Export (0) Print
Expand All

Tips and FAQ: OAuth and remote apps for SharePoint

This topic is now obsolete. See the links below to find where the content is now located.

This content has been moved to:

What is the URL in the <StartPage> element?

What are the elements and attributes of the AppManifest.xml file?

This content has been moved to Guidelines for registering apps for SharePoint 2013, especially the section http://msdn.microsoft.com/EN-US/library/jj687469.aspx#EditConfigFiles.

What are the app settings of the Web.config file?

This content has been moved to:

My web application has problems talking back to SharePoint. What should I check?

What URLs should I hard-code into my app to point to my cloud server?

Should I register the CNAME alias or the actual underlying URL that is hosting the app?

I get the error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." What should I do?

This content has been moved to Get a new context token.

What should I use the app redirect page for?

This content has been moved to Get a new context token.

How do I use an app redirect page to get the context token?

This content has been moved to Get a new context token.

How do I use the appredirect page in the URL?

This content has been moved to Get a new context token.

This content has been moved to Guidelines for registering apps for SharePoint 2013.

Do I need a redirect URI?

This content has been moved to Guidelines for registering apps for SharePoint 2013.

This content has been moved to:

What is a context token?

What is an access token?

This content has been moved to Understand the handling of access tokens.

What is a refresh token?

Should the context token string be stored in a cookie so that it can be used for other page requests directly from the provider-hosted app?

This content has been moved to Cache the context token or parts of it.

What is the cache key value made up of? How is it unique?

This content has been moved to Understand the cache key.

How do I retrieve the context token?

What information does the context token contain?

This content has been moved to See an example of a context token.

What information does an access token contain?

How do I calculate the exact time and date from the value of nbf and exp?

This content has been moved to Work with JWT time values.

I want to protect the svc for my apps from users who are not from SharePoint. I check the user’s legitimacy at the app's entry point (by creating ClientContext), but my WCF service can be called by anyone. Should I create ClientContext from a context token on every svc method call?

Is it okay to keep AppContext (obtained from a SharePoint POST request) as a hidden input field on the page?

This content has been moved to Cache the context token or parts of it.

How long is a refresh token valid?

I store the access token and host URL in cookies so they can be used on other page requests. But the user took a break and the access token expired. What should I do?

In what scenario should I discard an old unexpired refresh token that is still valid and use a new one?

This content is in App permissions in SharePoint 2013.

What are the permission request scopes and available rights for list, library content, and other features?

This content is now in App permissions in SharePoint 2013.

This content is in App authorization policy types in SharePoint 2013.

What is the difference between the app-only policy and the user + app policy?

Is there a way to grant or deny the right to launch an app?

This content has been moved to Troubleshooting high-trust apps for SharePoint 2013

I'm getting a 401 unauthorized error when running a high-trust app. What should I do?

This content has been moved to Troubleshooting high-trust apps for SharePoint 2013.

How do I get a context token for a high-trust app?

This content has been moved to:

When trying to read a file using the HTTP DAV method, I get an error. What should I do?

Is there a way to forward OAuth authorization to other components in different domains, or to configure OAuth for multiple URIs?

Is the SharePoint 2013 principal value constant?

Is the app Id and app secret constant across all tenants for a given app?

Yes, if the app is registered in the Seller Dashboard; but if it is separately registered with each SharePoint tenancy or farm, it can have distinct IDs and secrets for each. In that case, it appears to be multiple apps to Microsoft Azure Access Control Service (ACS). See Guidelines for registering apps for SharePoint 2013.

Are realms unique?

How do I turn off the HTTPS requirement for OAuth during development?

This content has moved to:

  1. Social and collaboration features in SharePoint 2013

  2. App permissions in SharePoint 2013

How do I retrieve a user's identity and properties?

What is the usage for the different social features and permission request scopes?

How do I get the user profile properties of people following me?

Show:
© 2014 Microsoft