SlideShare une entreprise Scribd logo

Deep Dive into Office 365 API for Azure AD

Paul Schaeflein
Paul Schaeflein

Presentation from SharePoint Saturday Atlanta 2015

Technologie
1  sur  69
SPS ATL May 30, 2015 DEEP DIVE INTO OFFICE 365 APIS FOR AZURE ACTIVE DIRECTORY
2 SharePoint Saturday Atlanta2 |SharePoint Saturday Atlanta
3 SharePoint Saturday Atlanta3 |SharePoint Saturday Atlanta
4 SharePoint Saturday Atlanta4 |SharePoint Saturday Atlanta
ABOUT ME Solutions Architect Trainer Hockey fan http://www.schaeflein.net/blog
AGENDA  Azure Active Directory User Authentication Flow  OAuth Primer Application Authentication Flow  Development Scenarios Provider-hosted / SharePoint context O365 OAuth / Discovery / Tokens
AZURE ACTIVE DIRECTORY  Identity and Access Management for the cloud  Can create new directories or manage existing ones in Azure subscription  Used by Office 365 for authentication  Used by Azure for user authentication and application authorization
ORGANIZATIONAL ACCOUNTS  Term for User Accounts in AAD  Required to Access Microsoft Cloud Services  Tenant-Based
LINK OFFICE 365 AND AZURE  Log into Microsoft Azure subscription as administrator  Click on the Active Directory link.  Click New>Active Directory>Directory>Custom Create  Select to Add an Existing Directory  Follow the steps to add an existing directory
USER AUTHENTICATION
USER AUTHENTICATION  Users authenticate to Office 365 using Organizational Account  Users added to directory via O365, Azure Portal, Synchronization
USER AUTHENTICATION
USER AUTHENTICATION Userattemptsto access SharePointonline resource
USER AUTHENTICATION Redirectedto login.microsoftonline.com
USER AUTHENTICATION Loginwith OrganizationalAccount
USER AUTHENTICATION IssueSAMLtoken
USER AUTHENTICATION Presenttoken
USER AUTHENTICATION ReturnFedAuthcookie
USER AUTHENTICATION Subsequentrequests UtilizeFedAuthcookie
OAUTH PRIMER
WHAT IS OAUTH 2.0?  Simple mechanism to grant a third party access to a user’s resources without sharing the user’s password.  Cross platform app authorization  Internet Standard supported by Azure, Facebook, Google, Twitter, and more
OAUTH 2.0 ACTORS  Client: application requesting access to a user’s resources  Resource Owner: the user who can grant rights to the application  Resource Server: the server hosting the protected resources and exposing a web-based API  Authorization Server – server issuing tokens
OAUTH 2.0 ACTORS IN OFFICE 365  Client: SharePoint app, Azure web application, Windows 8 app  Resource Owner: individual or administrator with an Organizational Account in Azure Active Directory  Resource Server: SharePoint, Exchange  Authorization Server: Azure Access Control Services
OAUTH 2.0 TOKENS  Context Token  Information about the Resource Owner & Client  Used to get an Access Token later.  Access Token  A token passed to the Resource Server authorizing the Client to access resources.
OAUTH 2.0 TOKENS  Refresh Token  A token used to get an Access Token from the Authorization Server.  Authorization Code  A code that can be used to register an app on-the-fly
BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) An Access Token can be used by any application that possesses it Always use SSL – OAuth design depends on it! Never expose tokens in JavaScript or allow them to be accessed by client-side debugging tools
BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) If an Access Token is compromised, damage is limited by expiration If a Refresh Token is compromised, damage is limited because the Client ID and Client Secret are required to get an Access Token from a Refresh Token.
DEVELOPMENT SCENARIOS Provider-Hosted Apps What we’ve used in SharePoint Online all along Uses SharePoint-specific tokens Office 365-based Apps Uses service-wide capable tokens
PROVIDER-HOSTED APP Demo
APP PRINCIPALS  Apps are registered with SharePoint Online Client ID / Secret App Host Domain Redirect URL  SharePoint provides registration management pages AppRegNew.aspx AppInv.aspx AppPrincipals.aspx
REGISTER AN APP Generated value Generated value Free text value Azure domain (e.g., myapp.azurewebsites.net) Webaddress (e.g., https://myapp.azurewebsites.net)
PROVIDER-HOSTED APP FLOW  User has Organizational Account  App registered with SharePoint Online  App deployed to SharePoint Online  Remote Web deployed  Client ID and Client Secret defined in AAD
OAUTH 2.0 FLOW PROVIDER-HOSTED APP End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP Userlaunchesapp End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP RequestContexttoken foruser End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned anduserredirectedto app End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP AppextractsRefreshToken fromContextTokenEnd User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP ApprequestsAccessToken usingrefreshToken End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenreturned End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenpresented Alongwith request End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP Responsereturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
SHAREPOINTACSCONTEXT CLASS  Inherits SharePointContext  Provides specific properties and methods for dealing with context and access tokens CSOM REST CreateAppOnlyClientContextForSPApp Web CreateAppOnlyClientContextForSPHos t CreateUserClientContextForSPAppWe b CreateUserClientContextForSPHost AppOnlyAccessTokenForSPAp pWeb AppOnlyAccessTokenForSPHo st UserAccessTokenForSPAppW eb UserAccessTokenForSPHost
MAKING REST CALLS WITH OAUTH
MAKING CSOM CALLS WITH OAUTH
PROVIDER-HOSTED APPS
OFFICE 365 APIS
OFFICE 365 APIS FLOW  User has Organizational Account  Application deployed  Application does not require explicit permission grant
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Useraccesses Webapplication
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Redirectedto AAD
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Consentdialog displayed
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Grantaccessusing ConsentDialog
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode returnedand userredirected
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode, AppId,AppSecret sent
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessandRefresh Tokensreturned
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessTokenpresented Alongwith request
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Responsereturned
OFFICE 365 DISCOVERY SERVICE  Automatically determine URL of Office 365 services  Supports device app and website flows  Secured using Azure AD authentication  Serves information stored about services in AAD
OFFICE 365 CLIENTS  AadGraphClient – Azure Active Directory  ExchangeClient – Calendar, Contacts, Mail  SharePointClient - Files
OFFICE 365 CLIENTS
OFFICE 365 APIS
OFFICE 365 UNIFIED API  Announced at //build/ http://dev.office.com/unifiedAPIs
OFFICE 365 UNIFIED API
OAUTH CONTROLLER
OAUTH CONTROLLER CLASS  Embodies all OAuth operations  Allows code customizations for special situations  Available on GitHub https://github.com/AzureADSamples/WebApp-WebAPI-OAuth2-UserIdentity-DotNet/ blob/master/WebApp/Controllers/OAuthController.cs
OAUTH CONTROLLER FLOW  User has Organizational Account  App deployed as an Azure Web Site  App registered with Azure Active Directory  Client ID and Client Secret defined in AAD  Permissions granted specifically in AAD
PROGRAMMING THE OAUTH CONTROLLER
RESOURCES  http://dev.office.com  Azure AD Code Samples https://msdn.microsoft.com/en-us/library/azure/dn646737.aspx

