Today new topic to discuss – SharePoint Add-in registration.
Background: We have one use cases where we need to create one Site Collection and few lists in it programmatically. We have decided to write the console application and use CSOM, connect to our Office 365 tenant and do our job.
Traditional way to connect with Office 365 tenant is using admin credentials (user credentials) and do our job.
Problem with approach for connecting Office 365 using user credentials: If we connect Office 365 with Admin / User credentials and in case user left the organization then we need to always keep changing the respective credentials. Same is the case in case we have password change policy for our organization. Also, if there is multi-factor authentication is enabled then there is different way to connect Office 365 tenant. Please check this mine article – Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
Alternative Solution: Another alternative to above problem is rather than using user credentials to connect Office 365 tenant, we should use SharePoint Add-In to connect to Office 365 tenant.
To use SharePoint Add-In to connect to Office 365 we need to register the SharePoint Add-In and need to give the permissions to our SharePoint Add-In.
In this article, we will discuss how to register SharePoint Add-In from UI. This we require when we access the SharePoint features / components on behalf of SharePoint add-in.
Registering SharePoint Add-In: We can register SharePoint Add-In by several ways but here we will discuss using “AppRegNew.aspx” page. Following is the URL for registering the SharePoint Add-in as
Following are field details we need to fill on the form:
Client Id: Add-in ID – a GUID. Unique identifier for our SharePoint Add-in. We can generate it by clicking on “Generate” button as shown in fig 1.
Client Secret: Add-in Secret. Password for Add-in. We can generate it by clicking on “Generate” button as shown in fig 1. Client secret for the SharePoint Add-in we registered using this page expires after one year. We can replace an expiring client secret in SharePoint add-in. Please refer the article for more details – https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in
Title: A Title of SharePoint Add-in. This title appears as the name of the add-in on the consent form when we give the permissions.
App Domain: Host name.
Redirect URI: SharePoint Add-in don’t use this value. This value is required for the web applications that are launched outside the SharePoint.
After we clicked “Create” button, if everything is OK we get the success message and our Add-in details.
What happens once we registered the Add-in:
- Once we registered the Add-in, it is security principal and has an identity same as users and groups.
- This identity is also called as Add-in principal.
- We can assign permissions for Tenant, Site Collection, Web etc. to this Add-in to perform the respective operations or to access the SharePoint features.
- All Add-in details – client ID, client secret, add-in domain, and redirect URI is registered with authorization server, Microsoft Azure Access Control Service (ACS).
Next Steps: Next we will discuss how to assign permissions to our SharePoint Add-in. How to use SharePoint Add-in to fetch the SharePoint components like Site, Web, List, Libraries etc. We will also discuss permission policies.
Thanks for reading 🙂
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.