SharePoint Guest Users API Access - Unauthorized
Hello, we've build an Azure AD App that uses MSAL to authenticate against SharePoint. The auth flow works fine, till we try to access SharePoint resources with guest users. We've tried several solutions and configurations but we always get the answere: "Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown." Is there any policy that does not allow guest users to access sharepoint through the sharepoint api? Direct access to sharepoint works without a problem. Thanks in advance Michael
SharePoint 2016: Users forced to re-authenticate unexpectedly
Users are being forced to reauthenticate. We have tried setting a few configurations via PowerShell that we read about online, but nothing seems to change this problem. Any tips would be greatly appreciated. If anyone has their settings so that people stay logged on for 8 hours or even longer, it wold be great to see what you have set. Here is a script that we ran: if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) { Add-PSSnapin "Microsoft.SharePoint.PowerShell" } Get-SPSecurityTokenServiceConfig $mysts = Get-SPSecurityTokenServiceConfig #$mysts.WindowsTokenLifetime = (New-TimeSpan -Minutes 20) #$mysts.LogonTokenCacheExpirationWindow = (New-TimeSpan -Minutes 19) #$mysts.Update() #Set-SPSecurityTokenServiceConfig -ServiceTokenLifetime 1000Implementing RefreshToken for AuthenticationManager.GetAppOnlyAuthenticatedContext (OfficeDevPnP)
Hi all - I recently stumbled upon a small issue with OfficeDevPnP AuthenticationManager. I have a long-running console program using GetAppOnlyAuthenticatedContext() to build SharePoint Online context for me, but after roughly 70 minutes I start getting 401 errors for my queries. That's understandable - access token lifespan is 75 minutes. However, I couldn't find any method to get a RefreshToken, and prolong the time my session would be valid... I proceeded to fork the repository and see if I could implement a reauthentication flow into EnsureToken, since it sets the accesstoken to null when it's about to expire (which is smart in a sense, but doesn't help me here), but I couldn't get a RefreshToken by using the TokenHelper (it's null in the response). Is there something I'm missing, or is implementing a reauthentication using a RefreshToken impossible for a console app here? Should I change authentication method? My app is quite often going to run for hours at a time, so it would be handy to find a way to enable the sessions to be more long-lived... :) Thanks for any feedback or ideas. Cheers!
Unable to call graph API from SharePoint page
I am trying to call the graph API for fetching user profile information. The blog post I followed is http://julieturner.net/2017/01/extending-sharepoint-with-adal-and-the-microsoft-graph-api-part-1-the-setup/ My AAD app config is like: URL: https://tenant.sharepoint.com/ Reply-url: https://tenant.sharepoint.com/ Permissions: Graph API :: Read all users' full profiles However, I am getting an error of invalid reply url. Not sure what reply url is it trying to send the response to.