Recommandé

SharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next LevelSharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next LevelPaul Schaeflein
 
AnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync AdaptersAnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync AdaptersKiana Tennyson
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app modelBIWUG
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakNikhil Kathole
 
Developing an intranet on office 365
Developing an intranet on office 365Developing an intranet on office 365
Developing an intranet on office 365Eric Shupps
 
How To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native AppHow To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native AppAndolasoft Inc
 

Recommandé

SharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next LevelSharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next LevelPaul Schaeflein
 
AnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync AdaptersAnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync AdaptersKiana Tennyson
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app modelBIWUG
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakNikhil Kathole
 
Developing an intranet on office 365
Developing an intranet on office 365Developing an intranet on office 365
Developing an intranet on office 365Eric Shupps
 
How To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native AppHow To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native AppAndolasoft Inc
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0Oracle Corporation
 
Sync on Android
Sync on AndroidSync on Android
Sync on Androidchalup
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
başlık
başlıkbaşlık
başlıkbrmiz.com
 
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Eric Shupps
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primerManish Pandit
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksAndré Vala
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2Aaron Parecki
 
Mojemoje
MojemojeMojemoje
MojemojeMartin Vokoun
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
 
Office 365 Groups Deep Dive
Office 365 Groups Deep DiveOffice 365 Groups Deep Dive
Office 365 Groups Deep DiveAndré Vala
 
Introducing Cardio
Introducing CardioIntroducing Cardio
Introducing CardioYusuke Kita
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesGaston Cruz
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft 365 Developer
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Microsoft 365 Developer
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overviewanikristo
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksAndré Vala
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMAruba, a Hewlett Packard Enterprise company
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 

