OAUTH IN SHAREPOINT 2013

SharePoint apps use OAuth to authorize calls to SharePoint APIs. When an app calls an API in SharePoint to, for example, get some list data, SharePoint checks that the app identity is valid and has permissions to the resource; for example, a list. Additionally, the app may pass information about what the calling user identity is so that SharePoint can also check that the user has access to the resource. When discussing OAuth in the context of SharePoint, the following standard naming conventions are commonly used and therefore worth understanding:

• Content owner: The user who installs the app and grants the application access to particular resources.
• Client app: The SharePoint app that uses an API to access and make calls to the content server (SharePoint).
• Content server: The SharePoint environment that has the resources the client app wants to access.
• Authentication server: A service that both the client app and content server trust that creates the various tokens used in the OAuth process. In SharePoint the Authentication server is either Azure Access Control Services (ACS) in the case of Office 365 or a Security Token Service (STS) hosted with SharePoint in the case of SharePoint on premises.

When you’re building SharePoint apps, the three different app types fall into two distinct categories in regard to authentication and authorization:

• Internally authenticated apps: Includes SharePoint-hosted apps
• Externally authenticated apps: Includes Autohosted ...