LogoLogo
GoDocGitHub
  • Introduction
  • FAQ
  • Authentication strategies
    • Overview
    • Strategies
      • Azure Certificate Auth
      • Azure Creds Auth
      • Azure Env-based Auth
      • Azure Device Flow
      • SAML Auth
      • AddIn Only
        • Configuration
      • NTLM Auth
      • NTLM (alternative)
      • On-Demand Auth
      • ADFS Auth
      • FBA Auth
      • TMG Auth
      • Anonymous
    • Dynamic auth
    • Custom Auth
  • SharePoint client
    • HTTP Client
    • Fluent API
    • Hooks
    • Retries
    • Context
  • Samples
    • Library Initiation
    • Basic CRUD
    • Documents
    • Chunk upload
    • Permissions
    • Groups & Users
    • Search API
    • User Profiles
    • Change API
    • Attachments
    • Record Management
    • Sending Emails
    • Property Bags
    • Recycle Bin
    • Feature management
    • Advanced item requests
    • Advanced add/update
    • Unmarshaling responses
  • Sandbox
    • Overview
  • Utilities
    • Headers presets
    • Cpass
    • Compatibility matrix
  • Contributing
    • Overview
    • Testing
Powered by GitBook
On this page
  • Azure App registration
  • Auth configuration and usage
  • Environment variables auto-injection

Was this helpful?

Edit on GitHub
Export as PDF
  1. Authentication strategies
  2. Strategies

Azure Env-based Auth

Azure AD environment-based authentication

PreviousAzure Creds AuthNextAzure Device Flow

Last updated 2 years ago

Was this helpful?

Azure App registration

1. Create or use existing app registration

2. Make sure that the app is configured for a specific auth scenario:

  • Client credentials (might not work with SharePoint but require a Certificate-based auth)

  • Certificate

  • Username/Password (public clients flows must be enabled)

  • Managed identity

Follow instructions:

  • O365 Admin -> Azure Active Directory

  • Generate self-signed certificate

# PowerShell, run on a Windows machine
$certName = "MyCert"
$password = "MyPassword"

$startDate = Get-Date
$endDate = (Get-Date).AddYears(5)
$securePass = (ConvertTo-SecureString -String $password -AsPlainText -Force)

.\Create-SelfSignedCertificate.ps1 -CommonName $certName -StartDate $startDate -EndDate $endDate -Password $securePass

or on a Linux or macOS client via openssl:

chmod +x ./Create-SelfSignedCertificate.sh
./Create-SelfSignedCertificate.sh
  • New App Registration

    • Accounts in this organizational directory only

    • API Permissions -> SharePoint :: Application :: Sites.FullControl.All -> Grant Admin Consent

    • Certificates & Secrets -> Upload .cer file

  • Use environment variables to provide creds bindings:

    • AZURE_TENANT_ID - Directory (tenant) ID in App Registration

    • AZURE_CLIENT_ID - Application (client) ID in App Registration

    • For certificate-base auth:

      • AZURE_CERTIFICATE_PATH - path to .pfx file

      • AZURE_CERTIFICATE_PASSWORD - password used for self-signed certificate

    • For username/password auth:

      • AZURE_USERNAME

      • AZURE_PASSWORD

Auth configuration and usage

package main

import (
    "fmt"
    "log"
    "os"

    "github.com/koltyakov/gosip"
    "github.com/koltyakov/gosip/api"
    strategy "github.com/koltyakov/gosip-sandbox/strategies/azureenv"
)

func main() {

    // os.Setenv("AZURE_TENANT_ID", "b1bacba7-c38a-414b-8c8b-65df26a15749")
    // os.Setenv("AZURE_CLIENT_ID", "8ca10ce6-c3d5-47c6-b803-0ef3b619f464")
    // os.Setenv("AZURE_CERTIFICATE_PATH", "/path/to/cert.pfx")
    // os.Setenv("AZURE_CERTIFICATE_PASSWORD", "cert-password")

    authCnfg := &strategy.AuthCnfg{
        SiteURL: os.Getenv("SPAUTH_SITEURL"),
    }

    client := &gosip.SPClient{AuthCnfg: authCnfg}
    sp := api.NewSP(client)

    res, err := sp.Web().Select("Title").Get()
    if err != nil {
        log.Fatal(err)
    }

    fmt.Printf("Site title: %s\n", res.Data().Title)

}

Environment variables auto-injection

Environment variables can be automatically injected in a runtime for Azure AAD library. To use injection add correcponding environment variables in private.json into env JSON property:

{
  "siteUrl": "https://contoso.sharepoint.com/sites/site",
  "env": {
    "AZURE_TENANT_ID": "1efde0dc-21f5-4d3d-a053-1da762c7838c",
    "AZURE_CLIENT_ID": "7278fe9b-acd5-4be5-b688-999603560d31",
    "AZURE_CERTIFICATE_PATH": "./certs/MyCert.pfx",
    "AZURE_CERTIFICATE_PASSWORD": "MyPassword"
  }
}

Get .

https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
scripts