Closed maps05 closed 2 years ago
dcashpeterson
commented
2 years ago @maps05 Thanks for posting. It looks like this is more of a question on development. As such can you please post it in SPDev-Docs? https://github.com/SharePoint/sp-dev-docs/issues. There you will be exposed to a larger audience of folks that can potentially help. Issues and questions here are specifically related to the samples in the repo.
Thanks for the post and good luck.
maps05
commented
2 years ago @dcashpeterson my thought behind the request was that this would be a nice sample to have as well, with focus on security rather than visual and behavior aspects. I'll address this topic is other repository as suggested. Thanks.
dcashpeterson
commented
2 years ago @maps05 Sorry, I misunderstood what you were asking for. If you are making a sample request or would like to submit a sample using this model you are welcome to post that here or just build it and submit a PR. If you need help with SPFx then Dev Docs is the right place.
Sample Description (what should it do)
ACE that integrates with LOB app (example: https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient-enterpriseapi) but without sharing authentication permissions with other SPFx components in page context.
By default, the requested API permission is granted to "SharePoint Online Client Extensibility Web Application Principal" AAD App therefore all SPFx solutions have access to it. I have tried with isDomainIsolated property but it leads to card displaying technical issue and I noticed in DOM that it's not rendered in an iframe.
It is unclear to me if there's a technical way to achieve this goal, could you help?
Are you Willing to Help?
Yes.