File picker V8, SPFx and permissions

[rgcircum]

What type of issue is this?

Question

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Target SharePoint environment

SharePoint Online

What browser(s) / client(s) have you tested

• [ ] 💥 Internet Explorer
• [ ] 💥 Microsoft Edge
• [ ] 💥 Google Chrome
• [ ] 💥 FireFox
• [ ] 💥 Safari
• [ ] mobile (iOS/iPadOS)
• [ ] mobile (Android)
• [ ] not applicable
• [ ] other (enter in the "Additional environment details" area below)

Additional environment details

Not applicable

Issue description

Hi, I try to use File picker V8 with SPFX, it's working but permissions as strange behavior.

I have created a sample : https://github.com/rgcircum/spfx-sp-filepicker-sample

I have based the SPFx sample with the sample by @patrick-rodgers (thanks)

The idea is to be able to use the filePicker without declaring an AAD application

i'm get Token by AadTokenProviderFactory

public async getToken(command: IAuthenticateCommand): Promise<string> {
    const _aadTokenProvider = await this._aadTokenProviderFactory.getTokenProvider();
    const _authToken = await _aadTokenProvider.getToken(command.resource);
    return _authToken;
}

If i'm use the permissions :

{
  "resource": "Microsoft Graph",
  "scope": "Files.ReadWrite.All"
},
{
  "resource": "Microsoft Graph",
  "scope": "Sites.ReadWrite.All"
},
{
  "resource": "Microsoft Graph",
  "scope": "AllSites.Write"
},
{
  "resource": "Microsoft Graph",
  "scope": "MyFiles.Write"
},

This not work, i have this error :

ServerError: AADSTS500011: The resource principal named https://***/sites/Test was not found in the tenant named ***. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

If i add the permission :

{
  "resource": "Windows Azure Active Directory",
  "scope": "User.Read"
},

The WebPart work!!! but only in SharePoint, on Teams tab, I have always AADSTS500011 error.

For Teams tab, i have tested this permissions :

{
  "resource": "Microsoft Graph",
  "scope": "ChannelSettings.ReadWrite.All"
},

But, i have the same error.

Another problems, the documentation explains that i can use *.read permissions, but that doesn't work. I thought it could work without the upload functionality, but not. it's a problem, the write permissions is to large (ex : AllSites.Write), lot of client do not accept this permissions for security purpose.

I have already posted issue in File Pivker Repos without response : https://github.com/OneDrive/samples/issues/63

[ghost]

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

[github-actions[bot]]

Thank you for taking the time to file an issue. We periodically archive older or inactive issues as part of our issue management process, which automatically closes them once they are archived.

If you’d like to understand more about why and how we handle archived (closed) issues, please see Our approach to closed issues.

We appreciate your contribution and if this is still an active issue with the latest SPFx versions, please do resubmit the details. We needed to perform a cleanup, so that we can start with a clean table with a new process. We apologize for the inconvenience this might cause.