I am working with a client who has applications in JAVA/PHP/Unix and on SharePoint 2013 on-prem. All these are standalone applications and Identity provider for these applications is same(Ping federated ADFS).
Client is in the process of moving from SP 2013 on-prem to SPO(O365). O365(SharePoint Online) setup is complete and ADFS ping federation is also setup.
Requirement: JAVA/PHP/Unix applications wants to read and write data onto lists/libraries on SPO via OOTB REST API's(without hard coding the credentials).
I have been asked to come-up with a architectural approach for above requirement. Based on my initial analysis this can be achieved by registering the JAVA/PHP applications onto Azure AD and then use the generated client ID and client secret for doing any tansactions with SPO via REST API's.
I wanted to check if the approach i mentioned above is appropriate for the requirement or do I have to follow any other approach/solution and also it would be good if you can share any reference blogs for the same. Let me know if the above requirement is not clear or need more info.
Yes, that should be the way to go + using ADAL for the authentication part of your development...have a ClientID and ClientSecret is required, but you need to work with both to get required access tokens