How to configure SPO to do app-only auth with PFX private key?

Highlighted
Occasional Contributor

We are trying to set up SharePoint online app-only access. We are writing a C# application using https://github.com/SharePoint/PnP-Sites-Core

The first thing we did was we (successfully) tested this login configuration endpoint that takes the following inputs:

siteUrl    Site for which the ClientContext object will be instantiated
appId    Application ID which is requesting the ClientContext object
appSecret Application secret of the Application which is requesting the ClientContext object

(Reference https://www.c-sharpcorner.com/article/authenticate-sharepoint-using-pnp-authentication-manager/)

We were able to set up the application by doing these steps:

  • Go to https://apps.dev.microsoft.com/#/appList
  • Click "Add an app"
  • Enter the following:

    • The Application ID (also known as client_id) assigned by the app registration portal.
    • An Application Secret, either a password or a public/private key pair (certificate).
    • A Redirect URL for your service to receive token responses from Azure AD.
    • A Redirect URL for your service to receive admin consent responses if your app implements functionality to request administrator consent.
  • Give the app appropriate permissions.
  • Save. This now creates a client ID and app Secret you can use for auth with SPO.

This seems to work fine. Great!

But we noticed there is login configurations that take Private key, such as this login endpoint:

siteUrl    Site for which the ClientContext object will be instantiated
clientId    The Azure AD Application Client ID
Tenant The Azure AD Tenant, e.g. mycompany.onmicrosoft.com storeName The name of the store for the certificate storeLocation The location of the store for the certificate thumbprint The thumbprint of the certificate to locate in the store certificatePath The path to the certificate (*.pfx) file on the file system certificatePassword Password to the certificate

It says:

Gets a sharepoint client context using Azure Active Directory App Only Authentication. This requires that you have a certificate created, and updated the key credentials key in the application manifest in the azure AD accordingly.

We can tell our app integrator customers are going to want this approach because PFX is in general more secure than a appSecret.

But we cannot find any documentation for setting up SPO App-only access with this type of login configuration.

Does anyone know what the steps are to configure your SPO to do this?

0 Replies