Hi @Jonathan Brauer (A),
Per my research, CSOM authentication is based on basic authentication. Basic auth doesn’t support scoping or grading permissions, so every app which connects with the basic auth protocol, gains potential access to all data a certain user has access to. As the describetion in the document you provided
Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device. Traditionally, Basic authentication is enabled by default on most servers or services, and is simple to set up.
The credential is stored in context and you always need to load it when get items from sharepoint by CSOM. So the CSOM authentication type is Basic Authentication.
If you want to use authentication based on Oauth 2.0, I will recommend you to use SharePoint App-only using PnP Framework.
string siteUrl = "https://contoso.sharepoint.com/sites/demo";
using (var cc = new AuthenticationManager().GetACSAppOnlyContext(siteUrl, "[Your Client ID]", "[Your Client Secret]"))
{
cc.Load(cc.Web, p => p.Title);
cc.ExecuteQuery();
Console.WriteLine(cc.Web.Title);
};
Here is the document for more details
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.