Reputation: 1
How do I fix the "Error 403, forbidden" while calling the Microsoft Graph in a Microsoft Teams personal app via an SPFx webpart?
I´ve built an SPFx Webpart, which requests a SharePoint list via the Microsoft Graph. It works fine in both SharePoint and as a Microsoft Teams Tab. However, when I try to run it in Teams as a personal App, I always get an error 403 forbidden.
As a debug measure, I followed a Microsoft tutorial on making a simple graph call https://learn.microsoft.com/de-de/sharepoint/dev/spfx/use-msgraph. After trying the webpart in both SharePoint and Teams again, I ran into the same issue. It works both in SharePoint and as a Teams tab, but not as a Teams personal app.
public render(): void {
this.context.msGraphClientFactory
.getClient()
.then((client: MSGraphClient): void => {
// use MSGraphClient here
// get information about the current user from the Microsoft Graph
client
.api('/me')
.get((error, user: MicrosoftGraph.User, rawResponse?: any) => {
console.log(user);
this.domElement.innerHTML = `
<div class=${styles.container}>
<h2>${user.displayName}</h2>
</div>
`;
if(error) {
console.log("Error: ");
console.log(error);
}
});
});
}
As the last test, I downloaded an already made and functioning project which requests data via the Microsoft Graph https://github.com/pnp/sp-dev-fx-webparts/tree/master/samples/react-teams-personal-app-settings, and it returned the same error.
Additionally, the global admins in our tenant have no issue using these apps as a Microsoft Teams personal App. The problem only occurs for standard users.
Does anyone know why this web part won't work as a personal app but anywhere else, and also how to fix this issue?
18.11.2020: Quick update about the problem: After an admin granted all the permissions again, all the apps now works in the teams web client as a personal app, but still not in the desktop app as a personal app.
Another update about the problem: I tried installing Teams in Linux as a test, and as it turned out, all the apps work as Teams personal apps there.
Upvotes: 0
Views: 2210
Answers (1)
Reputation: 1606
I think is has something to do with the "SharePoint Online Client Extensibility Web Application Principal".
Go to https://portal.azure.com
Open your Azure AD and goto "App registrations" (on the left)
You should be able to find "SharePoint Online Client Extensibility Web Application Principal" under "All applications"
Open this application and go to "Expose an API" (on the left)
Add a client application with the ID "00000003-0000-0ff1-ce00-000000000000" and check "https://microsoft.spfx3rdparty.com/user_impersonation"
Upvotes: 0
Related Questions
- Microsoft Graph - Planner and Teams APIs Return Failure (Status Code 403)
- MS Graph Api missing permissions
- Microsoft Graph API - Patch user (permission issue for Application Token)
- Status Code: Forbidden; Reason: The request is not authorized for this user or application
- Unable to access Microsoft Graph API's
- Microsoft Graph API randomly returns 403 - Forbidden
- 'Unauthorized' error when requesting 'https://graph.microsoft.com/v1.0/me/joinedTeams' from Microsoft Graph
- Microsoft Graph Api / Teams - Unable to list chat messages in a channel (401 / 403)
- Call to MS Teams Graph API from bot code results in 403 Request Forbidden
- Access Denied when querying Teams in Microsoft Graph