Registering an add-in for SharePoint is easy enough. You go to the _layouts/appregnew.aspx page for the site and register the add-in.
Permissions are set when the add-in is installed on the site too. This happens after you’ve clicked Trust It when adding the add-in to a site.
To revoke the permissions for an add-in in a site is also straight forward. To do this, you go to the _layouts/appprincipals.aspx page and click the delete icon next to the add-in you want to revoke permissions for. Or for a specific web, add ?Scope=Web to the URL.
There’s no admin page for unregistering and add-in for a site though. To do this, we can run some PowerShell. This does require a hybrid installation where you still have access to the SharePoint farm itself and can run SharePoint PowerShell cmdlets.
The following script shows how to:
- Revoke permissions for an add-in for a site
- Unregister the add-in for a site
asnp Microsoft.SharePoint.PowerShell # Replace with the add-in's client id $clientId = "33b85512-e4b1-529c-e012-410e676bef09" $site = Get-SPSite "url to the SP site" $realm = Get-SPAuthenticationRealm -ServiceContext $site $appId = $clientId + "@" + $realm # Get the add-in principal for the site $principal = Get-SPAppPrincipal -NameIdentifier $appId -Site $site.RootWeb # Remove the permissions that were granted for this add-in in the site Remove-SPAppPrincipalPermission -AppPrincipal $principal -Site $site.RootWeb -Scope Site # Set the Scope parameter to SiteCollection to apply this to the site collection instead of just the web # Now to unregister the add-in $appManager = [Microsoft.SharePoint.SPAppPrincipalManager]::GetManager($site.RootWeb) $appManager.DeleteAppPrincipal($principal)
You then need to call the DeleteAppPrincipal method and pass it the principal object we retrieved for the add-in.
Useful if you want to completely remove an add-in from a site/site collection.