Azure App registration
1) In the Azure-portal create a new appregistration
Name: PowerDoc
Platform: SPA (single page application)
Redirect-url: set here the url of the PowerApps-environment, for example: https://contoso.crm4.dynamics.com
Api-permissions:
| Api | Type | Permission |
| Microsoft Graph | Delegated | Files.ReadWrite.All |
| Sites.Read.All | ||
| User.Read | ||
| Application | Sites.Selected | |
| Power Automate | Delegated | Flows.Read.All |
| User | ||
| PowerApps Service | Delegated | User |
| Sharepoint | Application | Sites.Selected |
NB: after adding the permissions, click on the button “Grant admin consent for…”
2) Under “Authentication” you can set more redirect-urls for the other environments, for example:
https://contoso-dev.crm4.dynamics.com
https://contoso-acc.crm4.dynamics.com
https://contoso.crm4.dynamics.com
NB: Don’t forget to save when you’re done!
3) Collect the client-id of the appregistration, you can find this in the appregistration at “Overview” and then the value of “Application (client) ID”.
4) Secret: create a never ending secret by this PowerShell-command (replace xxxx-xxxx-xxxx-xxxx-xxxx by the object-id of the appregistration):
Install-Module AzureAD -Force
Connect-AzureAD
$appObjectId = "xxxx-xxxx-xxxx-xxxx-xxxx"
$startDate = Get-Date
$endDate = $startDate.AddYears(98)
$aadAppsecret01 = New-AzureADApplicationPasswordCredential -ObjectId $appObjectId -StartDate $startDate -EndDate $endDate
Write-Output $aadAppsecret01NB: Collect the generated secret from the output.
5) Set site-permissions for app via PowerShell (replace {host} and {sitename} by valid values and replace the yyyy-yyyy-yyyy-yyyy-yyyy value by the client-id of the appregistration):
Install-Module -Name PnP.PowerShell
$siteUrl="https://{host}.sharepoint.com/sites/{sitename}"
$clientId="yyyy-yyyy-yyyy-yyyy-yyyy"
$appName="PowerDocs S2S"
Connect-PnPOnline $siteUrl -Interactive
Grant-PnPAzureADAppSitePermission -AppId $clientId -DisplayName $appName -Site $siteUrl -Permissions Write
Set-PnPTenant -DisableCustomAppAuthentication $false6) After this go in your browser to this address (replace {host} and {sitename} by valid values):
App-Id: search on the client-id of the appregistration
Title: will be filled automatically
App-domain: localhost
Redirect-url: https://localhost
Xml:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>Click on the button “Create” and after that on the button “Trust it”.