SOLVED

SharePoint site for Office 365 group not created when group is created programmatically via Graph

%3CLINGO-SUB%20id%3D%22lingo-sub-80486%22%20slang%3D%22en-US%22%3ESharePoint%20site%20for%20Office%20365%20group%20not%20created%20when%20group%20is%20created%20programmatically%20via%20Graph%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-80486%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20created%20Office%20365%20Group%20programmatically%20via%20C%23%20and%20Graph.%20The%20group%20shows%20up%20as%20expected%20in%20Outlook%20but%20when%20I%20try%20to%20enter%20the%20site%20https%3A%2F%2F%3CTENANT%3E.sharepoint.com%2Fteams%2F%3CMAILNICKNAME%3E%20I%20just%20got%20an%20%22empty%22%20page%20with%3A%3C%2FMAILNICKNAME%3E%3C%2FTENANT%3E%3C%2FP%3E%3CPRE%3EHTTP%2F1.1%20200%20OK%0AServer%3A%20Microsoft-IIS%2F8.5%0ADate%3A%20Wed%2C%2021%20Jun%202017%2007%3A56%3A01%20GMT%0AConnection%3A%20close%3C%2FPRE%3E%3CP%3EWhen%20I%20try%20to%20access%20the%20site%20via%20Csom%20I%20get%20to%20the%20root%26nbsp%3B%3CSPAN%3Ehttps%3A%2F%2F%26lt%3B%3C%2FSPAN%3E%3CSPAN%3Etenant%26gt%3B.sharepoint.com%20and%20not%20the%20created%20Group%20Site.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ETo%20generate%20the%26nbsp%3BGroup%20Site%20I%20have%20to%20go%20to%20URL%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Ehttps%3A%2F%2F%3CTENANT%3E.sharepoint.com%2F_layouts%2Fgroupstatus.aspx%3Fid%3Dd4583dd1-f66b-4a32-a780-2d695fe61f70%26amp%3Btarget%3Dsite%3C%2FTENANT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Ewhere%20id%20is%20the%20group%20ID.%20After%205-10%20seconds%20it's%20generated.%20When%20I%20try%20to%20fire%20of%20the%20URL%20from%20my%20app%2C%20I%20get%20%3CEM%3EUnauthorized%3C%2FEM%3E%20even%20if%20the%20app%20have%20full%20authorization%2Fall%20permisions%20for%20SharePoint%20in%20Azure%20Ad.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAre%20there%20any%20way%20I%20can%20generate%20the%20group%20site%26nbsp%3Bprogrammatically%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAddition%3A%20I%20have%20tried%20to%20authenticate%20the%20http%20request%20as%20myself%20in%20the%20c%23%20app.%20It%20succed%20for%26nbsp%3Bhttps%3A%2F%2F%3CTENANT%3E.sharepoint.com%2F_api%2Fweb%2Flists%20but%20fails%20with%20the%20same%20authentification%20with%20%3CEM%3EUnathorized%3C%2FEM%3E%20for%20https%3A%2F%2F%3CTENANT%3E.sharepoint.com%2F_layouts%2Fgroupstatus.aspx%3Fid%3Dd4583dd1-f66b-4a32-a780-2d695fe61f70%26amp%3Btarget%3Dsite%3C%2FTENANT%3E%3C%2FTENANT%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-101589%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20site%20for%20Office%20365%20group%20not%20created%20when%20group%20is%20created%20programmatically%20via%20Grap%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-101589%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20now%20working%20as%20expected.%20You%20can%20create%20O365%20groups%20with%20SharePoint%20sites%20via%20Graph%20API%20using%20app-only%20credentials.%20I%20am%20using%20the%20PnP%20UnifiedGroups%20utility%20and%20this%20works%20pretty%20well%20with%20a%20few%20exceptions%20though%20now%20and%20than.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-83387%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20site%20for%20Office%20365%20group%20not%20created%20when%20group%20is%20created%20programmatically%20via%20Grap%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-83387%22%20slang%3D%22en-US%22%3E%3CP%3EI%20had%20the%20same%20issue%20with%20app%20only%20authentication%20and%20ended%20up%20with%20the%20same%20solution%20as%20you%20-%20make%20a%20http%20request%20authenticating%20as%20a%20user.%20The%20PnP%20library%20internally%26nbsp%3Bmakes%20a%20request%20to%20the%20Graph%20API%20root%20drive%20to%20try%20and%20trigger%20the%20site%20to%20be%20provisioned%20but%20this%20too%20fails%20with%20app-only%20credentials.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20love%20to%20see%20this%20change%20as%20it's%20really%20messy%20to%20do%20http%20requests%20as%20a%20user%26nbsp%3Bin%20our%20provisioning%20engine%20when%20we%20would%20rather%20just%20use%20app-only%20authentication.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-81099%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20site%20for%20Office%20365%20group%20not%20created%20when%20group%20is%20created%20programmatically%20via%20Grap%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-81099%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20I%20have%20tried%20it%20but%20had%20problems%20with%20the%20athentification%20token%20which%20always%20gave%20me%20%22Unauthorized%22%20(or%20something)%20even%20if%20the%20app%20had%20full%20permisions%20in%20Azure%20AD.%20After%20several%20tries%20I%20found%20an%20other%20way%20which%20works.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20current%20coding%20works%20fine%20with%20only%20Read%2FWrite%20Group%20permission%2C%20but%20the%20site%20is%20not%20created.%20For%20this%20I%20use%20a%20user%20context%20to%20activate%20by%20doing%20a%20get-request.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-81081%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20site%20for%20Office%20365%20group%20not%20created%20when%20group%20is%20created%20programmatically%20via%20Grap%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-81081%22%20slang%3D%22en-US%22%3EHow%20are%20you%20creating%20the%20group%3F%20Have%20you%20tried%20this%20code%20from%20the%20PnP%20team%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Fpnp_articles%2Fmodern-experience-customizations-provisioning-sites%23provisioning-a-modern-team-site-using-the-pnp-csom-core-component%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Fpnp_articles%2Fmodern-experience-customizations-provisioning-sites%23provisioning-a-modern-team-site-using-the-pnp-csom-core-component%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20theory%2C%20it%20says%3A%20%22Modern%22%20team%20sites%20are%20created%20programmatically%20by%20creating%20an%20Office%20365%20group%20using%20Microsoft%20Graph.%20When%20you%20create%20an%20Office%20365%20group%20a%20%22modern%22%20team%20site%20is%20automatically%20provisioned%20for%20the%20group.%20The%20%22modern%22%20team%20site%20URI%20will%20be%20based%20upon%20the%20mailNickname%20parameter%20of%20the%20Office%20365%20group%20and%20has%20the%20following%20default%20structure%22%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-80542%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20site%20for%20Office%20365%20group%20not%20created%20when%20group%20is%20created%20programmatically%20via%20Grap%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-80542%22%20slang%3D%22en-US%22%3E%3CP%3EI%20finally%20got%20it%20working%20by%20using%26nbsp%3B%3CSPAN%3ESharePoint%20Online%20HTTP%20handler%20(%3C%2FSPAN%3E%3CSPAN%20class%3D%22pl-en%22%3ESPHttpClientHandler)%20from%20this%20page%20to%20post%20the%26nbsp%3Bactivation%20url.%26nbsp%3B%3C%2FSPAN%3EIt%20uses%20a%20logged%20on%20users%20context%20and%20not%20Azure%20App%20context.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20still%20wonder%20if%20it's%20possible%20to%20create%20the%20Office%20365%20SharePoint%20site%26nbsp%3Busing%20Azure%20App%20authorization%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I have created Office 365 Group programmatically via C# and Graph. The group shows up as expected in Outlook but when I try to enter the site https://<tenant>.sharepoint.com/teams/<mailNickName> I just got an "empty" page with:

