Apps for SharePoint were introduced in SharePoint 2013 to maximize the level of capability and flexibility that developers can deliver without risking compromise to the farm. In this session, we will delve into apps that leverage resources running outside the SharePoint farm—whether in another on-premises web server or in the cloud. We will use server-side and client-side code to demonstrate how cloud-hosted apps can securely access data stored in SharePoint using the client object model (CSOM/JSOM) and REST APIs, along with the pros and cons associated with each approach. We will discuss the various permissions models associated with apps for SharePoint including types of app permissions, permission request scopes, and how app developers can manage permissions. We will conclude by building and provisioning a provider-hosted app for SharePoint to Office 365.
19. $(document).ready(function () {
hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));
var scriptbase = hostweburl + "/_layouts/15/";
$.getScript(scriptbase + "SP.UI.Controls.js", renderChrome);
});
function renderChrome() {
var options = {
"appIconUrl": "", "appTitle": "CSOM/JSOM/REST demos",
};
// Place the chrome control in the <div> with ID="chrome_ctrl_placeholder"
var nav = new SP.UI.Controls.Navigation("chrome_ctrl_placeholder", options);
nav.setVisible(true);
}
38. URL Returns
_api/web/title The title of the current site
_api/web/lists/getByTitle('Announcements') The Announcements list
_api/web/lists/getByTitle('Announcements')/fields The columns in the Announcements list
_api/web/lists/getByTitle('Tasks')/items The items in the Tasks list
_api/web/siteusers The users in the site
_api/web/sitegroups The user groups in the site
_api/web/GetFolderByServerRelativeUrl('/Shared
Documents')
The root folder of the Shared Documents
library
_api/web/GetFolderByServerRelativeUrl('/Plans')
/Files('a.txt')/$value
The file a.txt from the Plans library
Table adapted from http://msdn.microsoft.com/en-us/magazine/dn198245.aspx
40. CSOM REST
Less “chatty” (requests can be batched) More “chatty” (no request batching)
Handles the “plumbing” of calls to SharePoint Requires you to construct and manage your
own HTTPRequest/Response objects
Requires CAML for queries Uses standard OData vocabularies
Can interact with managed metadata
taxonomies and workflows
No support for interacting with managed
metadata taxonomies and workflows
Easy to leverage third-party libraries (jQuery)
Can be debugged using Fiddler
No external assembly references required
Table adapted from http://www.andrewconnell.com/blog/sharepoint-2013-csom-vs.-rest-...-my-preference-and-why
53. Requirement/Scenario OAuth Cross-domain
I use client-side technologies (HTML + JavaScript).
I want to use REST interfaces.
There is a firewall between SharePoint and my remote app,
and I need to issue the calls through the browser.
My app needs to access resources as the logged-on user.
My app needs to elevate privileges to other than those of the
current logged-on user.
My app needs to act on behalf of a user other than the one
who is logged on.
My app needs to perform operations only while the user is
logged on.
My app needs to perform operations even when the user is
not logged on.
Table from http://msdn.microsoft.com/en-us/library/fp179897.aspx
54.
55.
56.
57. key ClientId value xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
key ClientSecret value xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=