Azure Env-based Auth

Azure App registration

1. Create or use existing app registration

2. Make sure that the app is configured for a specific auth scenario:

• Client credentials (might not work with SharePoint but require a Certificate-based auth)

• Certificate

• Username/Password (public clients flows must be enabled)

• Managed identity

Follow instructions: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

• O365 Admin -> Azure Active Directory

• Generate self-signed certificate

# PowerShell, run on a Windows machine
$certName = "MyCert"
$password = "MyPassword"

$startDate = Get-Date
$endDate = (Get-Date).AddYears(5)
$securePass = (ConvertTo-SecureString -String $password -AsPlainText -Force)

.\Create-SelfSignedCertificate.ps1 -CommonName $certName -StartDate $startDate -EndDate $endDate -Password $securePass

or on a Linux or macOS client via openssl:

• New App Registration

  • Accounts in this organizational directory only

  • API Permissions -> SharePoint :: Application :: Sites.FullControl.All -> Grant Admin Consent

  • Certificates & Secrets -> Upload .cer file

• Use environment variables to provide creds bindings:

  • AZURE_TENANT_ID - Directory (tenant) ID in App Registration

  • AZURE_CLIENT_ID - Application (client) ID in App Registration

  • For certificate-base auth:

    • AZURE_CERTIFICATE_PATH - path to .pfx file

    • AZURE_CERTIFICATE_PASSWORD - password used for self-signed certificate

  • For username/password auth:

    • AZURE_USERNAME

    • AZURE_PASSWORD

Auth configuration and usage

Environment variables auto-injection

Environment variables can be automatically injected in a runtime for Azure AAD library. To use injection add correcponding environment variables in private.json into env JSON property: