Jan 30 2018 02:53 AM
I am working on migrating a SharePoint 2016 on-prem solution to SharePoint Online.
In the on-prem solution we use Secure Store with a configured Individual target application to store individual users credentials for connecting to an external third-party API.
Now, since the Individual target application option is not available in Secure Store in SharePoint Online and the Secure Store doesn't seem accesible from CSOM, I need to find an alternative to this.
Has anyone got any suggestions on how to securely store and retrieve individual users credentials for connection from a provider-hosted add-in to a third-party API?
Thanks in advance,
Patrik
Jan 30 2018 08:41 PM
Hey - great question!
I havent done anything like it, but I am guessing the answer would be to use an Azure service liek Key Vault (https://azure.microsoft.com/en-us/services/key-vault/) to store the encrypted credentials in.
I have only had the briefest of looks at it, but it does appear to have a REST API that you can call, and requires registering your client application etc in order to authenticate (https://docs.microsoft.com/en-gb/rest/api/index#register-your-client-application-with-azure-ad)
Would be very interested in hearing about what solution you come up with, and the pro's and con's as I am sure I will have to tackle this problem with some of the projects I have coming up
Thanks
Nigel
Feb 01 2018 01:59 AM
Thanks for the response!
I have also thought about Azure Key Vault but thought I would ask around first before digging into it.
A few things I have seen with Key Vault that is better handled when using individual target applications in Secure Store is (as far as I can tell right now with my limited experience with Key Vault):
Regards,
Patrik