Tour of the process to invoke MS Graph API with Sites.Selected including Azure App Registration, SharePoint Online, MS Graph Explorer, VS Code, and AngularJS web application to create SharePoint List Item.
Goal is to demonstrate coding example:
- How to create Azure App Registration with GUI
- How to grant “Sites.Selected” for given SharePoint Online URL with PNP PowerShell
- HTTP POST for Azure logic to get Access Token
- HTTP POST for MS Graph “Sites.Selected” granular API to create SharePoint list item
- Tools needed to develop and debug all of the above.
With Microsoft’s release of “Sites.Selected” for MS Graph we have more granular permission options beyond classic “Sites.ReadWrite.All” and “Sites.FullControl.All” which could enable an application to read every document in the SharePoint Online tenant. Least privilege security practices would encourage us to only grant what is actively needed, nothing more.
Testing the full process end-to-end requires a sample application sending HTTP to read/write SharePoint data. For that, we are employing a simple AngularJS 1X web Single Page Application (SPA) with only 1 HTML and 1 JS file. Enables us to view JS values, click button to send, and trace network traffic with F12 Chrome tools. NPM and LITE-SERVER are leveraged for http://localhost:3000/ website hosting to provide front end interface and local debug. Also, Chrome is launched with CMD parameters to disable CORS providing unrestricted network traffic and for simpler debug experience.