Trust Add-In

Register App in SharePoint

Premise

In this post, I’ll demonstrate, how to register a SharePoint add-in(app) using the AppRegNew form and grant the required permissions.

Register Add-In using the AppRegNew form

  • Navigate to
    [Site Collection URL]/_layouts/15/AppRegNew.aspx

    AppRegNew Form
    AppRegNew Form
  • At this point, you’ll need to fill in the following details,
    Client Id Generate a unique client id for your add-in. It’s a GUID which will be used to identify your add-in.
    Client Secret Acts like a password for your add-in. It will include some special characters as well. So while using it, we have to encode the same first.
    Title The name of your add-in that will be displayed to the end user.
    App Domain For provider-hosted add-in, this will be the domain where, the add-in is hosted. For token generation add-in, fill in any value. Make sure, not to include protocols(https) or slashes(/).
    Redirect URI For provider-hosted add-in, fill in the redirect URL. For token generation add-in, fill in any value.
  • Once you have filled in all the details, hit Create to register the add-in.
    Register SharePoint Add-in Values
    Register SharePoint Add-in Values
  • You will be navigated to a page displaying the details of your add-in. Save Client Id & Client Secret for future references.
    SharePoint Add-in Identifier
    SharePoint Add-in Identifier

Grant permission to an add-in

Now that the identifier is created, we need to grant the necessary permission for it to perform any action. In this example, I’ll demonstrate how to grant full control access on a Site Collection.

  • Navigate to
    [Site Collection URL]/_layouts/15/AppInv.aspx

    AppInv form
    AppInv form
  • Enter your Client Id value in the App Id option and hit the Lookup button. Details of your add-in will be displayed automatically.
    AppInv values
    AppInv values
  • This is the crucial part. In the option, Permission Request XML, let’s write the below XML code to grant our add-in full control on the given site collection.
    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>
    </AppPermissionRequests>
  • Just hit the Create button. You will now be prompted to trust the add-in for all the permissions that it requires.
    Trust SharePoint Add-In
    Trust SharePoint Add-In
  • Hit the Trust It to grant the requested accesses. You can navigate to the following URL to also confirm that the permission has been assigned to the add-in.
    [Site Collection URL]/_layouts/15/appprincipals.aspx

    Site Collection App Permissions
    Site Collection App Permissions

Permission Matrix

In the above permission XML, we have used 2 permissions, full control on a site collection and full control on a web. Similarly, there are other permission options as well. A detail description of all the available options can be found here.

Key Takeaways

  • As mentioned in the above example, multiple permissions can be applied to a give add-in.
  • Add-in registration is not required for SharePoint-hosted add-in.
  • Remember to always HTML encode the Client Secret before using it.
  • The values, AppDomain and Redirect URI are required for provider-hosted add-in only. For token generation add-in, these values gets ignored. So we can put any dummy values in here.
  • Token generation add-in is required to authenticate our custom SharePoint REST API calls.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.