HTTP/1.1 200 OK
Server: Microsoft-IIS/8.5
Date: Wed, 21 Jun 2017 07:56:01 GMT
Connection: close

When I try to access the site via Csom I get to the root https://<tenant>.sharepoint.com and not the created Group Site.

To generate the Group Site I have to go to URL:

https://<tenant>.sharepoint.com/_layouts/groupstatus.aspx?id=d4583dd1-f66b-4a32-a780-2d695fe61f70&target=site

where id is the group ID. After 5-10 seconds it's generated. When I try to fire of the URL from my app, I get Unauthorized even if the app have full authorization/all permisions for SharePoint in Azure Ad.

 

Are there any way I can generate the group site programmatically?

 

Addition: I have tried to authenticate the http request as myself in the c# app. It succed for https://<tenant>.sharepoint.com/_api/web/lists but fails with the same authentification with Unathorized for https://<tenant>.sharepoint.com/_layouts/groupstatus.aspx?id=d4583dd1-f66b-4a32-a780-2d695fe61f70&target=site

5 Replies
Highlighted

I finally got it working by using SharePoint Online HTTP handler (SPHttpClientHandler) from this page to post the activation url. It uses a logged on users context and not Azure App context.

 

I still wonder if it's possible to create the Office 365 SharePoint site using Azure App authorization

Highlighted
How are you creating the group? Have you tried this code from the PnP team:
https://msdn.microsoft.com/en-us/pnp_articles/modern-experience-customizations-provisioning-sites#pr...

In theory, it says: "Modern" team sites are created programmatically by creating an Office 365 group using Microsoft Graph. When you create an Office 365 group a "modern" team site is automatically provisioned for the group. The "modern" team site URI will be based upon the mailNickname parameter of the Office 365 group and has the following default structure"
Highlighted

Yes I have tried it but had problems with the athentification token which always gave me "Unauthorized" (or something) even if the app had full permisions in Azure AD. After several tries I found an other way which works. 

 

My current coding works fine with only Read/Write Group permission, but the site is not created. For this I use a user context to activate by doing a get-request.

Highlighted

I had the same issue with app only authentication and ended up with the same solution as you - make a http request authenticating as a user. The PnP library internally makes a request to the Graph API root drive to try and trigger the site to be provisioned but this too fails with app-only credentials.

 

Would love to see this change as it's really messy to do http requests as a user in our provisioning engine when we would rather just use app-only authentication.

Highlighted
Solution

This is now working as expected. You can create O365 groups with SharePoint sites via Graph API using app-only credentials. I am using the PnP UnifiedGroups utility and this works pretty well with a few exceptions though now and than.