PnP PowerShell: Connect-PnPOnline using AppID and AppSecret

Requirement: Connect to SharePoint Online using PnP PowerShell Connect-PnPOnline with AppID and AppSecret

I have a PnP PowerShell script scheduled in the Windows Task scheduler that runs for every 5 minutes. I need the script to connect to SharePoint Online unattended. Although I can store user name and passwords in the script, I don't want to do that as the passwords are regularly updated by our company policy.

How to Connect to SharePoint Online using PnP PowerShell AppID and AppSecret? 
The App method of authenticating allows us to run scripts without prompting username and password. Here are the steps to create a new app in SharePoint Online:

Step 1: Register a SharePoint App Principal
Register a new app in the app registry. Say, you need to connect to SharePoint Online site "https://tenant.sharepoint.com/sites/marketing", Navigate to the URL: https://tenant.sharepoint.com/Sites/Marketing/_layouts/15/AppRegNew.aspx ,
and register a new app principal:
  • Click on the "Generate" button for both the "Client Id" and "Client Secret" fields. 
  • Provide a name to the principal. I've entered "Task Scheduler Script"
  • For domain and redirect URL, use "localhost" and "https://localhost" as the redirect URL.
  • Copy Client Id and Client Secret fields and click on the "Create" button to register app principal. You should get a confirmation message "The app identifier has been successfully created."
    connect-pnponline appid appsecret

Step 2: Assign Permission to the App Principal
Once the app principal is registered, the next step is to grant permission to the app principal on SharePoint Online. We can scope it to tenant, site collection or web levels. Let's grant this app principal with "Full Access" rights on the site collection.
  • Navigate to https://tenant.sharepoint.com/sites/marketing/_layouts/15/appinv.aspx
  • In the "App Id" field, enter the "Client Id" you copied in the previous step and click on "Lookup" button. This loads "Title", "App Domain" and "Redirect URL" values matching the entered App Id that we created and allows us to set the app’s permissions. In the "Permission Request XML:", Enter the following and click on the "Create" button:
    <AppPermissionRequests AllowAppOnlyPolicy="true">
       <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
    </AppPermissionRequests> 
    How to Connect to SharePoint Online using Connect-PnPOnline AppID and AppSecret
  • Click on "Trust it" button to grant the app permission to access SharePoint site collection with full access rights.
    Connect to SharePoint Online using PnP PowerShell AppID and AppSecret
Here I've configured "Full Control" on site collection. You can also use: Read-Only, Write, Full Control on Lists, Webs, Site collections or even tenant. Refer: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint .

Connect to SharePoint Online using Connect-PnPOnline AppID and AppSecret
Now, you can connect to SharePoint Online with AppId and AppSecret (technically from any application!)
#Site collection URL
$SiteURL = "https://crescent.sharepoint.com/sites/marketing/"

#Connect to SharePoint Online with AppId and AppSecret
Connect-PnPOnline -Url $SiteURL -AppId "3c85uc19-f1b9-41ba-8c16-c3281x09b82" -AppSecret "1KLekxb775bhs/C3*aqqWE6Gs13u4="

Get-PnPContext
In case, you get "Connect-PnPOnline : Token request failed." error, check your AppId and AppSecret. Or it may be expired. By default its expiration date is 1 year! You can register an AppID from Azure AD management portal's App registration section and set the duration to "Never Expire". And then Grant access to that AppId from SharePoint.
PnP PowerShell: Connect-PnPOnline using AppID and AppSecret PnP PowerShell: Connect-PnPOnline using AppID and AppSecret Reviewed by Salaudeen Rajack on March 26, 2019 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.