自动登录到提供商托管的加载项 [英] Automatically Logging in to Provider Hosted Add-in

问题描述

我有一个网络应用程序，我们称之为squirrel-picture-snap照片托管。 我的一位客户希望通过使用他们的SharePoint帐户登录到squirrel-picture-snap：如果他们登录到SharePoint，他们也想访问他们的squirrel-picture-snap
帐户。



我希望我能为他们提供供应商托管的插件来安装。 当用户点击加载项时，它会将它们重定向到squirrel-picture-snap，进行握手，并且无需输入任何用户名/密码即可神奇地登录。



我已经完成了标题为"开始创建提供者托管的SharePoint加载项"的文章中的示例代码。并且效果很好，似乎我可以"阅读"当前用户的电子邮件等，来自SharePoint的
。 我还使用PHP CSOM库在squirrel-picture-snap中编写了一些代码;如果我在squirrel-picture-snap中输入我的SharePoint用户名和密码，我就能登录，但是，我没有看到任何关于"接收"的信息。来自加载项的某种
令牌，所以登录可以在没有用户名/密码的情况下完成。



当我运行时我看网络示例代码（不是PHP CSOM包装器），似乎加载项正在传递一个名为"SPAppToken" 的POST值 - 如果以某种方式登录，它将会非常棒令牌我可以用来验证用户的
。



我是否模糊地走在正确的轨道上，还是我离开了基地？

I have a web app, let's call it squirrel-picture-snap photo hosting.  One of my customers wants to log in to squirrel-picture-snap by just using their SharePoint account: if they are logged in to SharePoint, they want to access their squirrel-picture-snap account, too.

I'm hoping I can give them a provider-hosted add-in to install.  When a user clicks the add-in, it would redirect them to squirrel-picture-snap, a handshake would happen, and they'd be magically logged in without needing to enter any username / password.

I have worked through the example code in the article titled "Get started creating provider-hosted SharePoint Add-ins" and it works great, it seems I can "read" the current user's email, etc, from SharePoint.  I've also written some code in squirrel-picture-snap using a PHP CSOM library; I'm able to log in if I enter my SharePoint username and password in squirrel-picture-snap, but, I don't see anything about "receiving" some kind of token from the add-in so a login can be done without a username / password.

When I watch the network when I run the example code (not the PHP CSOM wrapper), it seems the add-in is passing a POST value named "SPAppToken"-- it would be reaaaaaaally great if that was somehow a login token I can use to verify the user.

Am I vaguely on the right track, or am I way off base?

推荐答案

我应该在谷歌上花更多的时间。 这似乎表明我在正确的轨道上，来自文档：


_______________________________________________________________________________

I should spend more time in google.  This seems to say I'm on the right track, from the docs:
_______________________________________________________________________________

上下文令牌仅用于低信任授权系统的上下文令牌流。在SharePoint中启动SharePoint外接程序时，SharePoint会请求Azure ACS创建一个上下文令牌，然后SharePoint将该外接令牌传递到SharePoint外接程序的远程组件
。令牌在SharePoint的请求中作为远程组件的起始页面的名为SPAppToken的隐藏表单参数传递。令牌使用仅为ACS和SharePoint加载项知道的客户端密钥进行签名。



上下文令牌包含加载项使用的刷新令牌，使用来自上下文令牌的其他信息，从ACS请求访问令牌。 （撰写本文时，ACS发布的SharePoint上下文令牌的生命周期为12小时，
但可能会发生变化。）

A context token is used only in the Context Token flow of the low-trust authorization system. When the SharePoint Add-in is launched in SharePoint, SharePoint requests that Azure ACS create a context token that SharePoint then passes on to the remote component of the SharePoint Add-in. The token is passed as a hidden form parameter called SPAppToken in a request from SharePoint for the start page of the remote component. The token is signed with a client secret known only to ACS and the SharePoint Add-in.

The context token includes a refresh token that the add-in uses, along with other information from the context token, to request an access token from ACS. (When this article was written, ACS-issued context tokens for SharePoint had a life span of 12 hours, but that could change.)

这篇关于自动登录到提供商托管的加载项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！