Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create secret not working. Login option 3 #56

Open
Erdb33reis opened this issue Apr 29, 2024 · 1 comment
Open

Create secret not working. Login option 3 #56

Erdb33reis opened this issue Apr 29, 2024 · 1 comment

Comments

@Erdb33reis
Copy link

Hi,

Option 3 is unfortunately no longer usable due to the deprication of a function by Microsoft.
https://www.dataiku.com/product/plugins/sharepoint-online/
MS info:
https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs

Are there any alternative ways we can use the sharepoint integration or will this be the point at which we can no longer use it?
Options 1 and 2 are not practicable for our company (MFA).
@ElectroTiger
Copy link

ElectroTiger commented May 14, 2024
edited
Loading

^ Upvoted this issue for visibility, in that this Dataiku plugin should begin to support Microsoft's recommend alternative for app-only authentication, which seems to be Azure AD Registered Apps with certificate authentication: https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread; https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/from-acs-to-aad-apps. In fact, I can see that there is an Open pull request to make this happen: #48

@Erdb33reis Meanwhile, I do find that Method 3 still works, but you may be encountering issues since Dataiku's documentation seems to be inaccurate. I spent a couple hours troubleshooting myself, and I can tell you this:

If you get this error:
image

At your /appinv.aspx link, modify your Permission Request XML to set the permissionrequestscope as such:
image

If you get this error:
image

Use PowerShell (as a tenant admin) to enable the depreciated Custom App Authentication

# Check if SharePoint module is currently installed; returns nothing if not.
Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

# Installs PowerShell module for this user.
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser

# Connect to Sharepoint (opens up separate window for auth)
Connect-SPOService -Url https://teragonia-admin.sharepoint.com

# Enable Custom App Authentication
Set-SPOTenant -DisableCustomAppAuthentication $false

If you want to narrow down your permission request XML further (best practice), check out this Medium article on what URL you use to access the "appinv.aspx" to scope to a particular site collection / site / library - and I suspect that the right that is needed is only "Manage" rather than "FullControl": https://medium.com/ng-sp/sharepoint-add-in-permission-xml-cheat-sheet-64b87d8d7600

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ElectroTiger @Erdb33reis