SharePoint Guest Users API Access - Unauthorized
Hello, we've build an Azure AD App that uses MSAL to authenticate against SharePoint. The auth flow works fine, till we try to access SharePoint resources with guest users. We've tried several solutions and configurations but we always get the answere: "Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown." Is there any policy that does not allow guest users to access sharepoint through the sharepoint api? Direct access to sharepoint works without a problem. Thanks in advance Michael
Call to AAD secured azure function not working from SPFX web part
We had tested calling an AAD secured azure function from spfx webpart using “SharePoint Online authentication cookie” approach detailed in the official documentation here https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-aad The steps described in the documentation are correctly followed and this method worked for us 3 weeks ago as the response received from AAD was with status 200 and the call was successful. Since Friday however it seems that there has been a change on the authentication flow and now the azure function call receives a response code 302 , which is rejected by the browser as per the CORS specs. With following message Failed to load <function URL>: Response for preflight is invalid (redirect). Has anyone tried using this approach recently? any ideas how to solve it?Unable to Clone SharePoint Context from tenant to Specific Site Collection in Azure AD App
I Created a web application with Azure AD authentication using Azure AD Application. I had granted all permission for SharePoint Online, Graph API and Active Directory to the App for provisioning Site collections(creation and Deletion) which is working fine. In my web application, I am accessing the site collections through tenant Context( https://tenant-admin.sharepoint.com ) using access tokens from the Azure AD App. I am trying to switch the client context of tenant to Site Collection Context using the clone method in OfficeDevPnP.Core. Below is the code sample. var tenant = new Tenant(spcontext); spcontext.Load(tenant); spcontext.ExecuteQuery(); var site = tenant.GetSiteByUrl(webUrl); spcontext.Load(site); spcontext.Load(site.RootWeb); spcontext.ExecuteQuery(); string pageName = "mypage.aspx"; ClientSidePage page = ClientSidePage.Load(spcontext, pageName); var components = page.AvailableClientSideComponents(); string wpName = "Intranet Manager"; List<string> componentsnames = components.Select(k => k.Name).ToList(); var webPartToAdd = components.Where(wp => wp.ComponentType == 1 && wp.Name == wpName).FirstOrDefault(); if (webPartToAdd != null) { ClientSideWebPart clientWp = new ClientSideWebPart(webPartToAdd) { Order = -1 }; page.AddControl(clientWp); } page.Save(pageName); spcontext.ExecuteQuery(); I am getting the error I am Getting the error "The remote server returned an error: (401) Unauthorized." at the line ClientSidePage page = ClientSidePage.Load(newSiteContext, pageName); If we pass user credentials with the necessary permission for creating the tenant Context, the clone was working as fine. When we tried to the same with the access tokens we are getting the above error. The Azure AD App is given all required permission in the Azure portal.