Contenu connexe

Tendances

Sync on Android
Sync on AndroidSync on Android
Sync on Androidchalup
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Eric Shupps
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksAndré Vala
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
 
Office 365 Groups Deep Dive
Office 365 Groups Deep DiveOffice 365 Groups Deep Dive
Office 365 Groups Deep DiveAndré Vala
 
Introducing Cardio
Introducing CardioIntroducing Cardio
Introducing CardioYusuke Kita
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesGaston Cruz
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft 365 Developer
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Microsoft 365 Developer
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overviewanikristo
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksAndré Vala
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 

Tendances (20)

Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Sync on Android
Sync on AndroidSync on Android
Sync on Android
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
 
başlık
başlıkbaşlık
başlık
 
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
 
Mojemoje
MojemojeMojemoje
Mojemoje
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
 
Office 365 Groups Deep Dive
Office 365 Groups Deep DiveOffice 365 Groups Deep Dive
Office 365 Groups Deep Dive
 
Introducing Cardio
Introducing CardioIntroducing Cardio
Introducing Cardio
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos Tabulares
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 

Similaire à Deep Dive into Office 365 API for Azure AD

Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015Stuart
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdfTomasz Kopacz
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Microsoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event SubscriptionsMicrosoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event SubscriptionsStefan Weber
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 

Similaire à Deep Dive into Office 365 API for Azure AD (20)

EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)
 
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Provider hosted apps - acs
Provider hosted apps - acsProvider hosted apps - acs
Provider hosted apps - acs
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Microsoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event SubscriptionsMicrosoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event Subscriptions
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
O auth2.0 20141003
O auth2.0 20141003O auth2.0 20141003
O auth2.0 20141003
 

Dernier

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Dernier (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Deep Dive into Office 365 API for Azure AD

