is permissions for sharing a site via ShareSite changed

Copper Contributor

Hi!

I have a SharePoint app that tries to invite people to a site via the PnP ShareSite method.

 

About a month ago the app stopped working and now I see that I get a StatusCode of Access Denied when I try to share even though the app has full Control.

7 Replies

Are you trying to share with external users? Can you please provide some screenshots

 

There is Service Advisory in O365 Admin Center for External Sharing access errors.

We are having exactly the same issue. Sharing a site using a ClientContext with App Only credentials was working before, but now we receive errors.

 

When sharing a site using a ClientContext that has authenticated with SharePointOnlineCredentials the sharing succeeds. Using the same code but a ClientContext that has authenticated with App Only credentials the sharing fails with error message: 'The user has insufficient permissions to create an invitation'. The app has tenant full control permissions.

 

I think the SharePoint Online Sharing API has changed and the change is causing this issue now.

Hi Bart Kapitein,
Did you have a solution to work with App Only Authentication? I have the same issue as well.
I have also same Issue. I create a support ticket for it but no response.
I did a workaround solution for this issue by 2 steps. Firstly, I invite external users to AD as guest via a graph api. Secondly, I share the site using PnP library.

I'm seeing this now as well, and maybe I can provide some additional context. I'm inviting external users via app-only context. This used to work, and now it does not.

 

I believe it has something to do with classic versus Modern sites. I have a tenant where app-only invitations still work on classic team sites but fail on Modern sites. Tenant and site settings are configured to allow sharing to existing and new external users. I have another newer tenant, where the functionality is disabled altogether. 

 

I'm running: 

 

var group = ctx.Web.SiteGroups.GetByName(groupName);
ctx.Load(group);
ctx.ExecuteQuery();

group.InviteExternalUser("user@domain.com", true);
ctx.ExecuteQuery();

 

and the code does not throw exceptions but the invite is not sent. Sniffing the traffic with Fiddler I can see:

 

The user has insufficient permissions to create an invitation

 

Anybody know what's going on here? Really would like to avoid the Graph workaround if possible.

 

Is there anyone who has been able to resolve this issue.

 

We have a provisioning application as well (.NET) which adds a user to a site and group, through .ShareSite(email, group, false).

 

Sometimes it works, sometimes we get the "The user has insufficient permissions to create an invitation" error.