The
The
SharePoint
SharePoint
Cowboy
Cowboy
Eric Shupps
CKS:DEV
CKS:DEV
Patterns
Patterns
&
&
Practices
Practices
www.sharepointcowboy.com
www.sharepointcowboy.com
eshupps@binarywave.com
eshupps@binarywave.com
facebook.com/sharepointcowboy
slideshare.net/eshupps
@eshupps
authorization
Resource
Owner
Resource
Server
Grants access to
a protected
resource
Hosts the
protected
resource and
accepts access
requests
Client
Application
making
protected
resource
requests on
behalf of the
resource owner
Authorization
Server
Issues access
tokens
Authorization Request
Authorization Grant
Resource
Owner
Authorization Grant
Client
Access Token
Authorization
Server
Access Token
Protected Resource
Resource
Server
App requests
Request Token
App builds auth link
w/ Request Token
Provider returns
Request Token
Access token
validated
Provider returns
Access Token
Access token
validated
Identity Provider
Security Token Service
Metadata Endpoint
Request Token
Access Token
Realm
Azure ACS
Online
On Premise
SP returns parameters
On Premise
Online
Tenant ID
Start
End
Tenant ID
Client ID
App URL
Azure ACS
SharePoint
User ID + Issuer + App + Realm
IP-STS URL
Token sent to IP-STS (Azure ACS)
Browser or Event Receiver
Tenant ID
{
"typ":"JWT"
"alg":"RS256"
"x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000
SharePoint
Host Web
Tenant ID
/binarywaveinc.sharepoint.com@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
"iss":"00000001-0000-0000-c000-000000000000@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
Azure ACS
Tenant ID
Start
"nbf":1400013357
"exp":1400056557
End
"nameid":"1003000086ad02d6"
UPN
"actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
Tenant ID
STS ID
"identityprovider":"urn:federation:microsoftonline
}
Description
Link
http://oauth.net/
http://bit.ly/14CWPNb
http://bit.ly/16f8WFh
http://bit.ly/12Yr7e3
http://bit.ly/1chAgFl
http://bit.ly/1e6KaYv
http://bit.ly/18RL8uL
http://bit.ly/1fvv1Bo
Explore
Play
Follow
Get Answers
Give Feedback
Contribute
DEV-B232 Creating Cloud Hosted Line-of-Business Applications with Apps for Office,
Microsoft Office 365, Microsoft Azure, and Windows Phone 8
OFC-B311 A Practical Use of External Data Sources
DEV-B357 Developing Office 365 Cloud Business Applications
http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn