Any way to focus site permission in App-Only csom

Question

I register a App in Azure AD Portal:

Get Access Token:

 var clientId = "<<AAD_APP_CLIENT_ID>>";  
            var tenantId = "<<AAD_TENANT_ID>>";  
   
            using var certificate = GetCertificate(  
                Path.Combine(Environment.CurrentDirectory, "MyAppCertificate.pfx"),  
                "<<CERTIFICATE_PASSWORD>>");  
   
            var confidentialClient = ConfidentialClientApplicationBuilder  
                .Create(clientId)  
                .WithTenantId(tenantId)  
                .WithCertificate(certificate)  
                .Build();  
   
            var token = await confidentialClient  
                .AcquireTokenForClient(new[] { $"{endpoint.TrimEnd('/')}/.default" })  
                .ExecuteAsync();  

Can we make the App Permission focus on detailed site collection ?

Answer 1

Hi @sp13test ,

Agree with trevorseward's suggestion, but Site.Selected permission level is still in Development status per the Microsoft 365 roadmap, you can trace the status, once released, it will support for specific site collection permission level:

roadmap

Thanks
Best Regards

---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

See:

https://developer.microsoft.com/en-us/sharepoint/blogs/controlling-app-access-on-specific-sharepoint-site-collections/

Note, putting a PFX password in code defeats the purpose of using Cert-based auth. PFX should be imported into a trusted store and use the callers identity to read the private key.