search

OneDrive / samples

Contains samples, scenarios, and guidance for integrating with OneDrive and SharePoint drives, drive items, and files.
MIT License
58 stars 59 forks source link

Specifying sharedLibraries = true in typesAndSources.pivots generates a security related exception #7

Closed chartnado-brian-haas closed 2 years ago

chartnado-brian-haas commented 2 years ago

We want to allow users to pick files from SharePoint and Teams sites/drives as well as their personal OneDrive folder. The documentation indicates that this should be performed by specifying sharedLibraries = true as described in the issue summary. When the picker is presented, the user's list of SharePoint and Teams sites shows correctly on the left hand side of the picker. However, as soon as a SharePoint site is selected on the left hand side in order to view that site's files, the following message is presented to the user:

Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown.

To reproduce this error:

  1. Start with the basic js demo located in samples/file-picking/javascript-basic
  2. In auth.js, specify the tenant id as described in the documentation
  3. In index.html, set the baseUrl to the user's base OneDrive path as described in the documentation (for example "https://XXXXXXXX-my.sharepoint.com")
  4. In index.html, at line 38, add the property sharedLibraries: true to the pivots property

The expected behavior is that the user can navigate SharePoint/Teams sites/drives as well as their own OneDrive files. The actual behavior is that a user can browse their own files, but an exception is presented when attempting to view SharePoint/Teams files.

onedrive

patrick-rodgers commented 2 years ago

Hi @chartnado-brian-haas - sorry I am not able to duplicate this currently, but want to see if we can help here.

When you select the quick access are you getting an auth message from the control asking for a new token? Wondering if perhaps the -my token audience is not working there and you need to get a fresh token for the sp url?

chartnado-brian-haas commented 2 years ago

You are correct. I need to provide tokens for https://tenant.sharepoint.com and https://tenant-my.sharepoint.com.

I'm not sure why the basic javascript demo doesn't work for me. It is requesting tokens for the 2 separate resources, but the same token is returned as a result. I can see personal files only with the demo, and not SharePoint site files.

We use msal.net and not msal.js in our solution, and the tokens we get from that are different between OneDrive and SharePoint. Consequently, I now have a working solution in our application but the demo still doesn't work for me.

Thanks!

patrick-rodgers commented 2 years ago

Glad you got it working, we'll have to review the demo code and see what might be wrong there. Thanks!