Closed brett0701 closed 3 years ago
Hi @brett0701,
Are you referencing SharePoint Add-In of AAD App Registration?
Please take a look at these strategies:
Add-In Only Auth is considered legacy and on the long run will be completely replaced with AAD auth. On some new tenants, Add-In Only auth (in my knowledge) might be disabled by default.
There is also a capability for injecting custom authentication flows (https://go.spflow.com/auth/custom-auth).
I would also like to improve AAD auth within Gosip; and add these strategies into core, currently AAD strategies are in experimental repo. So if existing implementation doesn't cover some edge cases please feel free reaching me with requests.
I'd recommend reading this article https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
The described flow is implemented in https://go.spflow.com/auth/custom-auth/azure-certificate-auth
It's likely that only Certificate Based auth will work with SharePoint. Others (available in AAD https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization#use-environment-based-authentication) will return "401 Unauthorized :: Unsupported app only token.".
I added environment variables injection through private.json
files:
// UPD: this is to /azureenv auth, for /azurecert (the new strategy I added recently) the payload is strictly defined
{
"siteUrl": "https://contoso.sharepoint.com/sites/site",
"env": {
"AZURE_TENANT_ID": "74881cec-5c58-4ac0-a11f-0fd2e9caa4af",
"AZURE_CLIENT_ID": "d7202cb6-fc7d-45f6-bcfd-c24128ee4df8",
"AZURE_CERTIFICATE_PATH": "./certs/MyCert.pfx",
"AZURE_CERTIFICATE_PASSWORD": "MyPass"
}
}
Variables places into env
property are set up as environment variables for Azure AD library and unset right after it reads them.
Going to close this.
Hi Andrew. Thanks for all of the information. I'm not sure any of the current solutions fit my need. Basically we need to only pass the bearer token in the header when accessing the Sharepoint online list. The token is obtained by calling https://accounts.accesscontrol.windows.net/
Going to close this.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Hi @brett0701,
accounts.accesscontrol.windows.net
is used with Add-In Only auth.
Yes, this is covered. Tenant ID is optional and not required, just ClientID and ClientSecret.
Please check, should just work.
Hi,
We recently moved our SharePoint instance to SharePoint online. To access SharePoint online api, we had to register an app and obtain tenant-id, client-id/client-secret and then use that information to obtain a token. Once we have the bearer token we can then access the SP API. Does this library offer this type of authentication?