sp-dev-docs icon indicating copy to clipboard operation
sp-dev-docs copied to clipboard

Published 20 hours ago verified publisher icon SharePoint

Search API returns 0 results when logged in with Application Permissions

Open StevenDeRoover opened this issue 2 years ago • 4 comments

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

SharePoint REST API

Developer environment

Windows

What browser(s) / client(s) have you tested

  • [ ] 💥 Internet Explorer
  • [ ] 💥 Microsoft Edge
  • [ ] 💥 Google Chrome
  • [ ] 💥 FireFox
  • [ ] 💥 Safari
  • [ ] mobile (iOS/iPadOS)
  • [ ] mobile (Android)
  • [ ] not applicable
  • [X] other (enter in the "Additional environment details" area below)

Additional environment details

.NET Console appliction with plain HTTP Client, CSOM, Pnp.PowerShell .Net Console application uses Confidential- en PublicClientApplication to retrieve application- or delegated permissions access token.

Describe the bug / error

As of Agust 26 SharePoint Search started returning either results or no results from time to time. After the weekend, it started returning 0 results continuously. We troubleshooted the error, and in the beginning we had 0 results when using RefinableStrings, but results when searching on other properties. At the moment, neither search requests returns results. Further troubleshooting showed that the issue only occurs when using AppId/Certificate authentication, and no issues when using Delegated permissions (letting a user log in). This is fine for end-user applications, but not for background services like f.i. Runbooks. All was working fine until August 26.
Our tenant is not the only one having this issue: https://techcommunity.microsoft.com/t5/sharepoint-developer/search-api-with-application-permissions-returns-no-results/m-p/3620241

Steps to reproduce

  1. Create any application with application permissions (Azure Portal, App registration). Using a certificate or secret, neither works.
  2. Give it all application and delegated permissions for SharePoint, and Grant Admin consent.
  3. Get access token with a ConfidentialClientApplication (application permissions)
  4. Request an HTTP request to tenant.sharepoint.com/_api/search/query (GET) or tenant.sharepoint.com/_api/search/postquery (POST)
  5. For certain lists (not all!) you get 0 results
  6. Get access token with a PublicClientApplication (delegated permissions)
  7. Request an HTTP request to tenant.sharepoint.com/_api/search/query (GET) or tenant.sharepoint.com/_api/search/postquery (POST)
  8. For the same search query, you get results.

Expected behavior

The results that were given by using the Delegated Permissions, should also be given by the Application Permissions.

StevenDeRoover avatar Sep 16 '22 06:09 StevenDeRoover

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

ghost avatar Sep 16 '22 06:09 ghost

We also have the same problem on multiple tenants without having touched anything, are there any updates?

devromano avatar Sep 16 '22 12:09 devromano

Maybe good to know: I have a list, on which I try to find listitems. The list returns 0 results, searching using multiple options (no ManagedProperty, on RefinableString, ...) when using Application Permissions. Except for 1 listitem: this one I do find, with both permissions (application, delegated). I accidentally found out. I tried to figure out what is different on this listitem, but couldn't find anything.

Edit: the only difference I see, is that the Author of that one listitem is an actual user: | upn | display_name | some_large_guid i:0#.f|membership|upn The other listitem's Author's are an app: | App name | some_large_guid i:0i.t|some guid|UPN_of_app

Edit 2: I created a new listitem myself (not by the app above), and that one I can find as well, by any authentication.

StevenDeRoover avatar Sep 21 '22 06:09 StevenDeRoover

Bump ...

StevenDeRoover avatar Sep 27 '22 12:09 StevenDeRoover

@StevenDeRoover fix was deployed 9/30, can you verify that it is now working?

wobba avatar Oct 31 '22 11:10 wobba

we still have the same problem

devromano avatar Nov 09 '22 16:11 devromano

@devromano Can you please open a support ticket for your case and provide trace logs when you log it?

wobba avatar Nov 10 '22 13:11 wobba

@devromano Can you please open a support ticket for your case and provide trace logs when you log it?

Hello Mikael

Hate to tell you this, but opening a support ticket is sadly not the way to go. First line support knows nothing about API's, and this issue, for them, is out-of-scope.

This I had to learn by sending a load of e-mails back and forth with Microsoft Support.

Shortly: when it comes to Microsoft Support, you are lost when it comes to technical issues, where only out-of-the-box issues are covered.

StevenDeRoover avatar Nov 10 '22 13:11 StevenDeRoover

@StevenDeRoover Please do it and share the id with me in some way.

wobba avatar Nov 14 '22 09:11 wobba