tag:blogger.com,1999:blog-4455058894110083658.post694786855762059303..comments2024-02-26T22:59:25.161+00:00Comments on Vardhaman Deshpande: Working with Application Permissions (App-Only Auth) in SharePoint Online and the Microsoft GraphVardhaman Deshpandehttp://www.blogger.com/profile/17919845281919756108noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4455058894110083658.post-31717734797532819022020-06-26T00:07:41.400+01:002020-06-26T00:07:41.400+01:00Yes that is possible unless the compromised client...Yes that is possible unless the compromised client secret is revoked. That's why for production scenarios, it's recommended to store the client secrets securely in Azure Key Vault for example.Vardhaman Deshpandehttps://www.blogger.com/profile/17919845281919756108noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-2703436594343684732020-05-29T15:50:08.666+01:002020-05-29T15:50:08.666+01:00Trying to understand security implications with Ap...Trying to understand security implications with App registrations, as I read through the API permissions descriptions i see for example ReadWriteAll - Edit or delete items in all site collections. Does this mean that any external source using this registered app if compromised can delete files from any site?Anonymoushttps://www.blogger.com/profile/12087129512072215187noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-14868806206559131182020-04-02T15:40:23.409+01:002020-04-02T15:40:23.409+01:00Hi vardhman,
Thanks for the wonderful information...Hi vardhman,<br /><br />Thanks for the wonderful information!!!<br /><br />Can we provision modern team site with group, using the code mentioned in "1) Interact with data from SharePoint Online with an Azure AD App Registration"?Vicky Bhttps://www.blogger.com/profile/14747523382818626666noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-5958543274173871492019-10-01T06:59:08.118+01:002019-10-01T06:59:08.118+01:00No write access to taxonomy! Why M$ why???!!!
I ca...No write access to taxonomy! Why M$ why???!!!<br />I can't describe how disappointed I was to only discover this article AFTER spending 3 days writing an Azure Function to create/update terms in the Managed Metadata Service for my SharePoint Online instance...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-27607097713283278472019-08-09T07:06:00.414+01:002019-08-09T07:06:00.414+01:00Hi!
Is there any way to list/debug permissions gr...Hi!<br /><br />Is there any way to list/debug permissions granted to an Add-In app principal? So the one created with appregnew.aspx. I have used dozens of hours for trying to generate principal with single document library permissions . I can receive access token successfully with Postman, but getting "Access denied. You do not have permission to perform this action or access this resource." error when trying to access documents. Then, after I grant more permissions to principal including the permissions to the parent site, I suddenly sometimes can access the documents. It is super weird that it seems to be impossible to see what permissions app principal have.<br /><br />Also, I haven't found any way to delete the app principal. Yes, I can press the delete button in appprincipals.aspx, but it is still possible to request an access token for it. I found this interface from Microsoft embarrassingly complex to use.<br /><br />Any help would be very appreciated!<br /><br />Paulus LimmaPaulus Limmahttps://www.blogger.com/profile/11076950999524144613noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-66717309704972296982019-03-26T10:23:27.337+00:002019-03-26T10:23:27.337+00:00Hi Vardhaman,
Have you come across this exception...Hi Vardhaman,<br /><br />Have you come across this exception before when getting azure function working with clientid and certificate? <br /><br />Exception: System.ArgumentNullException: Value cannot be null.<br />Parameter name: certificate<br /> at Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate..ctor(String clientId, X509Certificate2 certificate)<br /><br />Regards,<br />SwethaSwethahttps://www.blogger.com/profile/08166302500429474237noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-27571815584572238852019-02-11T15:52:50.702+00:002019-02-11T15:52:50.702+00:00Thanks for your explanations, exactly the post I w...Thanks for your explanations, exactly the post I was looking for. However after having read it, I still have a question about App-Only Auth, quite specific as it concerns Office 365 Video API (which is a SharePoint API under the hood from what I understood) : how does App-Only works with the Office 365 video API.<br /><br />In order to query the Office Video API, I took the SharePoint Add-In Registration approach. I was able to retrieve a valid token that allowed me to list all the channels on my Office Video SharePoint site (GET {VideoPortalURL}/_api/VideoService/Channels). However when I try to list the videos on an Office Video channel, I receive a 403. Is the Sharepoint Add-In approach not the correct one ?Alexandrehttps://www.blogger.com/profile/11743601034452893863noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-49289139227560434732019-01-02T11:28:21.493+00:002019-01-02T11:28:21.493+00:00How about User Delegated Permission for Microsoft ...How about User Delegated Permission for Microsoft Graph API to create MS Teams? gghttps://www.blogger.com/profile/00033793109590428614noreply@blogger.comtag:blogger.com,1999:blog-4455058894110083658.post-18957341673724716162019-01-02T09:00:25.608+00:002019-01-02T09:00:25.608+00:00Hi Vardhaman,
Really helpful blog. Does the same ...Hi Vardhaman,<br /><br />Really helpful blog. Does the same apply while working in SPFx?<br /><br />Thanks & Regards<br /> Pradeep KhotPradeep Khothttps://www.blogger.com/profile/18380715799846418665noreply@blogger.com