I need to write an Office365-App. I want to use a provider-hosted MVC-Application for this.
As I want to use some kind of "API" on some pages, that returns a JSON that then is used inside JS to display data: Can I just mix CSOM and JSOM?
Has this any effect on the (OAuth)-Authentication?
You could mix CSOM and JSOM . I would suggest you could use the SharePoint Cross Domain JavaScript library (CDL) to access SharePoint data from a remotely hosted web page without the need for OAuth tokens. Please refer to below link for code sample: https://github.com/OfficeDev/SharePoint-Add-in-JSOM-CrossDomain
I have tested the codes in a CSOM OAuth authentication web application ,and it works fine .