search

OneDrive / samples

Contains samples, scenarios, and guidance for integrating with OneDrive and SharePoint drives, drive items, and files.
MIT License
58 stars 59 forks source link

File picker, SPFx and permissions #63

Open rgcircum opened 10 months ago

rgcircum commented 10 months ago

Hi, I try to use File picker V8 with SPFX, it's working but permissions as strange behavior.

I have created a sample : https://github.com/rgcircum/spfx-sp-filepicker-sample

I have based the SPFx sample with the sample by @patrick-rodgers (thanks)

The idea is to be able to use the filePicker without declaring an AAD application

i'm get Token by AadTokenProviderFactory

public async getToken(command: IAuthenticateCommand): Promise<string> {
    const _aadTokenProvider = await this._aadTokenProviderFactory.getTokenProvider();
    const _authToken = await _aadTokenProvider.getToken(command.resource);
    return _authToken;
}

If i'm use the permissions :

{
  "resource": "Microsoft Graph",
  "scope": "Files.ReadWrite.All"
},
{
  "resource": "Microsoft Graph",
  "scope": "Sites.ReadWrite.All"
},
{
  "resource": "Microsoft Graph",
  "scope": "AllSites.Write"
},
{
  "resource": "Microsoft Graph",
  "scope": "MyFiles.Write"
},

This not work, i have this error :

ServerError: AADSTS500011: The resource principal named https://***/sites/Test was not found in the tenant named ***. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

If i add the permission :

{
  "resource": "Windows Azure Active Directory",
  "scope": "User.Read"
},

The WebPart work!!! but only in SharePoint, on Teams tab, I have always AADSTS500011 error.

For Teams tab, i have tested this permissions :

{
  "resource": "Microsoft Graph",
  "scope": "ChannelSettings.ReadWrite.All"
},

But, i have the same error.

Another problems, the documentation explains that i can use *.read permissions, but that doesn't work. I thought it could work without the upload functionality, but not. it's a problem, the write permissions is to large (ex : AllSites.Write), lot of client do not accept this permissions for security purpose.

rgcircum commented 9 months ago

I have no answer, Issue reposted on sp-dev-docs repos : https://github.com/SharePoint/sp-dev-docs/issues/9503

chr-sad commented 9 months ago

I am trying something similar, but I only get blank white pages, no error's in the console or blocked network requests. I then downloaded your sample (@rgcircum) but still see only blank pages - is this an indication, that I have the permissions set up incorrect? I tried it in multiple ways (with own app, without, ...) but I have never seen anything but a blank screen.

rgcircum commented 9 months ago

If you valid Graph authorization, it's works, but with bug's have that I brought up.

rgcircum commented 9 months ago

Correct authorization (working for me) :

{
  "resource": "Microsoft Graph",
  "scope": "Files.ReadWrite.All"
},
{
  "resource": "Microsoft Graph",
  "scope": "Sites.ReadWrite.All"
},
{
  "resource": "Microsoft Graph",
  "scope": "AllSites.Write"
},
{
  "resource": "Microsoft Graph",
  "scope": "MyFiles.Write"
},
{
  "resource": "Windows Azure Active Directory",
  "scope": "User.Read"
},
chr-sad commented 9 months ago

@rgcircum thanks for your correct authorization. Today I got it working as well! I do not know why it did not work last week - i have not changed anything on the privileges side. Thanks for your help!! But I agree with your comment, some permissions are very large and we will not get them from many clients too.

rgcircum commented 6 months ago

@JCrew0 you have (enventualy good) news for this ?