This post is detailing about how you perform authentication and authorization from a remote app in SharePoint Online.
Especially, when the remote apps are running on a Non .Net technology platforms. Which means we can’t use the OOTB ‘TokenHelper’ class.
The entire flow needs to only use simple HttpRequests.
I am going to break this into 3 parts:
There are 3 pieces of information that we need from the app registration:
Step 1: Get the Request token
Getting the request token just requires a well formed Url with all the 3 pieces of information that we collected during the app registration.
(See this app permissions section for all the Scope and Rights available in SharePoint Online.) This Url would redirect to the msonline login screen and after you enter the credentials if you prompt you with the trust screen:
Once you trust the app, it would redirect back to the ‘redirect_uri’ configured during the app registration along with the request token in the querystring
Step 2: Get the Realm
(This method is taken directly from TokenHelper class. The targetApplicationUri is the SharePoint Online url)
Step 3: And finally, Get the Access Token Now that we have the requestToken and realm, we need to create a POST request to ACS to get back the access token
That’s it. Once we have the access token we can call all the SharePoint REST API’s that fetches the data.
Especially, when the remote apps are running on a Non .Net technology platforms. Which means we can’t use the OOTB ‘TokenHelper’ class.
The entire flow needs to only use simple HttpRequests.
I am going to break this into 3 parts:
- Register a Remote App in SharePoint
- Get the 'AccessToken’ via the Azure ACS and SharePoint dance
- Call SharePoint REST Service with the AccessToken
Register a Remote App in SharePoint
There is some good guidance around registering an app for SharePoint but in our case we just want to register an app to perform the OAuth from a remote application so the only good option is to register it via ‘/_layouts/15/appregnew.aspx’.
There are 3 pieces of information that we need from the app registration:
- client_id = App Id
- client_secret = App Secret
- redirect_uri = Redirect URI
Get the 'AccessToken’ via the Azure ACS and SharePoint dance
There are 3 steps to this dance:Step 1: Get the Request token
Getting the request token just requires a well formed Url with all the 3 pieces of information that we collected during the app registration.
(See this app permissions section for all the Scope and Rights available in SharePoint Online.) This Url would redirect to the msonline login screen and after you enter the credentials if you prompt you with the trust screen:
Once you trust the app, it would redirect back to the ‘redirect_uri’ configured during the app registration along with the request token in the querystring
Step 2: Get the Realm
(This method is taken directly from TokenHelper class. The targetApplicationUri is the SharePoint Online url) Step 3: And finally, Get the Access Token Now that we have the requestToken and realm, we need to create a POST request to ACS to get back the access token
Call SharePoint REST Service with the AccessToken
The only thing to remember before calling the SharePoint REST API’s is to make sure that we requested the correct Scope and Rights while generating the access token. In the code above I request ‘AllProfile.Manage’ as my scope so I can call the User Profile REST API’s.
That’s it. Once we have the access token we can call all the SharePoint REST API’s that fetches the data.
No comments:
Post a Comment