OAuth is the buzz word nowadays. But I am not able to clearly figure out whether OAuth is really meant for User Authentication in SharePoint or it is meant for the Authorization of Apps (Add-Ins) with SharePoint application. I listened to a TechEd video a few days by one MVP called Eric Shupps and he has a slide which clearly tells that, it is not for User Authentication. But unfortunately, I couldn't find it documented anywhere clearly (MSDN or TechNet) saying that it is not for User Authentication. In OAuth, the Auth means Authorization or Authentication? Can anyone please explain clearly and also provide some authentic links, which explain thing

Hi Ven,

"You may have already heard that OAuth 2.0 plays an important role in the authentication and authorization of SharePoint Add-ins. It does, but it is not necessarily a part of the authorization story for every SharePoint Add-in. If you plan to build a SharePoint Add-in that runs in an remote web application and communicates back to SharePoint using server-side code, you will need to use OAuth. If the remote web application is off premise, then you would use the low-trust authorization system in which Azure ACS is the access token issuer. If it is on premise, then you would typically use the high-trust system in which the add-in itself and a digital certificate are the access token issuers."

Reference: https://msdn.microsoft.com/en-us/library/office/fp142384.aspx

Best Regards,

Dennis