Who Are You and What Do You Want? Working with OAuth in SharePoint 2013
CKS:DEV
TheSharePointCowboy
Patterns&
Practices
Eric Shupps
www.sharepointcowboy.com [email protected] facebook.com/sharepointcowboy @eshupps
Introduction
Farms
On PremiseApps
OAuth+
SharePoint
Servers
CloudApps
Agenda
INTRODUCTION
authorization
User requests access App requests Request Token
Provider returns Request Token
App builds auth link w/ Request Token
User requests URL + Request Token
Provider returns access token
User requests URL + Access Token
App validates access token
Access token validated
User granted access
1
2
3
User requests access App requests Request Token
Provider returns Request Token
App builds auth link w/ Request Token
User requests URL + Access Token
App validates access token
Access token validated
User granted access
1
2
OAuth in SharePoint 2013
Manages identity information for principals (STS) Identity ProviderHandles requests for trusted identity claimsSecurity Token ServiceIdentity provider associated with a web applicationIdentity Token IssuerTrusted resource (farm, server, etc.)Security Token IssuerResource information and signing certificate (JSON)Metadata EndpointUsed to request permission to protected resourceRequest TokenUsed by App to access resource on behalf of userAccess TokenOperation scope for authorizationRealmCloud-based security token service (IP-STS)Azure ACS
Farms
COLLABORATEMy Sites
Content
Distributed Roles
Enterprise Features
Managed Metadata
Search
Shared Service Applications
Request Management
ConsumerExport Root & STS Certificates
Copy Certificates
Import root certificate(s) and create trusted root authority
Provider
Export Root Certificate
Copy Certificates
Import STS Certificate
Create Trusted Service Token Issuer
Import root certificate(s) and create trusted root authority
Consumer Provider
Create Trusted Root Authority
Set Authentication Realm
Create Trusted Security Token Issuer
Create App Principals
Create Trusted Root Authority
Create Trusted Security Token Issuer
Servers
Other
Lync
Office Web Applications
Workflow
Servers
Exchange
Certificates MetadataCreate security token issuer
Assign app principal permissions
Install client components
Export/Import certificates
Create root authorities
Execute configuration scripts
Execute configuration scripts
Apps
App establishes context
SP validates S2S trust
App requests access token from SP
Browser POSTS parameters to App
SP returns parameters
User browses to App
User PermissionsApp behaves in context of user
Consistent across all requests
Specific access rights and scope requested by app
App Only Permissions
Granted on app installation
Establish client context
Get access token with S2S
Get claims from Windows identity
Get request parameters
CLOUD
App establishes context
ACS provides access token
App requests access token from ACS
Browser POSTS request token to app
SP sends request tokens to browser
SP gets request token from ACS
User browses to app
Get client context from SP with access token
Get access token
Read and validate context token
Parse out Context Token
Get POST parameters from SP
Description LinkOAuth Working Group http://oauth.net/
OAuth Resource Guide http://bit.ly/14CWPNb
Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh
Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3
Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl
What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv
Creating High-Trust apps with S2S http://bit.ly/18RL8uL
Top Related