[英]Is it possible to get SharePoint app-only principal for one site only using REST API?
There are many tutorials how to add principal for specific app manually for admin, like this: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs有很多教程如何为管理员手动添加特定应用程序的主体,例如: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
And it is okay it works.没关系,它可以工作。 But is there a way to grant this principal with an API call instead of manual setup?但是有没有办法通过 API 调用而不是手动设置来授予这个委托人? It will still be requested with admin bearer token so it should have all permissions to set it up, but I can't find any way to do it.仍然会使用管理员不记名令牌请求它,因此它应该具有设置它的所有权限,但我找不到任何方法来做到这一点。
There is a way, where if I have another app registered in my tenant with FullControl permissions it can use an API to give principals for other apps like this: https://docs.microsoft.com/en-us/graph/api/site-post-permissions?view=graph-rest-1.0&tabs=http有一种方法,如果我在我的租户中注册了另一个具有 FullControl 权限的应用程序,它可以使用 API 为其他应用程序提供主体,如下所示: https://docs.microsoft.com/en-us/graph/api/网站发布权限?view=graph-rest-1.0&tabs=http
But I can't have another app and don't want it, I just want to use admin credentials to add an app principal to write to one specific SharePoint page with some API call so I can later control files in the site with my app.但是我不能拥有另一个应用程序并且不想要它,我只想使用管理员凭据添加一个应用程序主体,以通过一些 API 调用来写入一个特定的 SharePoint 页面,以便我以后可以使用我的应用程序控制站点中的文件. Is there a way to do it?有没有办法做到这一点?
In short, the answer is NO .简而言之,答案是否定的。
When we use an admin account to sign into appregnew.aspx
page, in fact we are using an app / principal which is created by Microsoft to get the access token which can be used to create your SharePoint App-only principal.当我们使用管理员帐户登录appregnew.aspx
页面时,实际上我们使用的是由 Microsoft 创建的应用程序/主体来获取可用于创建 SharePoint 仅应用程序主体的访问令牌。
This official scenario is consistent with what you said you need to create an app first, and then use it to configure another app.这个官方的场景和你说的要先创建一个应用,然后用它来配置另一个应用是一致的。
Therefore, it is expected.因此,这是值得期待的。 I'm afraid we can't bypass the first app creation for configuring other apps.恐怕我们无法绕过第一个应用程序创建来配置其他应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.