Guest invited can't use graph api upload file to sharepoint site b2b Azure app

%3CLINGO-SUB%20id%3D%22lingo-sub-1165835%22%20slang%3D%22en-US%22%3EGuest%20invited%20can't%20use%20graph%20api%20upload%20file%20to%20sharepoint%20site%20b2b%20Azure%20app%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1165835%22%20slang%3D%22en-US%22%3E%3CP%3EI%20create%20AAD%20B2B%20App%20config%20my%20webapp%20and%20my%20azure%20portal%20to%20able%20invite%20guest%20user%20.%3C%2FP%3E%3CP%3EMy%20webapp%20success%20use%20graph%20api%20to%20upload%20file%20if%20I%20use%20OTP%20method%20(one%20time%20passcode)%20to%20invite%20guest.%3C%2FP%3E%3CP%3EBut%20when%20I%20disable%20OTP%20and%20invite%20guest%20and%20the%20guest%20user%20use%20password%20to%20login.%3C%2FP%3E%3CP%3EGuest%20user%20login%20success%20but%20when%20call%20graph%20api%20to%20upload%20file%20same%20way%20as%20above%20-%26gt%3B%20webapp%20throw%20error%20%22AADSTS65001%20-%26nbsp%3BThe%20user%20or%20administrator%20has%20not%20consented%20to%20use%20the%20application%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENote%3A%20My%20AAD%20B2B%20app%20added%20permissions%20%3A%20Files.ReadWrite.All%20(graph)%3C%2FP%3E%3CP%3Eand%20I%20success%20if%20use%20OTP%20method%20for%20guest%20login%20to%20app.%20but%20failed%20when%20use%20password%20method.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20sharepoint%20added%26nbsp%3Bpermissions%26nbsp%3B%20for%20the%20guest%20able%20access%20and%20upload%20to%20site%3C%2FP%3E%3CP%3EPlease%20expain%20for%20me.%20Both%20two%20user%20after%20invite%20I%20see%20in%20my%20azure%20usertype%20is%20%3A%20Guest.%3C%2FP%3E%3CP%3Ebut%20source%20one%20is%20OTP%20one%20is%20External%20Auzre%20Active%20Directory%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EError%20throw%20from%20%3A%26nbsp%3B%3C%2FP%3E%3CP%3EAuthenticationResult%20result%20%3D%20null%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3Evar%20idClient%20%3D%20ConfidentialClientApplicationBuilder.Create(appId)%3CBR%20%2F%3E.WithRedirectUri(redirectUri)%3CBR%20%2F%3E.WithClientSecret(appSecret)%3CBR%20%2F%3E.Build()%3B%3CBR%20%2F%3Evar%20tokenStore%20%3D%20new%20SessionTokenStore(idClient.UserTokenCache%2C%3CBR%20%2F%3EHttpContext.Current%2C%20ClaimsPrincipal.Current)%3B%3C%2FP%3E%3CP%3Evar%20accounts%20%3D%20await%20idClient.GetAccountsAsync()%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CFONT%20color%3D%22%23FF0000%22%3Eresult%20%3D%20await%20idClient.AcquireTokenSilent(scopes%2C%20accounts.FirstOrDefault())%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20color%3D%22%23FF0000%22%3E.ExecuteAsync()%3B%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I create AAD B2B App config my webapp and my azure portal to able invite guest user .

My webapp success use graph api to upload file if I use OTP method (one time passcode) to invite guest.

But when I disable OTP and invite guest and the guest user use password to login.

Guest user login success but when call graph api to upload file same way as above -> webapp throw error "AADSTS65001 - The user or administrator has not consented to use the application"

 

Note: My AAD B2B app added permissions : Files.ReadWrite.All (graph)

and I success if use OTP method for guest login to app. but failed when use password method.

 

 

 

My sharepoint added permissions  for the guest able access and upload to site

Please expain for me. Both two user after invite I see in my azure usertype is : Guest.

but source one is OTP one is External Auzre Active Directory

 

 

Error throw from : 

AuthenticationResult result = null;



var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
var tokenStore = new SessionTokenStore(idClient.UserTokenCache,
HttpContext.Current, ClaimsPrincipal.Current);

var accounts = await idClient.GetAccountsAsync();


result = await idClient.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.ExecuteAsync();

0 Replies