Cli-microsoft365: Add support for authentication using certificate

Created on 26 Mar 2018 · 13Comments · Source: pnp/cli-microsoft365

Currently, the Office 365 CLI supports only interactive authentication using device code. To support non-interactive scenarios, such has CI/CD, it would be helpful if it was possible to authenticate using a certificate to support app-only scenarios. When connecting to an O365 service, user can choose which authentication method they want to use.

[x] implement support for cert-based auth in all services
[x] implement unit tests

enhancement work in progress

Source

waldekmastykarz

👍2 🎉1

All 13 comments

Any work/progress on this one?

wictorwilen on 11 Sep 2018

Progress is going on here now...

wictorwilen on 11 Sep 2018

💪 All yours

waldekmastykarz on 11 Sep 2018

Putting back as up for taking. @wictorwilen did some great work for start, but we need to have it implemented consistently for all services rather than just for SPO.

waldekmastykarz on 9 Dec 2018

Hi, could somebody explain where I can obtain/generate the relevant certificate file please? Thanks in advance.

JakeStanger on 7 Mar 2019

Which OS are you using @JakeStanger?

waldekmastykarz on 7 Mar 2019

Windows 10 on my workstation, CentOS on the build server.

JakeStanger on 7 Mar 2019

This should help you started with Windows: https://blogs.msdn.microsoft.com/richard_dizeregas_blog/2015/05/03/performing-app-only-operations-on-sharepoint-online-through-azure-ad/. Unfortunately, I'm not familiar with CentOS, so can't be of any help there.

waldekmastykarz on 8 Mar 2019

Thanks! I believe only the key generation should vary from platform to platform so I'll have a play around and perhaps update the docs if I get it working.

JakeStanger on 8 Mar 2019

👍1

This might also help as it offers a way to keygen using an NPM package;

Scroll down to the section "1.1 Backtrack"
Azure Functions, JS and App-Only Updates to SharePoint Online

You can also use OpenSSL to generate signing keys for use with app-only authentication, I've got a bash script for this it you need it
AppOnlyCertificateGenerationWithOpenSSL.sh

phillipharding on 8 Mar 2019

👍1

Sorry to bring this thread up again but it seems sensible to keep the issue here rather than a new thread. I've granted permissions to my app and installed the certificate, and I'm now getting this error:

Client is public so 'client_assertion' should not be presented.

The app is definitely a web app.

Also, for reference sake there's an official MS doc on this now: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

JakeStanger on 24 Apr 2019

@JakeStanger , thanks for reporting that! I will reopen the issue and we will take a look asap.

VelinGeorgiev on 24 Apr 2019

👍1

Actually, it would be better to have a separate issue with clear repro steps. @JakeStanger, could you please give us some more information that we can use to replicate the issue ourselves? I'll close this one to avoid confusion.

waldekmastykarz on 24 Apr 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings