I am privileged to present at the Build 2013 conference Understanding Authentication and Permissions with Apps for SharePoint and Office.  This session focuses on helping you to understand what an app principal is, how they are registered, and how OAuth is used with Office 365 to provide authentication for apps.  I walk through the OAuth dance and show details on the context token and how the TokenHelper class in your SharePoint app project is used to abstract details of OAuth for you. I also walk through a demonstration of app permissions to help you understand how permission requests work, and finally walk through how an app can dynamically request permissions “on the fly”. 

To me, the last part is one of the coolest opportunities for existing web sites.  Imagine someone visits your web site, and you simply ask them, “Do you have an Office 365 site? If so, enter the URL here.”  They enter the URL and are redirected to authorize the app on their SharePoint site.  Once authorized, the app is able to perform the tasks that the user authorized.  To make that a little clearer, imagine a site like Instagram where you can upload pictures.  Instagram could use this mechanism to read pictures from your picture library and to post them on Instagram so your friends can comment on your hilarious pictures of cats with bad grammar. 

I am presenting the session at Build (session 3-603) at 3:30 pm PST today, and the session will be available 24 hours after on Channel9 at this link (Understanding Authentication and Permissions with Apps for SharePoint and Office).