What is the Office 365 Workflow Between the Browser, Microsoft Office Online and a CTERA Portal

The following diagram shows the workflow between the end user browser, Microsoft Office Online and a CTERA Portal:

WOPI Discovery

To enable Microsoft Office Online to work with a CTERA Portal, an initialization phase is required. In this phase CTERA Portal initiates a WOPI discovery call to the Office Online server to identify Office Online capabilities and how to initialize Office Online applications within the site. CTERA Portal uses the discovery XML to determine how to interact with Office Online by retrieving a list of application names and the corresponding URLs.

When first connecting the CTERA Portal to Office Online, CTERA Portal verifies that all requests will come from Office Online, using the Proof keys concept according to Microsoft best practices.

Office Online signs every WOPI request with a private key. The corresponding public key is available in the proof-key element in the WOPI discovery XML. The signature is sent with every request in the X-WOPI-Proof and X-WOPI-ProofOld HTTP headers.

Request to Browse a Folder
When a user browses to a folder in the CTERA Portal, all the file names under this folder are returned to the end user’s browser together with:

• The file IDs
• A corresponding Office Online URL for opening an Office file online
• An access token used by the host to determine the identity and permissions of the issuer of a WOPI request.
  CTERA’s access token is generated following the JSON Web Tokens, JWT, standard. The access token is signed with a secret key which is a secure random 256 bytes long secret key generated using the HMAC (HMAC SHA256) algorithm as defined by the JWT standard.
  The CTERA Portal receives the request to browse a folder from a Microsoft service and not directly from the user PC. All requests are directed via th secure port 443.

Open an Office File
When an end user requests to open an Office file in their browser, the browser submits a request to Office Online to open the file. Each requested file has a file ID and the unique access token. These are used by Office Online to request the file from the CTERA Portal and by the CTERA Portal to verify the request and then return the file back to Office Online.

Editing the Office File
Once the file has been verified, it is locked and passed to the user for editing. During the editing, the file is periodically saved to the CTERA Portal. If more than one user edits the file at the same time, co-authoring, the file is unlocked and relocked by Office Online to manage the edits from multiple users. At the end of the editing session the file is unlocked.