SPFX graph api error

[harshdamaniahd]

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Developer environment

None

What browser(s) / client(s) have you tested

• [ ] 💥 Internet Explorer
• [ ] 💥 Microsoft Edge
• [ ] 💥 Google Chrome
• [ ] 💥 FireFox
• [ ] 💥 Safari
• [X] mobile (iOS/iPadOS)
• [X] mobile (Android)
• [ ] not applicable
• [ ] other (enter in the "Additional environment details" area below)

Additional environment details

• browser version
• SPFx version
• Node.js version
• etc

Describe the bug / error

Hi, We get this error again now AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. and sometimes missing refresh token

This usually occurs when we use aadTokenProviderFactory

const provider = await context.aadTokenProviderFactory.getTokenProvider(); const accessTokenValue: string = await provider.getToken( "api://" + appid ); const body: string = JSON.stringify({ id_token: accessTokenValue, });

Steps to reproduce

Open teams, viva connections, sharepoint page and then we get this error when we open a webpart with this code

Expected behavior

it should make silent request for token

[ghost]

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

[GrahamMcMynn]

Hi @harshdamaniahd . What are you using to access SharePoint? Are you using the mobile apps when receiving this error? Or are you using a browser and accessing SharePoint via URL?

[harshdamaniahd]

Hi @harshdamaniahd . What are you using to access SharePoint? Are you using the mobile apps when receiving this error? Or are you using the a browser and accessing SharePoint via URL?

Hi, I am accessing a webpart hosted on a sharepoint page from teams mobile app, its the landing page of our intranet. I am just generating a token to azure AD app using aadTokenProviderFactory

[GrahamMcMynn]

Thanks for the response. Unfortunately, I have one more question. Is this a 3rd party app or are you actually using Viva Connections?

[GrahamMcMynn]

And when I say 3rd party app, I mean a custom teams app that somebody other than Microsoft built

[harshdamaniahd]

No its not a third party app. I have created a normal spfx solution . This solution is added to sharepoint page. From the resources tab next to dashboard and feed, I access that sharepoint page which has the web part. It works when I login in browser to https://test.sharepoint.com and then come back to teams. But IT security has created a conditional access policy that prevents users from opening in browser https://test.sharepoint.com. I know this issue has been there for a while. Do I need to upgrade to something else?

On Mon, 8 May 2023 at 5:04 PM, Graham McMynn @.***> wrote:

Thanks for the response. Unfortunately, I have one more question. Is this a 3rd party app or are you actually using Viva Connections?

— Reply to this email directly, view it on GitHub https://github.com/SharePoint/sp-dev-docs/issues/8951#issuecomment-1538510178, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ4C6ISI7LKWZED72L2HNTXFEDODANCNFSM6AAAAAAXZVTKUI . You are receiving this because you were mentioned.Message ID: @.***>

-- Thanks, Harsh Damania

[harshdamaniahd]

And when I say 3rd party app, I mean a custom teams app that somebody other than Microsoft built

Yes correct..it's a custom app which I have build using spfx. But I have observed that yammer we part, viva connection feed webpart also doesn't work.

[GrahamMcMynn]

In the custom app was it built according to this documentation: https://learn.microsoft.com/en-us/sharepoint/dev/spfx/deployment-spfx-teams-solutions

Specifically, this:

The resource MUST be left as https://{teamSiteDomain}.

If it gets updated to https://someUrl.SharePoint.com you will see the errors you are describing.

[harshdamaniahd]

Yes I tried both custom app in teams with the below configuration and also as a webpart on sharepoint page.

On Mon, 8 May 2023 at 5:12 PM, Graham McMynn @.***> wrote:

In the custom app was it built according to this documentation:

https://learn.microsoft.com/en-us/sharepoint/dev/spfx/deployment-spfx-teams-solutions

Specifically, this: [image: image] https://user-images.githubusercontent.com/16929083/236861365-5e8a6073-9e73-4604-966c-8e8cb5960fa4.png

The resource MUST be left as https://{teamSiteDomain}.

If it gets updated to https://someUrl.SharePoint.com you will see the errors you are describing.

— Reply to this email directly, view it on GitHub https://github.com/SharePoint/sp-dev-docs/issues/8951#issuecomment-1538534032, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ4C6OXACQ7HPTDEQD7MUDXFEEO5ANCNFSM6AAAAAAXZVTKUI . You are receiving this because you were mentioned.Message ID: @.***>

-- Thanks, Harsh Damania

[GrahamMcMynn]

By any chance could you send me your teams app manifest?

[harshdamaniahd]

Yes sending now

On Mon, 8 May 2023 at 5:16 PM, Graham McMynn @.***> wrote:

By any chance could you send me your teams app manifest?

— Reply to this email directly, view it on GitHub https://github.com/SharePoint/sp-dev-docs/issues/8951#issuecomment-1538543801, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ4C6INSZK5DBMEO753YOLXFEE43ANCNFSM6AAAAAAXZVTKUI . You are receiving this because you were mentioned.Message ID: @.***>

-- Thanks, Harsh Damania

[harshdamaniahd]

By any chance could you send me your teams app manifest?

{
    "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",
    "version": "2.0.0",
    "manifestVersion": "1.16",
    "id": "63a6d548-b833-42ee-9b09-b2496fef7b5c",
    "packageName": "com.package.PIChat",
    "name": {
        "short": "PI",
        "full": "officetest "
    },
    "developer": {
        "name": "officetest Norge AS",
        "mpnId": "",
        "websiteUrl": "https://officetestnorge.sharepoint.com/",
        "privacyUrl": "https://officetestnorge.sharepoint.com/",
        "termsOfUseUrl": "https://officetestnorge.sharepoint.com/"
    },
    "description": {
        "short": "officetest Internal Chatbot",
        "full": "officetest Internal Chatbot"
    },
    "icons": {
        "outline": "outline.png",
        "color": "color.png"
    },
    "accentColor": "#FFFFFF",
    "staticTabs": [
        {
            "entityId": "b9e4ce8e-d43d-4e30-8d74-47aebd28b859",
            "name": "Chatbot",

            "contentUrl": "https://{teamSiteDomain}/_layouts/15/TeamsLogon.aspx?SPFX=true&dest=/_layouts/15/teamshostedapp.aspx%3Fteams%26personal%26componentId=888dcf7c-44f0-4928-b357-e9be31490172%26forceLocale={locale}",
            "websiteUrl": "https://officetestnorge.sharepoint.com/",
            "scopes": [
                "personal"
            ]
        },
        {
            "entityId": "about",
            "scopes": [
                "personal"
            ]
        }
    ],
    "validDomains": [
        "{teamsitedomain}",

            "*.login.microsoftonline.com",
            "*.sharepoint.com",
            "*.sharepoint-df.com",
            "spoppe-a.akamaihd.net",
            "spoprod-a.akamaihd.net",
            "resourceseng.blob.core.windows.net",
            "msft.spoppe.com"

    ],
    "webApplicationInfo": {
        "resource": "https://{teamSiteDomain}",
    "id": "00000003-0000-0ff1-ce00-000000000000"
    },
    "authorization": {
        "permissions": {
            "orgWide": [],
            "resourceSpecific": []
        }
    }
}

[GrahamMcMynn]

Thanks for sending that. Everything actually looks correct and this should be working. I'll see if I can pull any useful logs on that tenant.

[harshdamaniahd]

Thanks for sending that. Everything actually looks correct and this should be working. I'll see if I can pull any useful logs on that tenant.

My tenant?

[GrahamMcMynn]

I just reached out on email.