Azure Certificate Auth
Azure AD Certificate authentication
This article is the sample showing Gosip custom auth with AAD Certificate Authorization.

Custom auth implementation

Checkout the code.

Azure App registration

1. Create or use existing app registration
2. Make sure that the app is configured for a specific auth scenario:
  • Certificate
  • O365 Admin -> Azure Active Directory
  • Generate self-signed certificate
1
# PowerShell, run on a Windows machine
2
$certName = "MyCert"
3
$password = "MyPassword"
4
5
$startDate = Get-Date
6
$endDate = (Get-Date).AddYears(5)
7
$securePass = (ConvertTo-SecureString -String $password -AsPlainText -Force)
8
9
.\Create-SelfSignedCertificate.ps1 -CommonName $certName -StartDate $startDate -EndDate $endDate -Password $securePass
Copied!
or on a Linux or macOS client via openssl:
1
chmod +x ./Create-SelfSignedCertificate.sh
2
./Create-SelfSignedCertificate.sh
Copied!
Get scripts.
  • New App Registration
    • Accounts in this organizational directory only
    • API Permissions -> SharePoint :: Application :: Sites.FullControl.All -> Grant Admin Consent
    • Certificates & Secrets -> Upload .cer file

JSON

private.json sample:
1
{
2
"siteUrl": "https://contoso.sharepoint.com/sites/test",
3
"tenantId": "e4d43069-8ecb-49c4-8178-5bec83c53e9d",
4
"clientId": "628cc712-c9a4-48f0-a059-af64bdbb4be5",
5
"certPath": "cert.pfx",
6
"certPass": "password"
7
}
Copied!

Usage sample

1
package main
2
3
import (
4
"fmt"
5
"log"
6
"os"
7
8
"github.com/koltyakov/gosip"
9
"github.com/koltyakov/gosip/api"
10
strategy "github.com/koltyakov/gosip-sandbox/strategies/azurecert"
11
)
12
13
func main() {
14
15
// authCnfg := &strategy.AuthCnfg{
16
// SiteURL: os.Getenv("SPAUTH_SITEURL"),
17
// TenantID: os.Getenv("AZURE_TENANT_ID"),
18
// ClientID: os.Getenv("AZURE_CLIENT_ID"),
19
// CertPath: os.Getenv("AZURE_CERTIFICATE_PATH"),
20
// CertPass: os.Getenv("AZURE_CERTIFICATE_PASSWORD"),
21
// }
22
// or using `private.json` creds source
23
24
authCnfg := &strategy.AuthCnfg{}
25
configPath := "./config/private.json"
26
if err := authCnfg.ReadConfig(configPath); err != nil {
27
log.Fatalf("unable to get config: %v", err)
28
}
29
30
client := &gosip.SPClient{AuthCnfg: authCnfg}
31
sp := api.NewSP(client)
32
33
res, err := sp.Web().Select("Title").Get()
34
if err != nil {
35
log.Fatal(err)
36
}
37
38
fmt.Printf("Site title: %s\n", res.Data().Title)
39
40
}
Copied!
Last modified 10mo ago