Teams personal app SPFx Graph Request Error 403

New Contributor

I´ve built an SPFx Webpart, which requests a SharePoint list via the Microsoft Graph. It works fine in both SharePoint and as a Microsoft Teams Tab. However, when I try to run it in Teams as a personal App, I always get an error 403 forbidden.

 

As a debug measure, I followed a Microsoft tutorial on making a simple graph call https://docs.microsoft.com/de-de/sharepoint/dev/spfx/use-msgraph. After trying the webpart in both SharePoint and Teams again, I ran into the same issue. It works both in SharePoint and as a Teams tab, but not as a Teams personal app.

 

 

public render(): void {
this.context.msGraphClientFactory
  .getClient()
  .then((client: MSGraphClient): void => {
    // use MSGraphClient here
    // get information about the current user from the Microsoft Graph
    client
      .api('/me')
      .get((error, user: MicrosoftGraph.User, rawResponse?: any) => {
        console.log(user);

        this.domElement.innerHTML = `
          <div class=${styles.container}>
            <h2>${user.displayName}</h2>
          </div>
        `;

        if(error) {
          console.log("Error: ");
          console.log(error);
        }

    });
  });
}

 

 

As the last test, I downloaded an already made and functioning project which requests data via the Microsoft Graph https://github.com/pnp/sp-dev-fx-webparts/tree/master/samples/react-teams-personal-app-settings, and it returned the same error.

 

Additionally, the global admins in our tenant have no issue using these apps as a Microsoft Teams personal App. The problem only occurs for standard users.

 

Does anyone know why this web part won't work as a personal app but anywhere else, and also how to fix this issue?

4 Replies

@jblConsult , I believe you are facing permission issue, Could you please check if your tenant administrator has granted the permissions Sites.Read.All, Sites.ReadWrite.All at admin level?

Thank you for the reply @Trinetra-MSFT
Well, the global admins already granted the required permissions, and the apps are already working in SharePoint and as Teams tabs, but sadly still not as Teams personal apps.
 

@jblConsult , You need to do sync with Team in your sharepoint app catalog to see the tab in your personal scope.

@Trinetra-MSFT 

Well, an admin synced the solution via the sync-to-teams button to teams, but we still get the same error.
Also, funny enough, an admin granted the permissions again, and now it works in the web client as a personal app as well but not in the desktop client as a personal app...

Do you have any other idea why this isn't working?