question

ArshGoyal-4853 avatar image
0 Votes"
ArshGoyal-4853 asked RaytheonXie-MSFT commented

SharePoint Add-in supports PKCE ?

Does SharePoint Add-in Authorization OAuth2 flow support PKCE (Proof Key for Code Exchange)? I have an already existing application and want to add an adding layer of security using PKCE (by using a code_verifier and code_challenge). However, I have no found no documentation regarding this for SharePoint Online Add-in.
Please let me know if this feature is available.

office-sharepoint-onlinesharepoint-workflowazure-ad-verifiable-credentials
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RaytheonXie-MSFT avatar image RaytheonXie-MSFT ·

Hi @ArshGoyal-4853 ,
I am currently doing some research on this issue, will let you know as soon as possible

0 Votes 0 ·

1 Answer

RaytheonXie-MSFT avatar image
0 Votes"
RaytheonXie-MSFT answered RaytheonXie-MSFT commented

Hi @ArshGoyal-4853 ,
Authorization systems use the OAuth 2.0 Framework. OAuth 2.0 is an open framework for authorization. OAuth enables secure authorization from desktop, device, and web applications in a standard way. OAuth enables a user to approve an application to act on his or her behalf without sharing his or her user name and password.

The OAuth 2.0 authorization code grant can be used in apps that are installed on a device to gain access to protected resources, such as web APIs. Using the Microsoft identity platform implementation of OAuth 2.0 and Open ID Connect (OIDC), you can add sign in and API access to your mobile and desktop apps.

You can refer to following documents
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RaytheonXie-MSFT avatar image RaytheonXie-MSFT ·

Hi @ArshGoyal-4853 ,
Have you tried the solution I proposed?

If you have any questions or progress, you can contact me in time.

Looking forward to your reply

Have a lucky day!

Thanks,
Raytheon Xie

0 Votes 0 ·
ArshGoyal-4853 avatar image ArshGoyal-4853 RaytheonXie-MSFT ·

@RaytheonXie-MSFT, thanks for the prompt response.

The links you sent are regarding the Microsoft identity platform implementation of OAuth 2.0.

I want to know if the PKCE functionality mentioned in these links can be extended for SharePoint Add-ins also?

Microsoft identity platform link (This contains PKCE implementation): https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

SharePoint Add-in link (No mention of PKCE. Want to implement it here) https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins

0 Votes 0 ·
RaytheonXie-MSFT avatar image RaytheonXie-MSFT ArshGoyal-4853 ·

Hi @ArshGoyal-4853 ,
I am regretful that I am unfamiliar with PKCE. I have added Azure tag so that others can see the issue and help you.

0 Votes 0 ·