o365 devcamp los angeles june 16, 2015 module 03 hook into apps for sharepoint
TRANSCRIPT
Module 3: Hook into Apps for SharePoint
Office DEVCamp – Los Angeles
Registration for Los Angeles June 16 2015http://aka.ms/O365campLA
Course Agenda
Office Camp
Module 1: Introduction to the Day
Module 2: Setting up the Environments
Module 3: Hooking into Apps for SharePoint
Module 4: Hooking into Office 365 APIs
Module 5: Hooking into Apps for Office
Module 6: Hooking into SharePoint APIs with Android
6
Architecture
Remote Web
Azure Data Market
Azure Web Sites
AppWeb1
HostWeb SharePoin
t Online
1App Web is optional
SQL Azure
7
Remote web always has full rights to app web
App permissions are the lesser of user and app permissions to the given resource
Provider-hosted app can utilize “app-only” permissions to “elevate” privileges.
App Permissions
8
Considers app permissions only, ignores user
Set AllowAppOnlyPolicy to true in AppManifest
Get an app-only token
App-Only Permissions
9
Web ProjectASP.NET Web FormsMVC 5
AuthorizationAzure Access Control ServicesServer-to-Server High Trust
ProgrammabilitySharePointContextProvider classManaged CSOM or RESTJavaScript Cross-Domain Library
Creating Provider-Hosted Apps
11
Simple mechanism to grant a third party access to a user’s resources without sharing the user’s password.
Cross platform app authorization
Internet Standard supported by Azure, Facebook, Google, Twitter, and more
What is OAuth 2.0?
12
Context TokenInformation about the Resources Owner and Client that can be used to get an Access Token later.
Refresh TokenA token used to get an Access Token from the Authorization Server.
Access TokenA token passed to the Resource Server authorizing the Client to access resources.
Authorization CodeA code that can be used to register an app on-the-fly.
OAuth 2.0 Tokens
13
Apps must be registered with SharePoint onlineClient ID – generated during the registration processClient Secret – generated during the registration processApp Host Domain – the domain of the Azure web site hosting the appRedirect URL – the URL of the return page after permissions are granted
SharePoint provides registration management pagesAppRegNew.aspx – for registering a new appAppInv.aspx – for updating registered appsAppPrincipals.aspx – lists all registered apps
App Principals
14
Registering a New App
Generated value
Generated value
Free text value
Azure domain (e.g., myapp.azurewebsites.net)Web address (e.g., https://myapp.azurewebsites.net)
15
User has Organizational Account
App registered with SharePoint Online
App deployed to SharePoint Online
Remote Web deployed as an Azure Website
Client ID and Client Secret defined in AAD
Provider-Hosted App Flow Scenario
16
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
17
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
User launches app
18
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
Request Context token for user
19
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
Context Token returned
20
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
Context Token returnedand user redirected to app
21
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
App extracts Refresh Token from Context Token
22
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
App requests Access Tokenusing refresh Token
23
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
Access Token returned
24
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
Access Token presentedAlong with request
25
OAuth 2.0 Flow Provider-Hosted App
End User(Resource Owner)
Azure ACS(Authorization Server)
Azure Web Site(Client)
SharePoint Online(Resource Server)
Response returned
26
Checks for valid Context TokenRedirects if it does not exist
Simplifies the management of contextProvides an ACS or STS contextContext exposes properties for key values like Host Web URL
Simplifies the management of tokensContext exposes methods to retrieve tokens
SharePointContextProvider Class
SharePointAcsContext Class• Inherits SharePointContext• Provides specific properties and methods for
dealing with context and access tokens• CSOM
CreateAppOnlyClientContextForSPAppWeb CreateAppOnlyClientContextForSPHost CreateUserClientContextForSPAppWeb CreateUserClientContextForSPHost
• REST AppOnlyAccessTokenForSPAppWeb AppOnlyAccessTokenForSPHost UserAccessTokenForSPAppWeb UserAccessTokenForSPHost
31
SharePointContextProvider GetSharePointContextReturns SharePointAcsContext in cloudReturns SharePointHighTrustContext on premises
PropertiesSPAppWebUrlSPClientTagSPHostUrlSPLanguageSPProductNumber
Managing SharePoint Context
32
CSOMCreateAppOnlyClientContextForSPAppWebCreateAppOnlyClientContextForSPHostCreateUserClientContextForSPAppWebCreateUserClientContextForSPHost
RESTAppOnlyAccessTokenForSPAppWebAppOnlyAccessTokenForSPHostUserAccessTokenForSPAppWebUserAccessTokenForSPHost
Managing Security Tokens
36
Same-domain policy prevents JavaScript from making direct calls to either the app web or host web from the remote web
Required to make JavaScript calls to both the
app web and host web
Cross Domain Library
37
SP.RequestExecutor.js located in LAYOUTS directory
Option 1: Copy and include directly in your app
Option 2: Load Dynamically using jQuery
Loading the Cross-Domain Library
38
Cross-Domain Library Architecture
Remote Web SharePoint
Web Page
SP.RequestExecutor.js
IFRAME App Web
AppWebProxy.aspxAppWebProxy.aspx
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.