Legacy SharePoint App Registration¶
This section outlines how to register for a client id and secret for use in the above code.
Due to a recent change in how SPO is configured NEW tenants will have ACS authentication disabled by default. You can read more details in this article. For testing we recommend using MSAL Certificate Authentication.
Register An Add-In¶
Before you can begin running tests you need to register a low-trust add-in with SharePoint. This is primarily designed for Office 365, but can work on-premises if you configure your farm accordingly.
- Navigation to {site url}/_layouts/appregnew.aspx
- Click "Generate" for both the Client Id and Secret values
- Give you add-in a title, this can be anything but will let you locate it in the list of add-in permissions
- Provide a fake value for app domain and redirect uri
- Click "Create"
- Copy the returned block of text containing the client id and secret as well as app name for your records and later in this article.
Grant Your Add-In Permissions¶
Now that we have created an add-in registration we need to tell SharePoint what permissions it can use. Due to an update in SharePoint Online you now have to register add-ins with certain permissions in the admin site.
- Navigate to {admin site url}/_layouts/appinv.aspx
- Paste your client id from the above section into the App Id box and click "Lookup"
- You should see the information populated into the form from the last section, if not ensure you have the correct id value
- Paste the below XML into the permissions request xml box and hit "Create"
- You should get a confirmation message.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />
</AppPermissionRequests>
Note that the above XML will grant full tenant control. This is OK for testing, but you should grant only those permissions necessary for your application in production.