SharePoint Add-Ins will stop working for new tenants as of November 1st, 2024 and they will stop working for existing tenants and will be fully retired as of April 2nd, 2026. See more.
Struct
typeAuthCnfgstruct {// SPSite or SPWeb URL, which is the context target for the API calls SiteURL string`json:"siteUrl"`// Client ID obtained when registering the AddIn ClientID string`json:"clientId"`// Client Secret obtained when registering the AddIn ClientSecret string`json:"clientSecret"`// Your SharePoint Online tenant ID (optional) Realm string`json:"realm"`}
Realm can be left empty or filled in, that will add small performance improvement. The easiest way to find tenant is to open SharePoint Online site collection, click Site Settings -> Site App Permissions. Taking any random app, the tenant ID (realm) is the GUID part after the @.
packagemainimport ("log"// "os""github.com/koltyakov/gosip" strategy "github.com/koltyakov/gosip/auth/addin")funcmain() {// authCnfg := &strategy.AuthCnfg{// SiteURL: os.Getenv("SPAUTH_SITEURL"),// ClientID: os.Getenv("SPAUTH_CLIENTID"),// ClientSecret: os.Getenv("SPAUTH_CLIENTSECRET"),// }// or using `private.json` creds source authCnfg :=&strategy.AuthCnfg{} configPath :="./config/private.json"if err := authCnfg.ReadConfig(configPath); err !=nil { log.Fatalf("unable to get config: %v", err) } client :=&gosip.SPClient{AuthCnfg: authCnfg}// use client in raw requests or bind it with Fluent API ...}
Extending client secrets
It's important to know that the legacy AddIn authentication's Client Secrets are issued for a limited time. After expiration, if not managed right way there is a risk to get a service connection aunothorized with the following message:
AADSTS7000222: The provided client secret keys for app '***' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds.
Install-Module-Name Microsoft.Online.SharePoint.PowerShell $adminUPN="<the full email address of a SharePoint administrator account, example: jdoe@contosotoycompany.onmicrosoft.com>"$orgName="<name of your Office 365 organization, example: contosotoycompany>"$userCredential =Get-Credential-UserName $adminUPN -Message "Type the password."Connect-SPOService-Url https://$orgName-admin.sharepoint.com-Credential $userCredential set-spotenant-DisableCustomAppAuthentication $false