Upload spfx solution to app catalog and Azure AD App Certificate

Summary

This sample demonstrates how to upload spfx solution to app catalog using CLI for Microsoft 365 and Azure AD App created with certificate authentication.

Outupt Screenshot

CLI for Microsoft 365


#create self signed certificate
function CreateSelfSignedCertificate{

    $cert = New-SelfSignedCertificate -Subject "CN=$CommonName" -FriendlyName $CommonName -NotBefore $StartDate -NotAfter $EndDate  -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

    # Export Certificate from Variable to cert file to the location where script is executed
    Export-Certificate -Cert $cert -FilePath ".\$CommonName.cer"

    # Secure the file with password for enhanced security
    $mypwd = ConvertTo-SecureString -String "$Password" -Force -AsPlainText

    # Exporting the file to PFX file with Password
    Export-PfxCertificate -Cert $cert -FilePath ".\$CommonName.pfx" -Password $mypwd
}

$CommonName= "My App Certificate"
$StartDate= "2023-07-27"
$EndDate= "2045-12-31"
$Password = "yourPassword"
$TenantId = "yourTenantId"
$PathToSpfxApp = "spfx-solution.sppkg"

CreateSelfSignedCertificate -CommonName $CommonName -StartDate $StartDate -EndDate $EndDate -Password $Password

# create aad app and grant permissions to graph and sharepoint
m365 login 
$appName = "AAD app demo"
$app = m365 aad app add --name $appName  --certificateDisplayName "Certification" --certificateFile "$CommonName.cer" --apisApplication 'https://graph.microsoft.com/Sites.Read.All,https://microsoft.sharepoint-df.com/Sites.FullControl.All' --grantAdminConsent
$appId = $app | ConvertFrom-Json | select -ExpandProperty  appId 

# grant permissions to site
$site = "https://tenant.sharepoint.com/sites/SiteColectionName"
m365 spo site apppermission add --appId $appId --permission fullcontrol --siteUrl $site 

# login to sharepoint using app
m365 login --authType certificate --certificateFile "$CommonName.pfx" --password $Password --appId $appId --tenant $TenantId
m365 spo set --url $site
m365 status

# upload sppkg to app catalog
m365 spo app add --filePath $PathToSpfxApp --overwrite --verbose

Check out the CLI for Microsoft 365 to learn more at: https://aka.ms/cli-m365

Important changes coming to the way you login into CLI for Microsoft 365 (effective 9th September 2024) see Changes in PnP Management Shell registration in Microsoft 365

Contributors

Author(s)
Valeras Narbutas

Disclaimer

THESE SAMPLES ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.