cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure SPO to do app-only auth with PFX private key?

nicholas dipiazza
Copper Contributor

‎Jun 28 2018 09:19 AM - edited ‎Jun 28 2018 09:25 AM

‎Jun 28 2018 09:19 AM - edited ‎Jun 28 2018 09:25 AM

How to configure SPO to do app-only auth with PFX private key?

We are trying to set up SharePoint online app-only access. We are writing a C# application using https://github.com/SharePoint/PnP-Sites-Core

The first thing we did was we (successfully) tested this login configuration endpoint that takes the following inputs:

siteUrl    Site for which the ClientContext object will be instantiated
appId    Application ID which is requesting the ClientContext object
appSecret    Application secret of the Application which is requesting the ClientContext object

(Reference https://www.c-sharpcorner.com/article/authenticate-sharepoint-using-pnp-authentication-manager/)

We were able to set up the application by doing these steps:

  • Go to https://apps.dev.microsoft.com/#/appList
  • Click "Add an app"

  • Enter the following:

    • The Application ID (also known as client_id) assigned by the app registration portal.
    • An Application Secret, either a password or a public/private key pair (certificate).
    • A Redirect URL for your service to receive token responses from Azure AD.
    • A Redirect URL for your service to receive admin consent responses if your app implements functionality to request administrator consent.
  • Give the app appropriate permissions.
  • Save. This now creates a client ID and app Secret you can use for auth with SPO.

This seems to work fine. Great!

But we noticed there is login configurations that take Private key, such as this login endpoint:

siteUrl    Site for which the ClientContext object will be instantiated
clientId    The Azure AD Application Client ID
Tenant    The Azure AD Tenant, e.g. mycompany.onmicrosoft.com
storeName    The name of the store for the certificate
storeLocation    The location of the store for the certificate
thumbprint    The thumbprint of the certificate to locate in the store
certificatePath    The path to the certificate (*.pfx) file on the file system
certificatePassword    Password to the certificate

It says:

Gets a sharepoint client context using Azure Active Directory App Only Authentication. This requires that you have a certificate created, and updated the key credentials key in the application manifest in the azure AD accordingly.

We can tell our app integrator customers are going to want this approach because PFX is in general more secure than a appSecret.

But we cannot find any documentation for setting up SPO App-only access with this type of login configuration.

Does anyone know what the steps are to configure your SPO to do this?

Labels:
1,644 Views
0 Likes
0 Replies
Reply
0 Replies