LogoLogo
GoDocGitHub
  • Introduction
  • FAQ
  • Authentication strategies
    • Overview
    • Strategies
      • Azure Certificate Auth
      • Azure Creds Auth
      • Azure Env-based Auth
      • Azure Device Flow
      • SAML Auth
      • AddIn Only
        • Configuration
      • NTLM Auth
      • NTLM (alternative)
      • On-Demand Auth
      • ADFS Auth
      • FBA Auth
      • TMG Auth
      • Anonymous
    • Dynamic auth
    • Custom Auth
  • SharePoint client
    • HTTP Client
    • Fluent API
    • Hooks
    • Retries
    • Context
  • Samples
    • Library Initiation
    • Basic CRUD
    • Documents
    • Chunk upload
    • Permissions
    • Groups & Users
    • Search API
    • User Profiles
    • Change API
    • Attachments
    • Record Management
    • Sending Emails
    • Property Bags
    • Recycle Bin
    • Feature management
    • Advanced item requests
    • Advanced add/update
    • Unmarshaling responses
  • Sandbox
    • Overview
  • Utilities
    • Headers presets
    • Cpass
    • Compatibility matrix
  • Contributing
    • Overview
    • Testing
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Authentication strategies
  2. Strategies
  3. AddIn Only

Configuration

AddIn Configuration and Permissions

PreviousAddIn OnlyNextNTLM Auth

Last updated 2 years ago

Was this helpful?

For AddIn Only authentication to work register new addin within your SharePoint Online tenant.

  • Navigate to app registration page: https://{organization}.sharepoint.com/sites/{site}/_layouts/15/appregnew.aspx

  • Click "Generate" button next to Client Id and Client Secret, fill in Title, App Domain, Redirect URI (you can type in any values you want).

  • Copy Client Id and Client Secret and press "Create" button.

  • Apply permissions for the app on tenant or site collection level.

Tenant scoped parmissions

https://{organization}-admin.sharepoint.com/_layouts/15/appinv.aspx

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest
    Scope="http://sharepoint/content/tenant"
    Right="FullControl" />
</AppPermissionRequests>

Site collection scoped permissions

https://{organization}.sharepoint.com/sites/{site}/_layouts/15/appinv.aspx

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest
    Scope="http://sharepoint/content/sitecollection"
    Right="FullControl" />
</AppPermissionRequests>
  • Resolve addin by Client Id and paste in App's Permissions Request XML:

  • Click "Create" and "Trust It".

To check which app principals are assigned for a site collection use:

https://{organization}.sharepoint.com/sites/{site}/_layouts/15/appprincipals.aspx

Disabled by default

In new subscriptions you could be needed to enable Grant App Permission. Connect to SharePoint using Windows PowerShell and then run:

set-spotenant -DisableCustomAppAuthentication $false.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell  
$adminUPN="<the full email address of a SharePoint administrator account, example: jdoe@contosotoycompany.onmicrosoft.com>"  
$orgName="<name of your Office 365 organization, example: contosotoycompany>"  
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."  
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential  
set-spotenant -DisableCustomAppAuthentication $false