此问题与之前在StackOverflow上提出的问题非常相似。但是,我得到的错误是不同的。
AadHttpClient fails when loading SP page with SPFx webpart in MSTeams Desktop Client
我也有一个Sharepoint Online网站,其中有一个SPFx Web部件,它使用AadHttpClient。
如果我从浏览器导航到Sharepoint网站或打开MS Teams Web客户端,则此Webpart起作用。
我的设置概览:
这里是我面临的问题的“步骤来概述”。
调试MS Teams桌面客户端时,在“网络请求”选项卡中有此呼叫:
https://{mytenant}.sharepoint.com/sites/{mysite}/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource={GUID of my AAD app registration}&clientId={GUID of SharePoint Online Client Extensibility AAD app registration}
回复:
错误403:
{“ odata.error”:{“ code”:“-2147024891,System.UnauthorizedAccessException”,“消息”:{“ lang”:“ en-US”,“ value”:“ Access否认。您无权执行此操作或访问此资源。“}}}
一个有趣的发现是,该Web请求仅在Microsoft Teams桌面客户端中发生。
我有兴趣知道为什么仅在MS Teams桌面客户端而不是在MS Teams Web客户端或Sharepoint Online上发生。
更新:10/02/2020
[另一观察:我们在其他租户(个人租户而不是公司租户)上尝试了相同的设置。我们注意到,在Azure Active Directory上打开MFA时可能会重现相同的行为。
失败的请求是:
https://{personal tenant}.sharepoint.com/sites/{site name}/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource={GUID of the AD app registration}&clientId={GUID of the SPO Client Extensibility app registration}
但是,现在返回的错误是带有响应的500:
{“ odata.error”:{“ code”:“-1,System.AggregateException“,” message“:{” lang“:” zh-CN“,” value“:”一个或发生了更多错误。“}}}
在Github上发现了类似的问题,但有不同的错误:https://github.com/SharePoint/sp-dev-docs/issues/4915
最近,对于一个调用graphAPI的Web部件,我遇到了类似的问题。在桌面团队中,呼叫永远不会发生,并且会陷入困境。我可以按照以下步骤修复它:-
步骤1.访问Tenant Admin网站上的新API权限管理页面。这在幕后创建了一个客户秘密。
步骤2.转到-> https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
步骤3.单击SharePoint Online Client Extensibility Web Application Principal
步骤4.在左侧菜单上单击清单。步骤5.从oAuth2Permission数组复制ID
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on behalf of the signed-in user.",
"adminConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"id": "2143704b-186b-4210-b555-d03aa61823cf",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on your behalf.",
"userConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"value": "user_impersonation"
}
],
步骤6.用以下json替换“ preAuthorizedApplications”条目。保持appId如下所示。
"preAuthorizedApplications": [
{
"appId": "00000003-0000-0ff1-ce00-000000000000",
"permissionIds": [
"YOUR COPIED ID FROM STEP 5"
]
}
],
步骤7.点击保存。
让我知道这是否适合您。我从https://github.com/SharePoint/sp-dev-docs/issues/3923#issuecomment-514726341
引用了上述步骤