What is the pros and cons of SharePoint Online App Only Authentication

Suresh S 96 Reputation points
2021-12-27T07:52:47.69+00:00

Hi All,

I am looking for the pros and cons of SharePoint Online App Only Authentication. I am exploring with Client ID and Client Secret ID and OfficeDevPnP.Core. We are planning to use this approach with client where the MFA has been enforced. Please share the thoughts of it.

Thanks & Regards
S. Sankar

Microsoft 365 and Office | SharePoint Server | For business
Microsoft 365 and Office | SharePoint | For business | Windows
Microsoft 365 and Office | SharePoint Server | Development
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sreeju Nair 12,666 Reputation points
    2021-12-27T08:02:45.15+00:00

    Based on your Query, accessing SharePoint using an application context (app-only) is well documented below.

    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly

    Refer the following section (copy & paste from the above link)

    App-Only does not work in following cases:

    • Updating taxonomy service entries (write) - read works
    • Creating modern team sites does not support app-only when you use the SharePoint API for it. When modern team sites are created using Microsoft Graph to create the group then app-only is a supported scenario
    • Creating communication sites is supported in app-only context, but owner property is required. using the SharePoint API
    • Search when using SharePoint On-Premises. SharePoint Online support for it has been added (blog post)
    • User Profile CSOM write operations do not work with Azure AD application - read operations work. Both read and write operations work through SharePoint App-Only principal
    • User Profile Bulk Update API can be used with app-only permissions
    • Manipulating files via WebDav protocol and CSOM (using File.SaveBinaryDirect) does not work with app-only

    Hope this helps


  2. sadomovalex 3,636 Reputation points
    2021-12-30T14:50:04.023+00:00

    Advantage of app-only permissions is that it doesn't require any specific user account to run the code (and store sensitive user data like passwords in some secure location). However not everything can be done with app only permissions - for some actions delegated permissions are needed (which require user credentials to run on behalf of this user). Information about which permissions are available for each action is provided per API endpoints.

    PS. Consider using PnP.Framework instead of OfficeDevPnP.Core (OfficeDevPnP.Core is obsolete and not developed further anymore).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.