msft-github-bot
commented
4 years ago Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
Closed MrTantum closed 2 years ago
msft-github-bot
commented
4 years ago Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
andrewconnell
commented
4 years ago Please don't delete the relevant questions that were in the template... these are needed for context. Please complete the original section:
DELETE THIS LINE BEFORE SUBMITTING - Complete the following (if ignored you'll be prompted for it before we can address your issue... save the time and provide it in your initial submission).
MrTantum
commented
4 years ago Sorry. I have added the missing information.
lucabandMSFT
commented
2 years ago So, we had some problems back to that time that we think we have fully fixed now. Can you please perform the following steps to see if that solves the issue: on each geo location where the app catalog exists, go to the API access page in SPO tenant admin for that location using an account that is Global Admin in AAD: that will create the right URIs in the application principal in AAD and also enable the right information in SPO for the auth process.
MrTantum
commented
2 years ago Thanks for the feedback. I have no possibility to check this anymore in the affected tenant. We just have to hope that this has been fixed.
ghost
commented
2 years ago Issues that have been closed & had no follow-up activity for at least 7 days are automatically locked. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: Issue List: Our approach to locked issues
Category
Describe the bug
On a Tenant where the multi geo features for SharePoint have been enabled the SPFX
aadTokenProviderFactoryis failing on the non-Worldwide geo location with:InvalidAccessError: A parameter or an operation is not supported by the underlying objectSteps to reproduce
Add a webpart or application customizer using the aadTokenProviderFactory to a site collection of a SharePoint geo tenant which is not your master geo tenant:
aadTokenProviderFactory.getTokenProvider().then(tokenProvider => tokenProvider.getToken('ClientId'));Expected behavior
The function should return a valid jwt token because the redirect URIs for the second geo location should have been automatically added to the SharePoint Online Client Extensibility Web Application Principal app.
Alternatively please add somewhere to the documentation that you need to manually add the redirect uris for each geo location.
Environment details (development & target environment)
OS: Windows 10 Target Environment: SharePoint Online Framework: Javascript Browser(s): Chrome 81.0.4044.138 Tooling: SPFx v1.10
Additional context
Geo locations
The two geo locations look like this:
login.microsoftonline.com error
We digged a little bit deeper and found that https://login.microsoftonline.com is returning the following error message:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'dea06361-c2f8-4aa5-8a74-2bf7dc911ced'.dea06361-c2f8-4aa5-8a74-2bf7dc911ced is the id of the SharePoint Online Client Extensibility Web Application Principal app.
We checked the redirect uris of this app and saw that it only contains the redirect uris for exampleTenant.sharepoint.com and not for exampleTenantNAM.sharepoint.com.
We have manually added the redirect urls for the exampleTenantNAM.sharepoint.com location Afterwards the error did not appear anymore.