ghost
commented
2 years ago Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
Closed manufz closed 2 years ago
ghost
commented
2 years ago Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
patmill
commented
2 years ago Clarification on this. When you say "embedded webpart" what do you mean? Do you mean an isolated part?
manufz
commented
2 years ago @patmill I meant just a βnormalβ webpart on a page, so not isolated or full page.
lucabandMSFT
commented
2 years ago @manufz, are you experiencing some bad / unexpected behaviors or you are just curious to understand why you see (I believe in the browser debug tools) two different principals making Graph queries?
manufz
commented
2 years ago @lucabandMSFT yes the problem is that SharePoint Online Web Client Extensibility does not have the required permissions to make the Graph calls so they fail with an error 403.
lucabandMSFT
commented
2 years ago So.. that somewhat confusing: that application principal you mentioned is for 1st party code and you should not use it. Do you see the error due a custom web part / component you are using? if yes, what is the code that is triggering the error?
manufz
commented
2 years ago @lucabandMSFT It's a (custom) SPFx webpart that makes a Graph call via MSGraphClient to "me/calendar/calendarView". If I look at the network traffic I can see from the access token used for that request that it uses this other service principal. I'm not sure how often users experience this issue (they mentioned it a couple of times though), but I can reproduce it as described above (opening the site in a new tab).
lucabandMSFT
commented
2 years ago @manufz, following up on this one: is the issue still happening?
ghost
commented
2 years ago This issue has been automatically marked as stale because it has marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within the next 7 days of this comment. Please see our wiki for more information: Issue List Labels: Needs Author Feedback & Issue List: No response from the original issue author
ghost
commented
2 years ago Closing issue due to no response from the original author. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: No response from the original issue author
Target SharePoint environment
SharePoint Online
What SharePoint development model, framework, SDK or API is this about?
π₯ SharePoint Framework
Developer environment
Windows
What browser(s) / client(s) have you tested
Additional environment details
Describe the bug / error
When opening a SharePoint site with an embedded webpart sometimes SharePoint Online Web Client Extensibility is used instead of SharePoint Online Client Extensibility Web Application Principal for MSGraphClient calls. If the site is opened in a new tab most of the time the first principal is used (which does not have the approved permissions). After a page refresh the correct service principal is (always) used.
The issue could only be reproduced on a site where Dashboard (Preview) for Viva Connections webpart is also embedded.
We did visit the API access page in the Admin Center with a Global Admin. After that the hint "We're setting up access to Azure AD resources." was displayed, so the update should have been applied. Also the permissions disappeared after that as mentioned in another issue (https://github.com/SharePoint/sp-dev-docs/issues/7348).
Steps to reproduce
.
Expected behavior
MSGraphClient should always use SharePoint Online Client Extensibility Web Application Principal for Graph calls.