I'm not able to connect SPGO to my Office 365 SharePoint site
https://i.stack.imgur.com/qVsIX.png
My SPGo.json
{
"sourceDirectory": "src",
"sharePointSiteUrl": "https://mydomain.sharepoint.com/sites",
"publishingScope": "Major",
"authenticationType": "Digest"
}
my login and password are correct because I can log in with it at https://www.office.com/
Is it some vscode setting?
Related
In my application, I have a list of users with their organization email-id. As per the requirement, I want to check user's email-id extension is of a valid Microsoft 365 account. For users who passed this check, I want to enable the SSO feature.
Example: If the user email-id is "user#company-domain.com" then I want to check that "#company-domain.com" is registered in MS 365.
I am not able to find any graph API to resolve this issue.
Any help would be appreciated.
What you should be able to use is the Organizations endpoint eg
https://learn.microsoft.com/en-us/graph/api/organization-get?view=graph-rest-1.0&tabs=http
then use the verified domains node
"verifiedDomains": [
{
"capabilities": "Email, OfficeCommunicationsOnline",
"isDefault": true,
"isInitial": true,
"name": "Contoso.com",
"type": "Managed"
}
This is what you see in the Portal or enumerated in things like Azure AD Connect
This will give you the verified domains for a particular org and your app will need permissions to query it.
I'm trying to connect to Azure Devops from within a Sharepoint web part.
I have added a couple of permission requests in package-solution.json:
"webApiPermissionRequests": [
{
"resource": "Windows Azure Active Directory",
"scope": "User.Read"
},
{
"resource": "Azure DevOps",
"scope": "user_impersonation"
},
{
"resource": "SharePoint Online Client Extensibility Web Application Principal",
"scope": "user_impersonation"
}
...
and use the AAD factory to call an Azure DevOps api, like so:
this.context.aadHttpClientFactory.getClient('499b84ac-1321-427f-aa17-267ca6975798').then((client: AadHttpClient) => {
client.get(`https://dev.azure.com/reinder0498/_apis/projects?api-version=6.0`, AadHttpClient.configurations.v1)
.then((response: HttpClientResponse) => {
console.log(response);
return response.json();
})
.then((projects: any): void => {
console.log(projects);
});
});
But then I get this error: "The user or administrator has not consented to use the application with ID '177c71fc-1022-4e3c-82cd-faa17d9864bf' named 'SharePoint Online Client Extensibility Web Application Principal'. Send an interactive authorization request for this user and resource."
I've looked at pending and approved requests in Sharepoint Admin center but could not see any requests coming in...
What else do I have to do to use the aadHttpClientFactory to connect to Azure DevOps API's?
update
If I browse to that Sharepoint Online Client app in AAD, the button to grant admin consent is disabled:
Was able to figure it out myself. The thing is that you need to run it inside your teams environment to have the approval request created in your Sharepoint environment.
I now have these permission requests configured:
{
"resource": "Azure DevOps",
"scope": "user_impersonation"
},
{
"resource": "Windows Azure Active Directory",
"scope": "User.Read"
}
I uploaded my web part to Sharepoint, synced it to Teams and then opened it inside Teams. At some point I got the error message about the consent and then afterwards I saw the approval request appear in Sharepoint Admin.
Once approved, my web part successfully connected to the DevOps REST API.
The error occurs for the application registered with Azure AD (Delegated Permissions), which requires either user or an administrator’s consent for the permissions it needs.
You need configure permissions in the azure portal for your application and or create a url and grant permissions first . Below is link on how too construct the url. You only need to do it once and can remove permissions when needed.
Grant tenant-wide admin consent to an application
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#construct-the-url-for-granting-tenant-wide-admin-consent
Also, here is a GitHub issue raised and solved regarding your setup.
SPFX USER
I'm using Graph to get all users on my sharepoint online site. The code works just fine expect for one example.
I've the sharepoint users is synced from azure ad, then im not able to get the properties of the user.
Here is the webApiPermissionRequests:
"webApiPermissionRequests": [
{
"resource": "Microsoft Graph",
"scope": "User.ReadBasic.All"
},
{
"resource": "Microsoft Graph",
"scope": "Contacts.Read"
},
{
"resource": "Microsoft Graph",
"scope": "User.Read.All"
}
]
The request where i get my users:
const users: MSGraphClient = this.context.serviceScope.consume(MSGraphClient.serviceKey);
users
.api("/users")
.select("displayName,mobilePhone,mail,photo,department,jobTitle,mailNickname")
.top(999)
.get((error, response: any, rawResponse?: any) => {
As i said, Everything works just fine expect when a user is imported from the Azure AD.
Can anyone tell me why all properties except displayName is null when it's an imported user.
UPDATED
I've added a picture. It' is only the Mobile Phone number (Mobiltelefon) that I'm able to get with the api above. The rest of the data and information is not being received. Let's take Office (Kontor) is coming from the azure add and is not is NOT being received in the API.
According to your description, you want to get the user's properties by MS Graph API.
Based on my test, we can get the properties. For your case, we should check the properties whose the value is null.
Check the properties in Azure AD whether it is null.
I heard Microsoft provides file handler add-in for custom (non-Microsoft) file types in Office 365.
I tried to do this following the tutorial found here, however it seems a bit outdated (although it was last updated in Jan 2017) because several things mentioned there are different from my environment - I use Visual Studio 2015 on Windows 10.
So basically here's what I'm trying to achieve.
I have a custom file type with .encx extension, which is simply a encrypted docx file using our own cryptography algorithm. I can access to Office 365 tenant admin account. I want to allow our users to be able to open this encrypted file in OneDrive web interface.
Here's my environment:
Microsoft Visual Studio Enterprise 2015 Version 14.0.25123.00 Update 2
Microsoft .NET Framework Version 4.6.01586
Azure SDK v2.9.6
I created a new Visual C# project based on File Handler Application template in Office category from VS 2015.
And I added connected service for Office 365 API.
Since I have a free trial subscription on Azure account, I added all the required stuff like SQL database server, SQL db, Azure Active Directory - basically all the things explained in the above tutorial. And then I published and publishing was successful. I can see it live on the *.azurewebsites.net in my browser and sign in even works.
I used Addin manager sample Azure app as described in the tutorial to update add-in settings like file icon, preview/open/new endpoint link etc, and hit Update button. Now I uploaded some .encx files to OneDrive account but it still doesn't show custom icon nor open it in custom file handler (it just triggers browser file download).
I've been pulling my hair with this issue because I couldn't find any helpful/detailed answers anywhere online.
I seriously need help from Microsoft people.
UPDATE:
Now I have some progress - I can see custom file icon, .encx file now tries to show something as a preview when I select it, and opens in new tab if I click it.
The problem is Preview, Open works with my localhost URL, but not with published Azure web service URL. It says Sorry, something went wrong along with Invalid URL: |0..
UPDATE 2:
Here's a manifest file for Azure web service app:
{
"appId": "0afc5455-a05b-4cc1-b241-89c717d9bce4",
"appRoles": [],
"availableToOtherTenants": false,
"displayName": "MyFileHandler",
"errorUrl": null,
"groupMembershipClaims": null,
"homepage": "http://my***.azurewebsites.net/",
"identifierUris": [
"https://filevisor.net/MyFileHandler"
],
"keyCredentials": [],
"knownClientApplications": [],
"logoutUrl": null,
"oauth2AllowImplicitFlow": false,
"oauth2AllowUrlPathMatching": false,
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access MyFileHandler on behalf of the signed-in user.",
"adminConsentDisplayName": "Access MyFileHandler",
"id": "5b21f973-edd5-4ace-a369-cfff0ed3b8fa",
"isEnabled": true,
"type": "User",
"userConsentDescription": "Allow the application to access MyFileHandler on your behalf.",
"userConsentDisplayName": "Access MyFileHandler",
"value": "user_impersonation"
}
],
"oauth2RequirePostResponse": false,
"passwordCredentials": [
{
"customKeyIdentifier": null,
"endDate": "2018-02-02T05:22:35.7514025Z",
"keyId": "b19de090-a661-402f-8ae2-624f148ff6fd",
"startDate": "2017-02-02T05:22:35.7509019Z",
"value": null
}
],
"publicClient": false,
"replyUrls": [
"http://my***.azurewebsites.net/"
],
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "17dde5bd-8c17-420f-a486-969730c1b827",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"extensionProperties": [],
"objectType": "Application",
"objectId": "0bdea3fb-5ff7-4b8c-aa2c-6556a4c2ce46",
"deletionTimestamp": null,
"createdOnBehalfOf": null,
"createdObjects": [],
"manager": null,
"directReports": [],
"members": [],
"memberOf": [],
"owners": [],
"ownedObjects": []
}
I don't see an "addIns" property in your manifest, as described here: Configure and update file handlers in Office 365. It might be that this property is just suppressed from the downloaded copy of the manifest, but if you haven't added this property to the manifest, please add it and see if that helps.
As of yesterday I added a webapi and a native app to my Azure AD.
Yesterday I was able to download the WEBAPI's manifest file to add appPermissions (for delegating permissions to the native app).
Not there's no longer any appPermissions located in the manifest file, it has changed. I have tried to add new apps, and even a new AD.
Now theres only appRoles there.
Does anyone know why this is, and how I could solve this so i still can delegate permissions?
Might this be the new thing to use?
oauth2Permissions": [
{
"adminConsentDescription": "Allow the application full access to the service on behalf of the signed-in user",
"adminConsentDisplayName": "Have full access to the service",
"id": "23906603-82b7-4471-afbd-b6bcf2fe7b1a",
"isEnabled": true,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application full access to the service on your behalf",
"userConsentDisplayName": "Have full access to the service",
"value": "user_impersonation"
}
],
#Simon Agren is right, and that new oauth2Permissions worked for me. Just download an old existing Maninifest and you will see how it now uses the oauth2Permissions instead of the appPermissions. Remember to create a new GUID for the id attribute.
I also turned surprised when I saw that this morning :)
Cheers.