Authentication strategies
SharePoint client
Samples
Sandbox
Azure Env-based Auth
Azure AD environment-cased authentication
Custom auth implementation
Azure App registration
1. Create or use existing app registration
2. Make sure that the app is configured for a specific auth scenario:
- Client credentials (might not work with SharePoint but require a Certificate-based auth)
- Certificate
- Username/Password (public clients flows must be enabled)
- Managed identity
Follow instructions: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureadโ
- O365 Admin -> Azure Active Directory
- Generate self-signed certificate
1
# PowerShell, run on a Windows machine
2
$certName = "MyCert"
3
$password = "MyPassword"
4
โ
5
$startDate = Get-Date
6
$endDate = (Get-Date).AddYears(5)
7
$securePass = (ConvertTo-SecureString -String $password -AsPlainText -Force)
8
โ
9
.\Create-SelfSignedCertificate.ps1 -CommonName $certName -StartDate $startDate -EndDate $endDate -Password $securePass
Copied!
or on a Linux or macOS client via
openssl:1
chmod +x ./Create-SelfSignedCertificate.sh
2
./Create-SelfSignedCertificate.sh
Copied!
- New App Registration
- Accounts in this organizational directory only
- API Permissions -> SharePoint :: Application :: Sites.FullControl.All -> Grant Admin Consent
- Certificates & Secrets -> Upload
.cerfile
- Use environment variables to provide creds bindings:
AZURE_TENANT_ID- Directory (tenant) ID in App RegistrationAZURE_CLIENT_ID- Application (client) ID in App Registration- For certificate-base auth:
AZURE_CERTIFICATE_PATH- path to.pfxfileAZURE_CERTIFICATE_PASSWORD- password used for self-signed certificate
- For username/password auth:
AZURE_USERNAMEAZURE_PASSWORD
Auth configuration and usage
1
package main
2
โ
3
import (
4
"fmt"
5
"log"
6
"os"
7
โ
8
"github.com/koltyakov/gosip"
9
"github.com/koltyakov/gosip/api"
10
strategy "github.com/koltyakov/gosip-sandbox/strategies/azureenv"
11
)
12
โ
13
func main() {
14
โ
15
// os.Setenv("AZURE_TENANT_ID", "b1bacba7-c38a-414b-8c8b-65df26a15749")
16
// os.Setenv("AZURE_CLIENT_ID", "8ca10ce6-c3d5-47c6-b803-0ef3b619f464")
17
// os.Setenv("AZURE_CERTIFICATE_PATH", "/path/to/cert.pfx")
18
// os.Setenv("AZURE_CERTIFICATE_PASSWORD", "cert-password")
19
โ
20
authCnfg := &strategy.AuthCnfg{
21
SiteURL: os.Getenv("SPAUTH_SITEURL"),
22
}
23
โ
24
client := &gosip.SPClient{AuthCnfg: authCnfg}
25
sp := api.NewSP(client)
26
โ
27
res, err := sp.Web().Select("Title").Get()
28
if err != nil {
29
log.Fatal(err)
30
}
31
โ
32
fmt.Printf("Site title: %s\n", res.Data().Title)
33
โ
34
}
Copied!
Environment variables auto-injection
Environment variables can be automatically injected in a runtime for Azure AAD library. To use injection add correcponding environment variables in
private.json into env JSON property:1
{
2
"siteUrl": "https://contoso.sharepoint.com/sites/site",
3
"env": {
4
"AZURE_TENANT_ID": "1efde0dc-21f5-4d3d-a053-1da762c7838c",
5
"AZURE_CLIENT_ID": "7278fe9b-acd5-4be5-b688-999603560d31",
6
"AZURE_CERTIFICATE_PATH": "./certs/MyCert.pfx",
7
"AZURE_CERTIFICATE_PASSWORD": "MyPassword"
8
}
9
}
Copied!
Last modified 1yr ago
Export as PDF
Copy link