search

SharePoint / sp-dev-docs

SharePoint & Viva Connections Developer Documentation
https://docs.microsoft.com/en-us/sharepoint/dev/
Creative Commons Attribution 4.0 International
1.25k stars 1.01k forks source link

How to consume sharepoint data from other site collection where ussrs dont have access in spfx #9872

Open SAgnihotri200895 opened 2 months ago

SAgnihotri200895 commented 2 months ago

What type of issue is this?

Question

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Target SharePoint environment

SharePoint Online

What browser(s) / client(s) have you tested

Additional environment details

Issue description

I'm developing a SPFx web part that will be deployed on one site collection. This web part needs to retrieve data from another site collection that resides in a different geolocation.

The challenge is that not all users will have read access to this other site collection.Our client prefers not to introduce additional interfaces in SPFx for support reasons, so we're trying to avoid using a middle-layer API as much as possible.

Instead, we're looking for a solution to access the data directly within the SPFx web part itself.Initially, we considered using the SharePoint App Only model, but since it's being deprecated, we're exploring other options.

I've read that AADHttpClient could be a solution, and that by adding the necessary API permissions in SPFx, it should work.

However, when I try to deploy it, the API access in the admin center throws an error saying the scope sites.read.all is not valid.

I'm using the resource SharePoint Online Extensibility Web Application Principal, but it's failing.Is this the correct approach?

I haven't found much documentation on this.In summary, I need to know if it's still possible with SPFx 1.19 to use AADHttpClient for accessing SharePoint data via REST calls. What API permission requests should I be making for this?⁶

frags51 commented 1 month ago

Hi @SAgnihotri200895 - It is indeed possible to use AADHttpClient to make network calls to resources backed by AAD, including sharepoint. A simpler way could also be to use SPHttpClient. SPFx already has permissions to access SharePoint data, so no new permissions need to be added.

However both would make the request on behalf of the user, and require the user to have access to the underlying SharePoint site. So - if users do not have access, a middle layer API that has application permissions (not delegated) to read SharePoint data would be needed, in my opinion.