SUMMARY

OAuth in SharePoint 2013 offers many new opportunities for integrating with both SharePoint Online and SharePoint on premises. The introduction of an application identity gives developers and administrators alike new opportunities for authenticating and authorizing access to content and information in SharePoint. By building on the already-large ground swell of developer support for OAuth in the community, SharePoint can offer access to its APIs in a standards-based and well-understood manner, thus reducing the complexity and proprietary nature of the process. The authorization system built into SharePoint 2013 offers developers flexibility and control over asking for access to resources while at the same time balancing that with the security needs and controls needed by users and IT professionals running SharePoint environments.

The OAuth system is part of the new framework for building applications; however, the effects of offering standardized, remotely callable APIs is also further reaching, enabling developers a wider range of integration options dependent on their environment and scenarios.

EXERCISES

Answers to Exercises for this chapter can be found in Appendix A.

1. How can you create new application identity registrations in SharePoint 2013 and what are the uses of the client ID and client secret?

2. Describe the three main token types that comprise the OAuth flow.

3. How can the application principal be used to elevate permissions for a calling user? ...

Get Beginning SharePoint 2013 Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Beginning SharePoint 2013 Development by

SUMMARY

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly