Problem using PnP Core GetAzureADAppOnlyAuthenticatedContext() with Azure Functions runtime.

I was working on an Azure Function recently that used the OfficeDevPnPCore AuthenticationManager() class with the GetAzureADAppOnlyAuthenticatedContext() method to get an app only authentication context.

new AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext();

I was running into the very helpful error message of “Object reference not set to the instance of an object”.

After a little digging around I came across the following GitHub issue when pointed me in the right direction.

The problem seems to be with the latest runtime. I was running version 1.0.9 of the Azure Functions Core Tools to locally debug the function.

If you look at the app settings for your function in the portal, you will see that there is a setting called “FUNCTIONS_EXTENSION_VERSION” and this will be set to the value ~1 which means use the latest runtime.

The solution to being able to run this above code on Azure was to force the runtime to use a particular version. I set mine to 1.0.11388 which got everything working again.



However I still needed to debug the function locally so I needed to update my local version of the core tools.

If you open a command prompt and type


you will see which runtime you have installed.


As you can see I had version 1.0.9 installed. I looked through the releases on GitHub at and decided to downgrade my tools to version 1.0.7.

After downgrading to version 1.0.7 I found that the above app only auth call started to work again.



Looking up SharePoint taxonomy terms from Microsoft Flow app using an Azure Function

In this post I am going to show you how you can use an Azure Function to return an item from the SharePoint Online term store and use that value inside a Microsoft Flow app.

As an example of where this might be useful think of something like an approval workflow using Microsoft Flow that can lookup an approver’s email address from the SharePoint term store.

The basic architecture looks like below:


Getting started

The first thing to do is to download the source code from this GitHub repository.

The code includes an Authentication context that supports both App Only authentication and SharePoint authentication through AppRegNew.aspx.

This can be configured by changing the Azure Function app setting called AUTH_TYPE from AppOnly to SPAuth.

Creating Azure AD App

We need our Azure Function to be able to authenticate with SharePoint so we will create a new Azure AD app in the portal and configure it’s application permissions to allow SharePoint access.

Setting up App Only auth is quite lengthy and there is pretty good documentation over on you can follow the steps in this article to create an Azure AD app and then follow this article to configure it for app only authentication

Once you have the Azure AD app created and your app only certificate, make sure you put the .pfx file inside the .\Cert directory inside the solution and set its ‘Copy to Output Directory’ property to ‘Copy Always’. You will also need to update the name of this certificate in the Azure Function app settings in the CERT_NAME setting.

Open the permissions for the newly created AAD app in the portal and make sure the Office 365 SharePoint Online permissions are configure as below:


You will need to make a note of the Application ID for this AAD app and update the AUTH_ID app setting in the Azure Function once created.


Deploying Azure Function

In the Azure Portal create a new Function App as shown below and make a note of the App Name.


Next we want to deploy the function to Azure. We can either download the publish profile from the portal or use the Azure Functions Core Tools library

To use the core tools to deploy make sure you first build the solution. Open a command prompt and CD to .\bin\debug\net461 folder.

After installing the tools with

npm i -g azure-functions-core-tools

Then run

func azure functionapp publish leetestsptaxlookup

Replace leetestsptaxlookup with the function name you created earlier.

Update the functions app settings with the values in the local.settings.json file replacing the values with the ones that relate to your tenant.


Configure the Azure Function taxonomy lookup

The Azure Function will lookup from the term store based on the value in the TERM_GROUP app setting.

For instance if our term store structure look like below:


We would set our TERM_GROUP setting to be the value “Lee;Settings;SiteRequestApprover”. Notice the structure is TermGroup -> TermSet -> Term all separated by a semi colon.


Creating Microsoft Flow App

Open Microsoft Flow and create a new Flow. You can pick whichever trigger you want to use. Create a new HTTP action and configure as shown below:


The HTTP action just makes a GET request to the Azure Function passing in two parameters; siteUrl and code.

siteUrl is the URL of the SharePoint site you want to use as a context for obtaining the taxonomy values. You need to pass your host key to the code parameter. You can view your host keys when you visit the settings page for your function in the Azure portal.


When your Flow is run the Azure function will return the value from the term store inside the body of the HTTP response as show below:


This Body value can then be used as a parameter to other actions. This means we can use a value from the term store to drive decisions within our Microsoft Flow app. This could be something like an approver for a workflow for example. In reality any value can be retrived from the term store and we can host multiple Azure functions for different values.



Azure AD JavaScript authentication tutorial series (Part 1)

I have put together a video tutorial series that goes through step by step a full end to end solution that shows how to authenticate an Azure AD Web API application from JavaScript code using the adal.js library.

Now days I am finding myself designing my applications to use a web service layer to serve up data from data stores.  Providing REST API endpoints on top of your data gives alot of benefits when it comes to integrating your data across different client applications. JavaScript runs pretty much everywhere now and it’s the to go to language to build client side apps so accessing your REST endpoints from JavaScript is a really appealing solution and this is why pretty much everyone is doing JavaScript and REST now.

The JavaScript ecosystem today is massive with libraries to help you build pretty comprehensive applications. When I am building SharePoint Add-Ins I tend to expose the data using Web API and stick to using JavaScript in the application to render the data and build out the UI. Most if the time there is no need for server side code inside my client application.

Inevitably you will want to secure your web service layer at some point and if your are building on the Azure platform, then Azure AD is a great OAuth solution.

It is especially a good solution if you are building SharePoint Add-Ins in Office 365. When you are logged into your Office 365 SharePoint site you have already authenticated against your Azure AD and as long as you deploy your applications to the same Azure AD instance then you get automatically authenticated when accessing your Web API layer.

When building these apps I found that there was plenty of examples on authenticating from C# code but I found the examples lacking if I just wanted to use JavaScript to authenticate against my Web API.

The adal.js library comes in very handy here but I found all the examples were based around using it with Angular. Although Angular is a great framework for building client side apps I found most of the time it was overkill for what I wanted to do.  So these set of videos show how you might want to design and build a client side application and in this case a SharePoint Add-In that uses Azure AD authentication, Web API, JavaScript and TypeScript.

The general architecture looks like this.



The first video is up and it shows how to create a SQL Azure database, create a Web API layer and how to model and scaffold the data using Entity Framework.