Sharepoint 2013 and Oauth 2.0 -
i need clarification on how sharepoint uses oauth , can/can't bearer tokens.
what able either retrieve bearer token sharepoint, cross domain via javascript and/or set sharepoint use same machine key current oauth server.
i've read of article , several others has me bouncing around without clear example. : https://msdn.microsoft.com/en-us/magazine/dn198245.aspx
recap:
i need code snippet retrieving bearer token sharepoint using javascript, cross-domain and...
i need walk through of sharing same machine key claims based bearer tokens oauth 2.0
and clarify i'm trying do:
i need read/write sharepoint lists different platforms , want standard way it. rest seems way go. our apps being developed using restful services , oauth. we've got of covered html , javascript. i'd understand how continue use our current oauth , rest patterns create secure sharepoint interfaces on our html apps java , c# using claims based bearer tokens. if i'm on right track, please confirm , provide clear examples/resources. if there's better way this, i'm ears.
bearer tokens work similar money, whoever has token rightful owner. why terminology "bearer" (who ever bears token) comes in. tokens rely on ssl/tls security. whoever "bears" access token allowed come in.
to answer first question, did research , found trying do. if want write in java script , use cross-domain library, won't need provide access token.
var executor = new sp.requestexecutor(appweburl); executor.executeasync( { url: appweburl + "/_api/sp.appcontextsite(@target)/web/lists?@target='" + hostweburl + "'", method: "get", success: successhandler, error: errorhandler } );
i got answer here: https://msdn.microsoft.com/en-us/library/jj164022.aspx
for second question think possible,but uncommon do. unfortunately not fond using same machine key current oauth server, sorry! if ever come across in near future sure answer question.
to clarify doing, yes on right track. if apps using restful services looks rest way go sure. rest easier in same sense, because uses http requests easier doing cobra, rpc, or soap. if looking more secure more anything, use soap. though debatable.
some resources may @ microsoft libraries. have pretty tutorials though not clear. microsoft has documentation difference between soap , restfound here:https://msdn.microsoft.com/en-us/magazine/dd942839.aspx link microsoft's library: https://msdn.microsoft.com/en-us/library/ms310241 oauth,rest,and etc. can rough , hard understand. documentation out there, things using same machine key oauth 2.0 hard.
sorry, if wasn't clear, if need more reply answer. hope helped some-what , enjoy day!
Comments
Post a Comment