Sharepoint SSO with Iframe embed in react app

Monika Patel [C] 0 Reputation points
2023-06-22T15:01:05.6266667+00:00

I am using iframe to embed SharePoint files in my react-app. I want to do SSO, so that Iframe not show Sharepoint login form. Is there any solution for that?

Microsoft 365 and Office SharePoint For business Windows
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2023-06-23T01:28:44.9366667+00:00

    Hi @Monika Patel [C],

    To achieve Single Sign-On (SSO) for SharePoint files embedded in an iframe within your React app, you can use the SharePoint OAuth authentication flow. Here's a general outline of the steps involved:

    Register your application in Azure Active Directory (AAD): To enable SSO, you'll need to register your React app as an application in AAD and obtain the necessary client ID and client secret.

    Configure the SharePoint API permissions: In the AAD application registration, you need to grant the required permissions to access SharePoint files on behalf of the user. Typically, you'll need the or permission.Files.ReadFiles.Read.All

    Implement the authentication flow in your React app: a. On your React app's login page, provide a button or link to initiate the authentication process. b. When the user clicks on the login button, redirect them to the Azure AD login page, passing your registered client ID and the desired SharePoint site as the parameter. c. After successful authentication, Azure AD will redirect the user back to a specified redirect URL within your React app, along with an authorization code. d. Exchange the authorization code for an access token by making a request to Azure AD's token endpoint. Include the code, client ID, client secret, and the redirect URL used in the previous step. e. Once you receive the access token, you can store it securely (e.g., in a session or local storage) and use it to authenticate subsequent requests to SharePoint.resource

    Embed SharePoint files in the iframe: When embedding SharePoint files in the iframe, pass the access token as an Authorization header in the request. This will authenticate the user and bypass the SharePoint login form within the iframe.

    Note: Depending on the specific SharePoint configuration and authentication requirements, there might be additional considerations or adjustments needed. It's recommended to refer to the official Microsoft documentation or consult SharePoint development resources for detailed implementation guidance.

    Keep in mind that implementing SSO requires careful handling of security considerations, such as protecting client secrets and properly securing access tokens.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards

    Cheng Feng


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.