  • 1. SPS ATL May 30, 2015 DEEP DIVE INTO OFFICE 365 APIS FOR AZURE ACTIVE DIRECTORY
  • 2. 2 SharePoint Saturday Atlanta2 |SharePoint Saturday Atlanta
  • 3. 3 SharePoint Saturday Atlanta3 |SharePoint Saturday Atlanta
  • 4. 4 SharePoint Saturday Atlanta4 |SharePoint Saturday Atlanta
  • 5. ABOUT ME Solutions Architect Trainer Hockey fan http://www.schaeflein.net/blog
  • 6. AGENDA  Azure Active Directory User Authentication Flow  OAuth Primer Application Authentication Flow  Development Scenarios Provider-hosted / SharePoint context O365 OAuth / Discovery / Tokens
  • 7. AZURE ACTIVE DIRECTORY  Identity and Access Management for the cloud  Can create new directories or manage existing ones in Azure subscription  Used by Office 365 for authentication  Used by Azure for user authentication and application authorization
  • 8. ORGANIZATIONAL ACCOUNTS  Term for User Accounts in AAD  Required to Access Microsoft Cloud Services  Tenant-Based
  • 9. LINK OFFICE 365 AND AZURE  Log into Microsoft Azure subscription as administrator  Click on the Active Directory link.  Click New>Active Directory>Directory>Custom Create  Select to Add an Existing Directory  Follow the steps to add an existing directory
  • 11. USER AUTHENTICATION  Users authenticate to Office 365 using Organizational Account  Users added to directory via O365, Azure Portal, Synchronization
  • 21. WHAT IS OAUTH 2.0?  Simple mechanism to grant a third party access to a user’s resources without sharing the user’s password.  Cross platform app authorization  Internet Standard supported by Azure, Facebook, Google, Twitter, and more
  • 22. OAUTH 2.0 ACTORS  Client: application requesting access to a user’s resources  Resource Owner: the user who can grant rights to the application  Resource Server: the server hosting the protected resources and exposing a web-based API  Authorization Server – server issuing tokens
  • 23. OAUTH 2.0 ACTORS IN OFFICE 365  Client: SharePoint app, Azure web application, Windows 8 app  Resource Owner: individual or administrator with an Organizational Account in Azure Active Directory  Resource Server: SharePoint, Exchange  Authorization Server: Azure Access Control Services
  • 24. OAUTH 2.0 TOKENS  Context Token  Information about the Resource Owner & Client  Used to get an Access Token later.  Access Token  A token passed to the Resource Server authorizing the Client to access resources.
  • 25. OAUTH 2.0 TOKENS  Refresh Token  A token used to get an Access Token from the Authorization Server.  Authorization Code  A code that can be used to register an app on-the-fly
  • 26. BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) An Access Token can be used by any application that possesses it Always use SSL – OAuth design depends on it! Never expose tokens in JavaScript or allow them to be accessed by client-side debugging tools
  • 27. BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) If an Access Token is compromised, damage is limited by expiration If a Refresh Token is compromised, damage is limited because the Client ID and Client Secret are required to get an Access Token from a Refresh Token.
  • 28. DEVELOPMENT SCENARIOS Provider-Hosted Apps What we’ve used in SharePoint Online all along Uses SharePoint-specific tokens Office 365-based Apps Uses service-wide capable tokens
  • 30. APP PRINCIPALS  Apps are registered with SharePoint Online Client ID / Secret App Host Domain Redirect URL  SharePoint provides registration management pages AppRegNew.aspx AppInv.aspx AppPrincipals.aspx
  • 31. REGISTER AN APP Generated value Generated value Free text value Azure domain (e.g., myapp.azurewebsites.net) Webaddress (e.g., https://myapp.azurewebsites.net)
  • 32. PROVIDER-HOSTED APP FLOW  User has Organizational Account  App registered with SharePoint Online  App deployed to SharePoint Online  Remote Web deployed  Client ID and Client Secret defined in AAD
  • 33. OAUTH 2.0 FLOW PROVIDER-HOSTED APP End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 34. OAUTH 2.0 FLOW PROVIDER-HOSTED APP Userlaunchesapp End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
  • 35. OAUTH 2.0 FLOW PROVIDER-HOSTED APP RequestContexttoken foruser End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 36. OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 37. OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned anduserredirectedto app End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 38. OAUTH 2.0 FLOW PROVIDER-HOSTED APP AppextractsRefreshToken fromContextTokenEnd User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 39. OAUTH 2.0 FLOW PROVIDER-HOSTED APP ApprequestsAccessToken usingrefreshToken End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 40. OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenreturned End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
  • 41. OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenpresented Alongwith request End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 42. OAUTH 2.0 FLOW PROVIDER-HOSTED APP Responsereturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 43. SHAREPOINTACSCONTEXT CLASS  Inherits SharePointContext  Provides specific properties and methods for dealing with context and access tokens CSOM REST CreateAppOnlyClientContextForSPApp Web CreateAppOnlyClientContextForSPHos t CreateUserClientContextForSPAppWe b CreateUserClientContextForSPHost AppOnlyAccessTokenForSPAp pWeb AppOnlyAccessTokenForSPHo st UserAccessTokenForSPAppW eb UserAccessTokenForSPHost
  • 44. MAKING REST CALLS WITH OAUTH
  • 45. MAKING CSOM CALLS WITH OAUTH
  • 48. OFFICE 365 APIS FLOW  User has Organizational Account  Application deployed  Application does not require explicit permission grant
  • 49. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 50. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Useraccesses Webapplication
  • 51. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Redirectedto AAD
  • 52. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Consentdialog displayed
  • 53. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Grantaccessusing ConsentDialog
  • 54. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode returnedand userredirected
  • 55. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode, AppId,AppSecret sent
  • 56. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessandRefresh Tokensreturned
  • 57. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessTokenpresented Alongwith request
  • 58. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Responsereturned
  • 59. OFFICE 365 DISCOVERY SERVICE  Automatically determine URL of Office 365 services  Supports device app and website flows  Secured using Azure AD authentication  Serves information stored about services in AAD
  • 60. OFFICE 365 CLIENTS  AadGraphClient – Azure Active Directory  ExchangeClient – Calendar, Contacts, Mail  SharePointClient - Files
  • 63. OFFICE 365 UNIFIED API  Announced at //build/ http://dev.office.com/unifiedAPIs
  • 66. OAUTH CONTROLLER CLASS  Embodies all OAuth operations  Allows code customizations for special situations  Available on GitHub https://github.com/AzureADSamples/WebApp-WebAPI-OAuth2-UserIdentity-DotNet/ blob/master/WebApp/Controllers/OAuthController.cs
  • 67. OAUTH CONTROLLER FLOW  User has Organizational Account  App deployed as an Azure Web Site  App registered with Azure Active Directory  Client ID and Client Secret defined in AAD  Permissions granted specifically in AAD
  • 68. PROGRAMMING THE OAUTH CONTROLLER
  • 69. RESOURCES  http://dev.office.com  Azure AD Code Samples https://msdn.microsoft.com/en-us/library/azure/dn646737.aspx

Notes de l'éditeur

  1. The Oauth controller needs you to provide a redirect URL and it will give back the authorization URL