New command: m365 spe containertype register

[Adam-it]

Usage

m365 spe containertype register [options]

Description

Register the Container Type

Options

Option	Description
-i, --id [id]	The Id of the Container Type. Specify either id or name but not both.
-n, --name [name]	The Container Type name. Specify either id or name but not both.

Examples

Register the Container Type using name

m365 spe containertype register --id '4ec4aefd-4fa3-0e4a-20c3-6e68389e7138'

Register the Container Type using id

m365 spe containertype register --name 'test container'

Default properties

No response

Additional Info

we may use the SharePoint REST PUT request

{{RootSiteUrl}}/_api/v2.1/storageContainerTypes/{{ContainerTypeId}}/applicationPermissions

with the following body

{
    "value": [
        {
            "appId": "{{ClientID}}",
            "delegated": ["full"],
            "appOnly": ["full"]
        }    ]
}

[milanholemans]

Hi @Adam-it, few questions

• I find it a bit tricky to execute this request on the root URL of the SharePoint tenant. This would mean that the user needs permission to this site right? I see it's displayed like this in the docs, so maybe there is no other way to do this?
• Looking at the docs, it seems like we have to provide a request body with app ID and permission scopes. Don't we need additional options for this?

  
  PUT https://contoso.sharepoint.com/_api/v2.1/storageContainerTypes/{containerTypeId}/applicationPermissions
  Content-Type: application/json

{ "value": [ { "appId": "71392b2f-1765-406e-86af-5907d9bdb2ab", "delegated": ["full"], "appOnly": ["full"] } ] }

[intikhabalam]

i am unable to use this, i am getting following errors.

PS C:\Users\IntikhabA\Downloads\abc> m365 spe containertype register --id 'a07be3cc-91fb-45d1-9564-77d2a9ac7be3' Command 'spe containertype register' was not found. Below you can find the commands and command groups you can use. For detailed information on a command group, use 'm365 [command group] --help'.

do i need to install something new?

[MathijsVerbeeck]

@intikhabalam That is because the command still has to be implemented and not available for use just yet.

[intikhabalam]

i am stuck with a production level problem. can you any one give me any easy way to register my containerType with azure entra app registration?

[Adam-it]

i am stuck with a production level problem. can you any one give me any easy way to register my containerType with azure entra app registration?

sorry @intikhabalam for the late reply. In order to register Container Type with the consumer’s tenant you need to use SharePoint Rest v2.1 for that. you may use the following endpoint {{RootSiteUrl}}/_api/v2.1/storageContainerTypes/{{ContainerTypeId}}/applicationPermissions which is a PUT request with the following body

{
    "value": [
        {
            "appId": "{{ClientID}}",
            "delegated": ["full"],
            "appOnly": ["full"]
        }
    ]
}

Please be aware for in order for this to work you will need to use application authentication method with cert.

Check out the SharePoint Embedded Sample Apps. There you will find a postman collection which will give you everything you need to set up and get started with SPE. You may find this request in the collection as well.

for a more comprehensive overview which also explains the registration I highly recommend AC blog post https://www.voitanos.io/blog/sharepoint-embedded-create-apps/#register-container-type-in-consumer-tenant

Hope it helps and allows you to move forward

[Adam-it]

• Looking at the docs, it seems like we have to provide a request body with app ID and permission scopes. Don't we need additional options for this?

thanks @milanholemans for pointing it out. I kinda assumed it is just common knowledge and probably was in a bit of a hurry. I updated the docs

• I find it a bit tricky to execute this request on the root URL of the SharePoint tenant. This would mean that the user needs permission to this site right? I see it's displayed like this in the docs, so maybe there is no other way to do this?

this request should be run as an app

[intikhabalam]

thank you @milanholemans , @MathijsVerbeeck for reply, I tried both ways but getting 'access denied' error. I am a bit confused about the body of Registration ContainerType also. it contains a section for graph explorer AppId also. { "value": [ { "appId": "a07be3cc-91fb-45d1-9564-77d2a9ac7be3", "delegated": ["full"], "appOnly": ["full"] }, { / This adds the Graph Explorer AppId to your Container Type with full permmissions on delegated access. Note that you cannot create Containers with Graph Explore as those calls must be made with a confidential client, and Graph Explorer only creates public client tokens. But other APIs, include the Drive and DriveItem related calls, should work. / "appId": "de8bc8b5-d9f9-48b1-a8ad-b748da725064", // Graph Explorer AppId "delegated": ["full"], "appOnly": ["none"] //Graph Explorer only supports delegated auth } ] }

i have tried with or without graph App Id but i get the error for all calls :( I followed the viotanos and microsoft SPE article but getting failure always :(

[Adam-it]

@intikhabalam TBH I did not have this issue and I am not sure what might be it's source. Does the app you are using to perform the registration has the MS Graph and SharePoint API permissions added?

[Adam-it]

@intikhabalam did you had any luck? @pnp/cli-for-microsoft-365-maintainers any other comments or may we open this up?

[milanholemans]

• I find it a bit tricky to execute this request on the root URL of the SharePoint tenant. This would mean that the user needs permission to this site right? I see it's displayed like this in the docs, so maybe there is no other way to do this?

this request should be run as an app

Does this mean we can't use this command in delegated mode? If so, shouldn't we make a check for that?

[milanholemans]

• I find it a bit tricky to execute this request on the root URL of the SharePoint tenant. This would mean that the user needs permission to this site right? I see it's displayed like this in the docs, so maybe there is no other way to do this?

this request should be run as an app

Does this mean we can't use this command in delegated mode? If so, shouldn't we make a check for that?

@Adam-it did you had some time to review my last comment? If that's the case, currently we have DelegatedGraphCommand class that allows only delegated auth. Maybe we should make something similar for this case where we need only app only auth.

[Adam-it]

@Adam-it did you had some time to review my last comment? If that's the case, currently we have DelegatedGraphCommand class that allows only delegated auth. Maybe we should make something similar for this case where we need only app only auth.

No, unfortunately I did not. There is always something with higher priority that overlaps this one. TBH I am not sure if this is something that will only work with delegated permission. I was going to double check that.