Securing SPFx solutions 🔒 after the domain-isolated web part deprecation 🥺


In a recent newsletter, I shared the news that Microsoft accounted for the upcoming retirement of the SharePoint Framework (SPFx) domain-isolated web parts. It appears they’re doing this to get rid of iframes in SharePoint pages - an unfortunate development because it was one of the ways to better secure your SPFx solutions. Why? When an SPFx solution requests an access token from SharePoint Online (SPO) using either the Microsoft Graph API or Azure AD (aka Microsoft Entra ID) API, SPO has no...