Definition: OAuth (Open Authorization) is an open standard for token-based Authorization.
In SharePoint view, OAuth allows users to authorize SharePoint, to provide access tokens to 3rd party Apps so that the 3rd party Apps can use the token to access content from SharePoint server without providing credentials.
Explanation:
- Let’s say we have a 3rd Party app that reads data from SharePoint Application. But we must need to authorize the App before letting it access. So how do we do it? Answer is, using Authentication Server
- Here, we have four things.
- User – Logged In user
- SharePoint Application/Content – Application on which user has logged on
- 3rd Party App – App that needs to access data on SharePoint Application
- Authentication Server – Used for authenticating Apps using OAuth token. In SharePoint Online, Authentication server must be AZURE ACCESS CONTROL SERVICE (ACS).
- SharePoint application and 3rd Party App must establish TRUST with ACS.
- Let’s see how they all function together.
- User arrives at SharePoint Application and authenticated using Claim based Authentication.
- Now, SharePoint has trust with ACS, so SharePoint will ask for Context Token for logged in user and the same will be returned by ACS.
- User will pass Context Token to Client App and Client App will pull Refresh Token out of it and pass it to ACS.
- Now, Client App has trust with ACS, so ACS will use the refresh token and send back the OAuth token to Client App.
- This OAuth token now can be used by Client App to access SharePoint content. OAuth token is issued for specific user, for specific resource and for specific duration.