Azure Certificate Auth
Azure AD Certificate authentication
1. Create or use existing app registration
2. Make sure that the app is configured for a specific auth scenario:
- Certificate
- O365 Admin -> Azure Active Directory
- Generate self-signed certificate
# PowerShell, run on a Windows machine
$certName = "MyCert"
$password = "MyPassword"
$startDate = Get-Date
$endDate = (Get-Date).AddYears(5)
$securePass = (ConvertTo-SecureString -String $password -AsPlainText -Force)
.\Create-SelfSignedCertificate.ps1 -CommonName $certName -StartDate $startDate -EndDate $endDate -Password $securePass
or on a Linux or macOS client via
openssl:chmod +x ./Create-SelfSignedCertificate.sh
./Create-SelfSignedCertificate.sh
- New App Registration
- Accounts in this organizational directory only
- API Permissions -> SharePoint :: Application :: Sites.FullControl.All -> Grant Admin Consent
- Certificates & Secrets -> Upload
.cerfile
private.json sample:{
"siteUrl": "https://contoso.sharepoint.com/sites/test",
"tenantId": "e4d43069-8ecb-49c4-8178-5bec83c53e9d",
"clientId": "628cc712-c9a4-48f0-a059-af64bdbb4be5",
"certPath": "cert.pfx",
"certPass": "password"
}
package main
import (
"fmt"
"log"
"os"
"github.com/koltyakov/gosip"
"github.com/koltyakov/gosip/api"
strategy "github.com/koltyakov/gosip/auth/azurecert"
)
func main() {
// authCnfg := &strategy.AuthCnfg{
// SiteURL: os.Getenv("SPAUTH_SITEURL"),
// TenantID: os.Getenv("AZURE_TENANT_ID"),
// ClientID: os.Getenv("AZURE_CLIENT_ID"),
// CertPath: os.Getenv("AZURE_CERTIFICATE_PATH"),
// CertPass: os.Getenv("AZURE_CERTIFICATE_PASSWORD"),
// }
// or using `private.json` creds source
authCnfg := &strategy.AuthCnfg{}
configPath := "./config/private.json"
if err := authCnfg.ReadConfig(configPath); err != nil {
log.Fatalf("unable to get config: %v", err)
}
client := &gosip.SPClient{AuthCnfg: authCnfg}
sp := api.NewSP(client)
res, err := sp.Web().Select("Title").Get()
if err != nil {
log.Fatal(err)
}
fmt.Printf("Site title: %s\n", res.Data().Title)
}
Last modified 1mo ago