userAccess Token
Operation scope for authorizationRealm
Cloud-based security token service (IP-STS)Azure ACS
App establishes context
SP validates S2S trust
App requests access token from SP
Browser POSTS parameters to App
SP returns parameters
User browses to App
On
Pre
mis
e
App establishes context
ACS provides access token
App requests access token from ACS
Browser POSTS request token to app
SP sends request tokens to browser
SP gets request token from ACS
User browses to app
On
line
On
Pre
mis
eO
nlin
e
Establish client context
Get access token with S2S
Get claims from Windows identity
Get request parameters
Get client context from SP with access token
Get access token
Read and validate context token
Parse out Context Token
Get POST parameters from SP
Client ID App URL
Tenant ID
Tenant IDAzure ACS
StartEnd
SharePoint
Tenant ID
User ID + Issuer + App + Realm
IP-STS URL
Browser or Event Receiver
Token sent to IP-STS (Azure ACS)
{
"typ":"JWT"
"alg":"RS256"
"x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000
/binarywaveinc.sharepoint.com@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
"iss":"00000001-0000-0000-c000-000000000000@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
"nbf":1400013357
"exp":1400056557
"nameid":"1003000086ad02d6"
"actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
"identityprovider":"urn:federation:microsoftonline“
}
SharePoint
Host Web Tenant ID
Start
Azure ACS Tenant ID
End
Tenant ID
UPN
STS ID
Description Link
OAuth Working Group http://oauth.net/
OAuth Resource Guide http://bit.ly/14CWPNb
Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh
Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3
Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl
What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv
Creating High-Trust apps with S2S http://bit.ly/18RL8uL
Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1Bo
Explore
Give Feedback
Get Answers
Play
Follow
Patterns and practices
30+ Visual Studio projectsCommon scenarios
Contribute
OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NET
DEV-B230 Most Commonly Asked for On-Premises Customizations Reimagined as Applications for SharePoint
DEV-B319 Get Started Developing Applications for Microsoft Office and SharePoint Server 2013
DEV-B231 Office Power Hour: New Developer APIs and Features for Applications for Office
DEV-B227 Anyone Can Build a SharePoint Application with Microsoft Access
OFC-B274 Implementing Microsoft SharePoint 2013 Hybrid for Search, Business Connectivity Services, Microsoft OneDrive for Business and Yammer
DEV-B232 Creating Cloud Hosted Line-of-Business Applications with Apps for Office, Microsoft Office 365, Microsoft Azure, and Windows Phone 8
OFC-B311 A Practical Use of External Data Sources
DEV-B357 Developing Office 365 Cloud Business Applications
DEV-B387 Deep Dive into Mail Compose Applications APIs
DEV-B386 Setting Up Your On-Premises Environment for App Development
DEV-B228 Build Connected Productivity Apps for SharePoint and Office
DEV-B390 SharePoint Power Hour: New Developer APIs and Features for Apps for SharePoint
DEV-B389 Who Are You and What Do You Want? Working with OAuth in Microsoft SharePoint 2013
EXM04 Exam Prep: 70-331 and 70-332
www.microsoft.com/learning
http://microsoft.com/msdn http://microsoft.com/technet
http://channel9.msdn.com/Events/TechEd