How to manage SharePoint hosted app with app-only calls
https://sharepoint.stackexchange.com/questions/110452
-
29-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have one SHarePoint Hosted app. I given in appmanifest.xml as app only calls and given scope as tenant.
<AppPermissionRequests AllowAppOnlyPolicy="true" >
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
This app will create folders for each user by taking input from user. Even though the user is having only read only permission on that library, app should create folder behalf of the user.
But if I deploy this app and try for an user who is having edit permission, it is giving Access Denied error.
What would be the case in this scenario. Do I need to create any object in javascript file for app-only calls in order to fulfill my requirement? I googled but I did't get any proper information on SharePoint Hosted apps with app-only calls.
Solution
AppOnlyPolicy is not applicable to SP Hosted app as it uses OAuth tokens. You have to give user permission to make this work.
According to MSDN:
Apps that do not make OAuth authenticated calls (for example, apps that are only JavaScript running in the app web) cannot use the app-only policy. They can request the permission, but they will not be able to take advantage of it because doing so requires passing an app-only OAuth token. Only apps with web applications running outside of SharePoint can create and pass app-only tokens.
