...
For the authentication of the institution's endpoint either 3-legged OAuth version 1.0a or Authorization Code Grant OAuth version 2.0 MUST be supported. For the user experience the provider SHOULD connect the OAuth provider (responsible for creating and granting access tokens after a successful authentication) to SURFconext in order be establish SSO between the Service Provider, SURFconext and the External Group Endpoint.
Example VOOT/OpenSocial group clients
Microsoft Sharepoint
Microsoft Sharepoint as a group consumer
Example VOOT/OpenSocial group providers
...