sp-dev-docs icon indicating copy to clipboard operation
sp-dev-docs copied to clipboard

Published 20 hours ago verified publisher icon SharePoint

403 (Unauthorized) response from AcquireOBOToken request in SPFx Teams Tab App

Open pheidler opened this issue 1 year ago • 5 comments

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Developer environment

None

What browser(s) / client(s) have you tested

  • [ ] 💥 Internet Explorer
  • [ ] 💥 Microsoft Edge
  • [x] 💥 Google Chrome
  • [ ] 💥 FireFox
  • [ ] 💥 Safari
  • [ ] mobile (iOS/iPadOS)
  • [ ] mobile (Android)
  • [ ] not applicable
  • [ ] other (enter in the "Additional environment details" area below)

Additional environment details

  • SPFx version 1.18.2
  • Node.js version 18.17.1

Describe the bug / error

A user is reporting that our SPFx Teams Tab app is failing to load with the following error:

GET https://[site]/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource=%27https://graph.microsoft.com%27&clientId=[client_id] 403 (Forbidden)

They reported this issue is taking place in a private channel and in a browser. Public channels do not appear to be affected. We cannot recreate in our own environments, and other users have not reported this issue.

I've noticed similar issues being tracked in this repo, but they appear to be outdated and reportedly fixed.

Has there been any recent updates to this issue? Is there anything I should check with the user?

Thank you.

Steps to reproduce

Underlying code:

const client = await this.context.msGraphClientFactory.getClient("3");
const rootWebUrlResponse = await client
          .api(`groups/${groupId}/sites/root/weburl`)
          .version("v1.0")
          .get();

Expected behavior

Graph token is acquired without issue.

pheidler avatar Jan 31 '24 21:01 pheidler

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

ghost avatar Jan 31 '24 21:01 ghost

@nick-pape Any update on this?

pheidler avatar Feb 05 '24 20:02 pheidler

Same error for me, with same SPFx code inside Teams Tab;

const clientGraph:MSGraphClientV3 = await this.context.msGraphClientFactory.getClient('3');
const meBlobPhoto = await clientGraph.api(`/users/[email protected]/photo/$value`).get();

First request seems to be ok, but second ends with error.

image

Kind Regards.

llazaroAyesa avatar Feb 22 '24 18:02 llazaroAyesa

We are also experiencing the same issue. SPFx app used in Teams Tab, getting 403 Forbidden when requesting OBO token for the SharePoint Web Application Principal app. Only happens in one out of three environments.

vegardei avatar Mar 06 '24 14:03 vegardei

@llazaroAyesa @vegardei I was able to resolve the issue using this workaround: https://github.com/SharePoint/sp-dev-docs/issues/9099#issuecomment-1701406090

pheidler avatar Mar 07 '24 18:03 pheidler