Registering an add-in for SharePoint is easy enough. You go to the _layouts/appregnew.aspx page for the site and register the add-in.
Permissions are set when the add-in is installed on the site too. This happens after you’ve clicked Trust It when adding the add-in to a site.
To revoke the permissions for an add-in in a site is also straight forward. To do this, you go to the _layouts/appprincipals.aspx page and click the delete icon next to the add-in you want to revoke permissions for. Or for a specific web, add ?Scope=Web to the URL.
There’s no admin page for unregistering and add-in for a site though. To do this, we can run some PowerShell. This does require a hybrid installation where you still have access to the SharePoint farm itself and can run SharePoint PowerShell cmdlets.
The following script shows how to:
- Revoke permissions for an add-in for a site
- Unregister the add-in for a site
# Replace with the add-in's client id
$clientId = "33b85512-e4b1-529c-e012-410e676bef09"
$site = Get-SPSite "url to the SP site"
$realm = Get-SPAuthenticationRealm -ServiceContext $site
$appId = $clientId + "@" + $realm
# Get the add-in principal for the site
$principal = Get-SPAppPrincipal -NameIdentifier $appId -Site $site.RootWeb
# Remove the permissions that were granted for this add-in in the site
Remove-SPAppPrincipalPermission -AppPrincipal $principal -Site $site.RootWeb -Scope Site
# Set the Scope parameter to SiteCollection to apply this to the site collection instead of just the web
# Now to unregister the add-in
$appManager = [Microsoft.SharePoint.SPAppPrincipalManager]::GetManager($site.RootWeb)
You then need to call the DeleteAppPrincipal method and pass it the principal object we retrieved for the add-in.
Useful if you want to completely remove an add-in from a site/site collection.