MSGraph with spfx WebPart does not propt user for permission
https://sharepoint.stackexchange.com/questions/257997
-
05-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
I am expermimenting with people in MSGraph. I am attempting the "/me/people" graph call and getting a 403 forbidden. The People.Read permission states it does not need Admin Consent. People permissions. I expected that the first time the web part is used the user would be prompted to give consent. Instead I just get a 403 in Chrome's developer console.
My package-solution
{
"$schema": "https://developer.microsoft.com/json-schemas/spfx-build/package-
solution.schema.json",
"solution": {
"name": "sp-graph-people-picker-client-side-solution",
"id": "xxx",
"version": "1.0.0.0",
"includeClientSideAssets": false,
"webApiPermissionRequests": [
{
"resource": "Microsoft Graph",
"scope": "User.Read.All"
},
{
"resource": "Microsoft Graph",
"scope": "People.Read"
}]
},
"paths": {
"zippedPackage": "solution/sp-graph-people-picker.sppkg"
}
}
The code snip-it:
let ctx: WebPartContext = this.props.context;
let userSearch:string=`/me/people`;
ctx.msGraphClientFactory.getClient()
.then((client:MSGraphClient)=>{
client.api(userSearch).get((error,people,response)=>{
console.info("!!! people",people);
console.info("response",response);
console.info("error",error);
});
});
The code that uses the User.Read.All is nearly the same and works. The difference is I had our Admin approve it in the Sharepoint Admin center. I would like to use the permission scopes that do not need admin approval without having to get admin approval. Any suggestions?
Soluzione
The permissions requested in the SPFx package need to be granted by a SharePoint Admin explicitly. Even the ones which do not need an admin consent e.g. People.Read
This is so that all permission scopes allowed to be consumed from SPFx customisations have to go through Admin approval.
By default if no permissions are granted, the only available permissions scope is user_impersonation which allows you to get limited information from the Graph.
See these links for more details:
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph#available-permission-scopes
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient
