Closed lsheltonSTO closed 3 months ago
Tom Daly is a genius and figured out a way to actually get it working, despite being told by both support and APIM that it was impossible and wouldn’t work anymore. I used the same SharePoint code but used this in APIM:
``<validate-azure-ad-token tenant-id="{tenant-id-guid}" header-name="Authorization">
<client-application-ids>
<application-id>{explain-how-I-got-this-below}</application-id>
</client-application-ids>
<audiences>
<audience>https://stowersinstitute.sharepoint.com</audience>
</audiences>
</validate-azure-ad-token>``
To get the application ID, I had to put one of the bearer tokens into jwt.io, changed the algorithm to HS256, and got the App ID from that.
What type of issue is this?
Question
What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Target SharePoint environment
SharePoint Online
What browser(s) / client(s) have you tested
Additional environment details
Issue description
Basically, we have 5-6 SPFx web parts that use(d) successfully for well over a year the aadTokenProviderFactory command in SPFx to generate bearer tokens that then were validated via JWT policy in APIM. These all stopped working Feb 22nd. What I've gotten from the APIM team is that SharePoint switched to a proprietary Entra ID auth that APIM doesn't and isn't advised to support, so I'm just being told that a. my only solution is to just leave my web parts unauthenticated and b. this change wasn't communicated at all, per the APIM team. This is the code I've been using just fine for over a year:
``const tokenProvider = await this.props.context?.aadTokenProviderFactory?.getTokenProvider(); const token = await tokenProvider?.getToken( "https://stowersinstitute.sharepoint.com" );
We've been using a validate JWT policy in APIM, but ever since 2/22, we've been getting 401 unauthorized errors when trying to hit using those bearer tokens. Here's a few of the errors:
![image](https://github.com/SharePoint/sp-dev-docs/assets/76535800/d523f519-0b09-4557-9613-ce5ea208c91a)
Note that I'm just a junior dev stumbling my way through this, so please keep that in mind when responding. Thanks in advance.