Is OAuth meant for User Authentication in SharePoint or for Authorization of Apps (Add-Ins) in SharePoint?
OAuth is the buzz word nowadays. But I am not able to clearly figure out whether OAuth is really meant for User Authentication in SharePoint or it is meant for the Authorization of Apps (Add-Ins) with SharePoint application. I listened to a TechEd video
a few days by one MVP called Eric Shupps and he has a slide which clearly tells that, it is not for User Authentication. But unfortunately, I couldn't find it documented anywhere clearly (MSDN or TechNet) saying that it is not for User Authentication. In OAuth,
the Auth means Authorization or Authentication? Can anyone please explain clearly and also provide some authentic links, which explain thing
September 10th, 2015 12:13am
Hi Ven,
"You may have already heard that OAuth 2.0 plays an important role in the authentication and authorization of SharePoint Add-ins. It does, but it is not necessarily a part of the authorization story for every SharePoint Add-in. If you plan to build
a SharePoint Add-in that runs in an remote web application and communicates back to SharePoint using server-side code, you will need to use OAuth. If the remote web application is off premise, then you would use
the low-trust authorization system in which Azure ACS is the access token issuer. If it is on premise, then you would typically use
the high-trust system in which the add-in itself and a digital certificate are the access token issuers."
Reference:
https://msdn.microsoft.com/en-us/library/office/fp142384.aspx
Best Regards,
Dennis
September 11th, 2015 3:36am