SPFx Isolated Webparts

 Isolated webparts are availble for SPFx 1.8.0 or later versions.

Why do we want to make our webparts as Isolated webparts?

When your webpart is trying to access any back end API, using microsoft graph, In order to handle the security permissions this isolated webpart concept has come in SPFx.

When you calling any methods in back end API, we are giving few permissions to run the script with in the page of the webpart. Here we have to give permissions only to the script/code as part of the webpart. Hence we use isolated webpart.

When we package the solution, and add the webpart to the page, These isolated webparts are run on a unique domain and is hosted in an iFrame.

A dedicated azure ad is gets created for this spfx solution, which handles the authentication.

-----------------------------------------------------------

Create a new webpart solution.

Make sure the prompt "Will the components in the solution require permissions to access web APIs that are unique and not shared with other components in the tenant?" - Yes

Note: By mistake if you press No, in config file later we can again change it to yes. 

In package-solution.json -> isDomainIsolated: true ( because we press Yes for the second prompt)

----------------------------------------------------------------

Choose no-javascript 

Install graph types:

npm install @microsoft/microsoft-graph-types --save-dev

then import in main.ts file below

import {MSGraphClient} from '@microsoft/sp-http';

import * as MicrosoftGraph from '@microsoft/microsoft-graph-types';

Now in the render method, use this sample code to fetch the user information from graph api.

  public render(): void {

    this.context.msGraphClientFactory.getClient()

      .then((graphclient: MSGraphClient):void => {

        graphclient

          .api('/me')

          .get((error,user:MicrosoftGraph.User, rawResponse?:any)=>{

            this.domElement.innerHTML = `

            <div>

              <p class="${ styles.description }">Display Name: ${user.displayName}</p>

              <p class="${ styles.description }">givenName Name: ${user.givenName}</p>

              <p class="${ styles.description }">mail: ${user.mail}</p>

              <p class="${ styles.description }">surname Name: ${user.surname}</p>

              <p class="${ styles.description }">userPrincipalName Name: ${user.userPrincipalName}</p>

            </div>`;

         

          });

      });

  }

Now, we need to permissions to the graph API.

Go to package-solution.json

{

  "$schema": "https://developer.microsoft.com/json-schemas/spfx-build/package-solution.schema.json",

  "solution": {

    "name": "isolatedwebpart-client-side-solution",

    "id": "50963e34-400b-4491-bf05-03f0f6668641",

    "version": "1.0.0.0",

    "includeClientSideAssets": true,

    "isDomainIsolated": true,

    "webApiPermissionRequests":[{

      "resource": "Microsoft Graph",

      "scope": "User.ReadBasic.All"

    }],

    "developer": {

      "name": "",

      "websiteUrl": "",

      "privacyUrl": "",

      "termsOfUseUrl": "",

      "mpnId": ""

    }

  },

  "paths": {

    "zippedPackage": "solution/isolatedwebpart.sppkg"

  }

}

Now, budle and package the solution.

Now, Upload the sppkg file to App catalog.

After upload the sppkg file, you observe the below prompt popup.

This client side solution will get content from the following domains:

SharePoint Online

Please go to the API Management Page to approve pending permissions. These are the permissions that need to be reviewed: Microsoft Graph, User.ReadBasic.All

---------------------

Now we need to grant the permissions.

Go to sharepoint admin center

https://mercedessaga-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx

Click on Advanced->Select the webpart and approve.

--------------------

Here we have to notice that, If we are creating Isolated webpart, then it always asks to approve/reject in the advance->API access section, shown under Isolated webpart category.

If admin has approved, then webpart is available to access it in pages.

--------------------

Now go to aad.portal.azure.com

Go to Azure Active Directory 

click on App registrations

under all applications category

you can observe your webpart name resides overthere.

--------------------

Click on the webpart link

You will find, application ID(client ID)

When you test your webpart in the page, it asks application ID, this ID is used overthere.

Now try add your webpart in page.

Click on Add an App

lets wait for provision

You can see the webpart running fine.