Issue: SharePoint SSO Component no_tokens_found

[JonoSuave]

I set up both the CoPilot and SharePoint canvas app registrations according to the guide. I also configured my elements.xml file like so for my demo tenant:

<?xml version="1.0" encoding="utf-8"?>
<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
    <CustomAction
        Title="PvaSso"
        Location="ClientSideExtension.ApplicationCustomizer"
        ClientSideComponentId="bbcf8287-ea2d-4bb6-868f-19b9cf4b0812"
        ClientSideComponentProperties="{&quot;botURL&quot;:&quot;https://default0370dee592d4484aa2c595000b7843.3e.environment.api.powerplatform.com/powervirtualagents/botsbyschema/cree4_copilotSuave/directline/token?api-version=2022-03-01-preview&quot;,&quot;customScope&quot;:&quot;api://e018f88b-07b9-4f80-997f-fb5810ac4a5d/SharePoint.Read&quot;,&quot;clientID&quot;:&quot;e018f88b-07b9-4f80-997f-fb5810ac4a5d&quot;,&quot;authority&quot;:&quot;https://login.microsoftonline.com/0370dee5-92d4-484a-a2c5-95000b78433e&quot;,&quot;greet&quot;:true,&quot;buttonLabel&quot;:&quot;CoPilot Chat&quot;,&quot;botName&quot;:&quot;CoPilot SPO Chat&quot;}">
    </CustomAction>
</Elements>

I installed the spfx extension in my site, but when click on the button I receive the following error in the console: InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in

I must be missing something in my registered apps Expose an API section? ![Uploading Screenshot 2024-05-14 at 9.38.49 PM.png…]()

[adilei]

Are you seeing any other errors in the console? Something about an iframe being blocked?

[JonoSuave]

Here's the main error I'm seeing (I redacted the actual tenantId): "ServerError: invalid_resource: AADSTS500011: The resource principal named api:/ was not found in the tenant named {tenantId}. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 1ab30c7e-cfff-4f64-b671-a96f9bab0600 Correlation ID: f4d3aa27-fd74-440b-ab4d-3d13b65c6d7a Timestamp: 2024-05-21 18:33:44Z"

I can confirm the tenantId is the correct tenantId. Attached are my app registrations.

[adilei]

There are some redundant configurations, but mostly there's a mismatch between your elements.xml and app registration.

Your xml has api://e018f88b-07b9-4f80-997f-fb5810ac4a5d/SharePoint.Read but I'm not seeing this scope in your copilot app registration

[JonoSuave]

Looks the same to me?

[adilei]

Oh, it's just not the original elements.xml you posted :)

Based on your error, it still looks like there is a configuration mismatch: 1. only your copilot app registration needs to expose a custom api, and your custom canvas app registration needs to have permissions on that api 2. in elements.xml, clientID needs to point at the canvas app registration and the custom scope that belongs to the bot app registration

[JonoSuave]

Oh yes, that was from another demo I was working on -- sorry about that. So should there be a third app registration for a bot app registration? Right now I have the customScope pointed to the api endpoint of the exposed api from the Copilot Studio Demo app registration.

[adilei]

No, luckily a third one isn't required. Let's review the setup:

1. Bot app registration - needs graph permissions, including Files.Read.All and Sites.Read.All if you plan to use Gen Answers over SharePoint

This app will also expose the api/custom scope

2. Canvas app registration - needs a permission over the custom scope exposed by (1)

3. elements.xml - needs to point to the custom scope defined in (1) and the client ID of (2)

[adilei]

@JonoSuave ?