ghost
commented
2 years ago Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
Closed techienickb closed 2 years ago
ghost
commented
2 years ago Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
lucabandMSFT
commented
2 years ago @techienickb , thanks. Can you please navigate to the API Access Page in SharePoint tenant admin with an user that is both AAD Global Admin and SharePoint Tenant Admin? that should fix your issue.
techienickb
commented
2 years ago @lucabandMSFT done that, is there a delay on how long it can take to take effect?
lucabandMSFT
commented
2 years ago that should be somewhat immediate. Can you please past here the manifest from AAD for the "SharePoint Online Client Extensibility Web Application Principal" object? I want to be sure everything is set up properly there.
techienickb
commented
2 years ago {
"id": "529e8c5c-f5b6-49b2-b42b-53b2cb2a6ff6",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 1,
"addIns": [],
"allowPublicClient": null,
"appId": "3377a2c1-9fba-4377-85e3-b16cd40045ba",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2018-11-13T09:36:03Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [
"api://48f9394d-8a14-4d27-82a6-f35f12361205/microsoft.spfx3rdparty.com"
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "SharePoint Online Client Extensibility Web Application Principal",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": true,
"oauth2AllowImplicitFlow": true,
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on behalf of the signed-in user.",
"adminConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"id": "a5dca735-4e4e-43d5-8d18-291966ae1d1c",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on your behalf.",
"userConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"value": "user_impersonation"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": "xxxxxxxxxxxxxxxxxx",
"endDate": "2069-06-19T06:53:48.8324743Z",
"keyId": "2b748beb-e7e9-4686-908a-562a0d975f31",
"startDate": "2019-06-19T06:53:48.8324743Z",
"value": null,
"createdOn": null,
"hint": null,
"displayName": null
}
],
"preAuthorizedApplications": [
{
"appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
"permissionIds": [
"a5dca735-4e4e-43d5-8d18-291966ae1d1c"
]
},
{
"appId": "08e18876-6177-487e-b8b5-cf950c1e598c",
"permissionIds": [
"a5dca735-4e4e-43d5-8d18-291966ae1d1c"
]
},
{
"appId": "00000003-0000-0ff1-ce00-000000000000",
"permissionIds": [
"a5dca735-4e4e-43d5-8d18-291966ae1d1c"
]
}
],
"publisherDomain": null,
"replyUrlsWithType": [
{
"url": "https://fluidpreview.office.net/spfxsinglesignon",
"type": "Web"
},
{
"url": "https://dev.fluidpreview.office.net/spfxsinglesignon",
"type": "Web"
},
{
"url": "https://xxxx.sharepoint.com/",
"type": "Web"
},
{
"url": "https://xxxx.sharepoint.com/_forms/singlesignon.aspx",
"type": "Web"
},
{
"url": "https://xxxx.sharepoint.com/_forms/singlesignon.aspx?redirect",
"type": "Web"
},
{
"url": "https://xxxxx.sharepoint.com/_forms/spfxsinglesignon.aspx",
"type": "Web"
},
{
"url": "https://xxxxx.sharepoint.com/_forms/spfxsinglesignon.aspx?redirect",
"type": "Web"
},
{
"url": "https://xxxxx-admin.sharepoint.com/_forms/spfxsinglesignon.aspx",
"type": "Web"
}
],
"requiredResourceAccess": [],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADMyOrg",
"tags": [],
"tokenEncryptionKeyId": null
}@techienickb , thanks. One additional question: is the problem surfacing in Teams Mobile or also in Teams rich client?
techienickb
commented
2 years ago @lucabandMSFT works fine in the rich client and workbench, just a no go in Android (I don't have iOS so can't test there)
lucabandMSFT
commented
2 years ago @techienickb , thanks. When you say "work fine in rich client" you mean that you had Viva connections configured in the desktop point to a homesite and you have the dashboard web part deployed there and you are consuming it form the Teams client, right?
techienickb
commented
2 years ago @lucabandMSFT the viva connections dashboard via the web (as well as the workbench)
lucabandMSFT
commented
2 years ago oh wait, taht's different. can you please try on Teams Desktop and see if that works?
if that doesn't work either then I think I know what's wrong and the good news is that there's a easy way to fix it.
techienickb
commented
2 years ago It doesn't work in Teams full client either, is that of help? Works in the browsers (chrome/edge/firefox)
lucabandMSFT
commented
2 years ago it actually is. Can you please perform this set of steps to see if that solves the problem?
now, go to the API Access page in SPO Tenant admin with an user that has both SPO Tenant admin and AAD Global Admin roles (that part is very important). Wait for the page to full load and then check if that solves the issue.
What that would do is it will create a new client secret and store the value in a permanent cache in SharePoint server side.
techienickb
commented
2 years ago I'll give that a try tomorrow, I'll have to get one of the GA's to do the API access bit, unless Application Admin + SharePoint Admin PIM roles will do it? 🫰
lucabandMSFT
commented
2 years ago no, Global Admin is needed a this point.
techienickb
commented
2 years ago @lucabandMSFT thanks for your help, that has fixed it.
lucabandMSFT
commented
2 years ago @techienickb, thanks a lot for the feedback. Glad that got resolved.
techienickb
commented
2 years ago I'll update the ACE issue with a link to the fix
ghost
commented
2 years ago Issues that have been closed & had no follow-up activity for at least 7 days are automatically locked. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: Issue List: Our approach to locked issues
Target SharePoint environment
SharePoint Online
What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Developer environment
Windows
What browser(s) / client(s) have you tested
Additional environment details
Describe the bug / error
Mobile Teams app, SPFx's msGraphClientFactory isn't initializing correctly and is throwing an error "Unable to retrieve Client Secret"
Some more info and an example ACE can be found at https://github.com/pnp/sp-dev-fx-aces/issues/54
Steps to reproduce
Expected behavior
Graph calls and retrieves data.