SAML Token Claims Based Identity SAML Token Claims Based Identity SPUser

Claim Value Type. = String + = RFC822 Name

Is the endpoint outside of an app web? Does the token include user info? Is endpoint CSOM? OAuth token present? Use anonymous context Set app and user context Set user context End Start User credentials provided? Set App-Only context Yes No

SharePoint Apps OAuth Flow 7- Access token 10. IFrame contents 5. Request IFrame contents 4. Page - IFrame 9. SharePoint data 8. Request – Access token 1. Request 2. Request context token 3. Signed context token 6. Refresh token STS (ACS) SharePoint ServerApp Server Subject