What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Developer environment
None
What browser(s) / client(s) have you tested
[ ] 💥 Internet Explorer
[ ] 💥 Microsoft Edge
[ ] 💥 Google Chrome
[ ] 💥 FireFox
[ ] 💥 Safari
[ ] mobile (iOS/iPadOS)
[ ] mobile (Android)
[ ] not applicable
[x] other (enter in the "Additional environment details" area below)
Additional environment details
all browsers
Describe the bug / error
In a functioning tenancy, if you delete the Client Extensibility Web Application Principal it will be reprovisioned automatically the next time you visit the SharePoint admin API management page.
It successfully calls GetIsolatedDomainAppsByAppId, then posts the application config to /beta/applications and finally sets the new helper app id with a post to UpdateSpfxThirdPartyAppId
On a failing tenancy, the GetIsolatedDomainAppsByAppId call fails with an error
"Another object with the same value for a property identifierUris already exists"
It then posts to /beta/applications and fails, because when setting the identifierUris one is correct
api://tenantid/sharepoint url
whilst it also sets
api://unknown guid/microsoft.spfx3rdparty.com
and the api with the unknown guid is rejected. It's not any guid I can see in the system, whilst it should be the tenant ID I believe.
This leaves a half build app registration, and also the SPFx helper app id is still set to the deleted app.
Apart from not being able to add API rights etc in the management page, when the SFPx then tries to get a Graph token, it still uses the old SPFx helper app id in the requested scope (/.default) and fails to get the token, and all Graph calls fail.
If you reload the API management page, it identifies the app isn't properly built and PATCHes /beta/applications with the same incorrect uris which again fail
but the reply URL is correct for the AD helper and there are no sign in errors for the helper (or any other logged messages as far as I can see)
This also maybe related to when tenants were moved over from having the appid of api://microsoft.spfx3rdparty.com to the new one with the tenant guid in it, as I saw other tickets about needing to get this updated.
Steps to reproduce
Delete the SharePoint Online Client Extensibility Web Application Principal app registration
Visit the SharePoint Admin page API management page as a GA or Application Admin
Expected behavior
The SharePoint Online Client Extensibility Web Application Principal to be recreated with correct apis, redirect URIs, client IDs and the app helper ID updated so that SPFx can initiate Graph calls
Target SharePoint environment
SharePoint Online
What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Developer environment
None
What browser(s) / client(s) have you tested
Additional environment details
Describe the bug / error
In a functioning tenancy, if you delete the Client Extensibility Web Application Principal it will be reprovisioned automatically the next time you visit the SharePoint admin API management page.
It successfully calls GetIsolatedDomainAppsByAppId, then posts the application config to /beta/applications and finally sets the new helper app id with a post to UpdateSpfxThirdPartyAppId
On a failing tenancy, the GetIsolatedDomainAppsByAppId call fails with an error
"Another object with the same value for a property identifierUris already exists"
It then posts to /beta/applications and fails, because when setting the identifierUris one is correct
api://tenantid/sharepoint url
whilst it also sets
api://unknown guid/microsoft.spfx3rdparty.com
and the api with the unknown guid is rejected. It's not any guid I can see in the system, whilst it should be the tenant ID I believe.
This leaves a half build app registration, and also the SPFx helper app id is still set to the deleted app.
Apart from not being able to add API rights etc in the management page, when the SFPx then tries to get a Graph token, it still uses the old SPFx helper app id in the requested scope (/.default) and fails to get the token, and all Graph calls fail.
If you reload the API management page, it identifies the app isn't properly built and PATCHes /beta/applications with the same incorrect uris which again fail
The problem looks similar to
https://github.com/SharePoint/sp-dev-docs/issues/9672
but the reply URL is correct for the AD helper and there are no sign in errors for the helper (or any other logged messages as far as I can see)
This also maybe related to when tenants were moved over from having the appid of api://microsoft.spfx3rdparty.com to the new one with the tenant guid in it, as I saw other tickets about needing to get this updated.
Steps to reproduce
Expected behavior
The SharePoint Online Client Extensibility Web Application Principal to be recreated with correct apis, redirect URIs, client IDs and the app helper ID updated so that SPFx can initiate Graph calls