Suppose, you would like to have the remote components of a provider-hosted SharePoint Add-in to interact with SharePoint using OAuth, what should you do? You should first register with the Azure ACS cloud-based service and the SharePoint App Management Service of the tenancy or farm. Let us now dive straight into how to register/unregister SharePoint add-ins.
To register an app into office 365 tenancy we use the layouts/appregnew.aspx page which is a standard old way of doing it. But, I thought there should be some smarter way to do it. After much research, I got a scenario to automate this process using a deployment package. I was searching for a while in the internet and got few stuffs like updating expiring Client Secret etc. More on that here: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in
I have used MSOLService from AzureAD powershell package to register the SharePoint Add-in Office365 tenancy. Here is how to register an Add-in.
- Download the AzureAD powershell package from this link.
- Run the below PS Script after mentioning the Client ID, app name, app domain and the app redirect URL.
- Provide your Global administrator username and password while connecting to MSOLService.
$bytes = New-Object Byte 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$appName="Your App Name"
$servicePrincipalName = @("$clientID/$appDomain")
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(3)
New-MsolServicePrincipal -ServicePrincipalNames $servicePrincipalName -AppPrincipalId $clientID -DisplayName $appName -Type Symmetric -Usage Verify -Value $newClientSecret -Addresses (New-MsolServicePrincipalAddresses -Address $appUrl) -StartDate $dtStart –EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart –EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart –EndDate $dtEnd
To unregister the Add-in you can use the below script. Make sure that you are providing the global admin credentials as we already gave while registering.
$appPrincipal = Get-MsolServicePrincipal -ServicePrincipalName $clientID
Remove-MsolServicePrincipal -ObjectId $appPrincipal.ObjectId
Hope you find this little trick useful. Let me know your thoughts, and if you are held up somewhere, don’t feel shy to ask. I am here available for you in the comments section below.