SharePoint / sp-dev-docs

SharePoint & Viva Connections Developer Documentation
https://docs.microsoft.com/en-us/sharepoint/dev/
Creative Commons Attribution 4.0 International
1.25k stars 1.01k forks source link

aadHttpClientFactory: Token request previously failed. Is there a widespread outage right now? #9828

Open kbeeveer46 opened 3 months ago

kbeeveer46 commented 3 months ago

What browser(s) / client(s) have you tested

Describe the bug / error

EDIT: It seemed to have fixed itself. It no longer throws the error about 6 hours after creating this post. I have confirmed that it now works for several people in our organization. Read comments below for possible cause and solution.

All of our SharePoint sites that have custom webparts that use aadHttpClientFactory to generate a token are completely down because it can't generate a token. This applies to every person in our organization. It was working fine all day but now not a single user can generate a token

Error: Token request previously failed

Code:

const client = await this.context.aadHttpClientFactory.getClient(Settings.AZURE_SHAREPOINT_APP_REG_CLIENT_ID);

        const httpOptions = this.getHttpClientOptions(body);

        const httpMethod = type === "POST"
            ? client.post(url, AadHttpClient.configurations.v1, httpOptions)
            : client.get(url, AadHttpClient.configurations.v1, httpOptions);

        return new Promise<any>(resolve =>
        {
            httpMethod.then(response =>
            {
                response.json().then(result =>
                {
                   ......

                });

            });
        });

Steps to reproduce

Make an API call using aadHttpClientFactory object.

Expected behavior

A token is generated

MortenGuldbaek commented 3 months ago

We were experiencing the same at 15.30 EST, but now it seems to work.

kbeeveer46 commented 3 months ago

Is there another way to get a token rather than usingaadHttpClientFactory or aadTokenProviderFactory.getTokenProvider().getToken()

All we need the token for is for our API calls to know a request came from an authenticated user in SharePoint. Is there a login token or any other JWT token that gets saved in session or a cookie that can be used? As far as I can tell, we don't use anything inside the token (like permissions) besides the tenant ID and app registration object ID. So I'm not sure if we even need the token or if an alternative method would work.

I'm trying to avoid using the code above because it seems like it fails quite often and is a single point of failure that our organization has no control over. Our entire client portal goes down if that code doesn't return a token and we have upset clients.

lebisalarcon-sparrow commented 3 months ago

We have been getting the same issue with different customers since yesterday. If you don't want to wait until it fixes itself you can apply this solution https://github.com/SharePoint/sp-dev-docs/issues/9099#issuecomment-1701406090. We still don't know why it happens and how to prevent it.

kbeeveer46 commented 3 months ago

@lebisalarcon-sparrow You may be on to something. During our outage yesterday, I was poking around our back end looking at different pages and went to the API access page at the same time everything started working again. I never deleted any secrets like it says to do but I see a secret that looks corrupt with the description ù á¡,zA°ž‹CO‘ß (yes, it has a bunch of weird characters). I also see another secret that looks normal.

Maybe the one secret was corrupt and by going to the page it added the other one and fixed everything? I don't understand what those secrets are for and how they work. I've never changed anything in that registration

We still don't know why it happens and how to prevent it.

This has been my experience with this error for the past 3 years. But usually it just happens to random people (internal and external) at random times and goes away. This is the first time it took down our entire company and all external users.

lebisalarcon-sparrow commented 3 months ago

@lebisalarcon-sparrow You may be on to something. During our outage yesterday, I was poking around our back end looking at different pages and went to the API access page at the same time everything started working again. I never deleted any secrets like it says to do but I see a secret that looks corrupt with the description ù á�¡,zA°���CO�ß (yes, it has a bunch of weird characters). I also see another secret that looks normal.

Maybe the one secret was corrupt and by going to the page it added the other one and fixed everything? I don't understand what those secrets are for and how they work. I've never changed anything in that registration

We still don't know why it happens and how to prevent it.

This has been my experience with this error for the past 3 years. But usually it just happens to random people (internal and external) at random times and goes away. This is the first time it took down our entire company and all external users.

I believe that secret is automatically generated by MS so that SharePoint can talk to AD. There are dozens of threads with the "corrupt" token issue and not a single answer from MS as to why it happens.

heesungjang commented 4 weeks ago

We have experienced this issue with customers using our custom web parts/extensions from time to time. Previously, refreshing the "corrupted" secret key often resolved the issue. However, this workaround is no longer effective for us. Any updates or advice on this issue would be greatly appreciated.