In an Ionic mobile app, we need to access the web API and to show a Web UI (both SharePoint) in an Ionic WebView (essentially a browser inside the app). We're using OnPrem ADFS on Windows Server 2012 and OnPrem SharePoint 2013. Here's what we do:
1. In ADFS3, Setup OAuth2 and add a Relying Party Trust and a Client
http://www.gi-architects.co.uk/2016/04/setup-oauth2-on-adfs-3-0/
2. From the mobile app, call ADFS to obtain an OAuth Access Token
First, GETing:
https://myadfsdomain/adfs/oauth/authorize
?response_type=code
&client_id=MYCLIENTID
&redirect_uri=https://myserver/callback
&resource=MYRelyingPartyId
then POSTing the responseCode Eg:
$http({method: "post",
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
url: "https://myadfsdomain/adfs/oauth2/token",
data: "client_id=MYCLIENTID&code=" + responseCode + "&redirect_uri=https://myserver/callback&grant_type=authorization_code" })
See also http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html
We now have an OAuth2 Access Token.
3. Use that token to call the SharePoint API
GET /the-api-method
Host: example.com
Authorization: Bearer <access_token>
Question
Question is, how can that access token be used to access the Web UI? Can it be exchanged for a SharePoint Web UI cookie (FedAuth?) so that a WebView placed in the app can show a SharePoint web page to the authenticated user without the user having to login again?
According to this post, it sounds like OAuth2 for ADFS3 (Windows Server 2012) only works when calling a web API, NOT when calling a web UI. Is that correct?
As ADFS on Windows Server 2016 now supports more OAuth2 grant types, is it now possible to use ADFS OAuth in server 2016 for a web UI? If so, how does the access token get exchanged for a cookie or does it?
