Skip to content

Instructions on how to register an add-in for SSO lead users through storing a password in the cloud #4895

New issue
New issue
Open
Open
Instructions on how to register an add-in for SSO lead users through storing a password in the cloud#4895
Assignees
davidchesnut
Labels
Area: authenticationFeedback on authentication contentStatus: in backlogIssue is being tracked in the backlog but timeline for resolution is unknownType: doc bugProblem with the documentation (e.g., doc is out of date, unclear, confusing, or broken)
@netoront

Description

@netoront
netoront
opened on Nov 13, 2024

Article URL

https://learn.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2

Issue

The documentation gives instructions for creating a client secret - basically a shared password - without any indication of whether it's necessary or safe. It's not safe (Microsoft's own internal security scans flag it as a violation), and as far as I can tell, it's not necessary.

The docs should at least dissuade readers from doing it.

Metadata

Metadata

Assignees

Labels

Area: authenticationFeedback on authentication contentStatus: in backlogIssue is being tracked in the backlog but timeline for resolution is unknownType: doc bugProblem with the documentation (e.g., doc is out of date, unclear, confusing, or broken)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions