OneDrive / samples

Contains samples, scenarios, and guidance for integrating with OneDrive and SharePoint drives, drive items, and files.
MIT License
58 stars 58 forks source link

Scope Definition for V8 version #6

Closed SiddThakur closed 2 years ago

SiddThakur commented 2 years ago

Hello,

I am trying to implement a picker to access OneDrive/Sharepoint using V8.0 for my organisation. We have a working setup for V7.2 and planning to migrate on V8 version.

Scope (V7.2) : profile openid https://graph.microsoft.com/User.Read https://graph.microsoft.com/Files.Read.All Scope (V8) : https://xxxxxxxxx-my.sharepoint.com/.default (Only Scope that worked)

It seems the scopes my organisation was using for V7.2 are no longer working for V8 version. V8 version is only working with baseUrl/.default

If we try with same scope that we defined for V7.2 version, we receive below error {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}

Is there any way that V8 version will work with below scope? "profile openid https://graph.microsoft.com/User.Read https://graph.microsoft.com/Files.Read.All"

Question 2 : What should be the baseURL for personal user accounts. e.g xxx-yyy@gmail.com lmn.pqr@gmail.com ?

patrick-rodgers commented 2 years ago

Correct, the v8 picker currently uses non-graph APIs and requires the scope you have indicated.

For your second question, are those accounts using OneDrive consumer? If so that should be:

scope: OneDrive.ReadWrite authority: https://login.microsoftonline.com/consumers

SiddThakur commented 2 years ago

In our case, Consumer Accounts (gmail.com etc) can connect their OneDrive account and share files with the Picker.

From V7.2 version it is observed that for Org Users : https://xxxxx-my.sharepoint.com/personal/xxxxx_com/_layouts/onedrive.aspx?p=2&picker={...} Consumer Accounts : https://onedrive.live.com/?v=2&picker={...}

Also URL redirection decision was taken in the OneDrive72.js which is JavaScript SDK given for the 7.2 version

For V8 version, explicit need of baseURL is there while launching a picker. For Consumer accounts we did tried https://onedrive.live.com/ as baseURL and scope : OneDrive.ReadWrite and authority : https://login.microsoftonline.com/consumers

We got error screen “This item might not exist or no longer available”

Screenshot 2022-07-08 at 10 51 11 AM

For Consumer account we do not have a particular tenant to host the picker and as per 7.2 version https://onedrive.live.com/ is no longer working as a baseURL. Hence what should be the baseURL for the Consumer/Non-Org accounts? Question 2 : How to differentiate from Organization and Consumer account from the token?

SiddThakur commented 2 years ago

In Our App, Picker is not specific for our organisation Different Org/Consumer users can add their OneDrive/SharePoint accounts and share the content.

For the Business User Login, Picker will be hosted on their particular Org Location based on the login. Which is not in the App's control.

For Non-Business Users, it could be a generic (for .gmail.com it could be onedrive.live.com)

As different users can add different type of accounts, depending on the login, baseURL to launch the picker needs to be decided. We need a way to determine what should be the baseURL for each logged in user Business/Non-Business.

patrick-rodgers commented 2 years ago

The baseUrl value should be https://onedrive.live.com/picker for consumer accounts.

By design the picker requires you to know prior to launching into what "tenant" it is being loaded. That is the baseUrl value you refer to. You would not be able to identify consumer/enterprise accounts from the token as the token is generated based on the audience you supply, unless I am misunderstanding the question.

In your application it seems like you have a single account on your side where users can add one or more OneDrive/SharePoint accounts as sources? If that is the case you would need to store some tenant information for each to allow you to authenticate them and load the picker for the correct source location. There isn't a way to say "for this random account give me access to all the tenants/OneDrives to which they have access". Before you even load the picker you'd need to know where they are targeting to correctly resolve the tokens. But again, perhaps I am missing something.

SiddThakur commented 2 years ago

We tried "https://onedrive.live.com/picker" as a base URL for the Consumer Account.

We are receiving Error for the Scope as mentioned. We tried all possible combinations for the Scope

  1. Scope : https://onedrive.live.com/picker/.default

12_36_35

2.Scope : OneDrive.ReadWrite

Screenshot 2022-07-08 at 10 51 11 AM

For Consumer Accounts we were unable to get the Sample Code working.

Is there an example of using OneDrive Picker v8 with personal Microsoft accounts? All the examples/Samples I can see use business accounts only.

patrick-rodgers commented 2 years ago

Just added a new basic sample showing how to use the picker with consumer (personal accounts).

rahul-vyavahare commented 2 years ago

@patrick-rodgers Hello, I am trying to implement a picker to access OneDrive/Sharepoint using V8.0 for my organisation(react app). I tried your repository samples/file-picking/javascript-consumers/ code but its working for OneDrive Picker i also want to integrate SharePoint Picker so base url for SharePoint and scopes is missing in that repository and i am also confused with API Permission in ADD app. It will be grate if you help me step by step or with code. Thanks.. image

patrick-rodgers commented 2 years ago

@rahul-vyavahare - moved your comment to a new issue. This issue is resolved so closing it as answered. Thanks!