MSTeams Desktop Client中的SPFx Webpart引发UnauthorizedAccessException [英] SPFx webpart in MSTeams Desktop Client throws an UnauthorizedAccessException
问题描述
此问题与之前在StackOverflow上提出的问题非常相似.但是,我得到的错误是不同的.
This question is very similar to a question which has been asked previously on StackOverflow. However, the error I'm getting is different.
AadHttpClient在以下情况下失败在MSTeams Desktop Client中使用SPFx Webpart加载SP页面
我还有一个 Sharepoint Online网站,其中有一个 SPFx Web部件,该部件利用了 AadHttpClient .
I also have a Sharepoint Online site in which I have an SPFx web part which makes use of AadHttpClient.
如果我从浏览器导航到Sharepoint网站或打开MS Teams Web客户端,则此Webpart可以工作.
This webpart works if I navigate to the Sharepoint site from a browser or open MS Teams web client.
我的设置概览:
这是我面临的问题的重现步骤"概述.
Here is a "steps to repro" overview of the issue I am facing.
- 将Web部件部署到SharePoint
- 在SharePoint中查看Web部件– Web部件显示并加载确定
- 在团队中添加SharePoint选项卡,并将其绑定到具有Web部件的页面上
- 在Teams Desktop客户端中查看选项卡–数据无法在Web部件中加载(请参阅下文)
- 在Teams Web客户端中查看选项卡– Web部件显示并加载确定
调试MS Teams桌面客户端时,在网络请求"选项卡中有此呼叫:
When I debugged the MS Teams desktop client, I have this call in in the Network requests tab:
https://{mytenant}.sharepoint.com/sites/{mysite}/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource={GUID of my AAD app registration}&clientId={GUID of SharePoint Online Client Extensibility AAD app registration}
响应:
错误403:
{"odata.error":{代码":-2147024891, System.UnauthorizedAccessException",消息":{"lang":"en-US","value":"Access 否认.您无权执行此操作或访问 此资源.}}}
{"odata.error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}}
一个有趣的发现是,该Web请求仅在Microsoft Teams桌面客户端中发生.
One interesting observation was that this web request only happens in Microsoft Teams desktop client.
我想知道为什么仅在MS Teams桌面客户端而不是在MS Teams Web客户端或Sharepoint Online中发生这种情况.
I am interested in knowing why this only happens in MS Teams desktop client and not on either the MS Teams web client or Sharepoint Online.
更新:2020年2月10日
另一个观察结果:我们在其他租户(个人租户而不是公司租户)上尝试了相同的设置.我们注意到,在Azure Active Directory上打开MFA时,可能会重现相同的行为.
Another observation: We tried the same setup on a different tenant (personal tenant instead of our corporate tenant). We noticed that the same behaviour could be reproduced when MFA is turned-on on the Azure Active Directory.
失败的请求是:
https://{personal tenant}.sharepoint.com/sites/{site name}/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource={GUID of the AD app registration}&clientId={GUID of the SPO Client Extensibility app registration}
但是,现在返回的错误是带有响应的500:
However, now the error returned is a 500 with the response:
{"odata.error":{"code":-1, System.AggregateException," message:{" lang:" zh-CN," value:"一个或 发生了更多错误.}}}
{"odata.error":{"code":"-1, System.AggregateException","message":{"lang":"en-US","value":"One or more errors occurred."}}}
在Github上发现了类似的问题(但有不同的错误): https ://github.com/SharePoint/sp-dev-docs/issues/4915
Similar issue found, (but a different error) out on Github: https://github.com/SharePoint/sp-dev-docs/issues/4915
推荐答案
最近,对于一个调用graphAPI的Web部件,我也遇到了类似的问题.在桌面团队中,呼叫永远不会发生,并且会陷入困境.我可以按照以下步骤修复它:-
I faced similar issue recently for a webpart that was calling graphAPI. On Desktop teams the call never use to happen and it use to get stuck. I was able to fix it by following these steps: -
步骤1.访问Tenant Admin网站上新的API权限管理页面.这在幕后创建了一个客户机密.
Step 1. Visit the new API Permission Management Page on the Tenant Admin Site. This creates a client secret behind the scenes.
第2步.转到-> https://aad.portal .azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
第3步.点击SharePoint Online Client Extensibility Web Application Principal
第4步.在左侧菜单上单击清单".第5步.从oAuth2Permission数组中复制ID.
Step 4. Click Manifest on the left menu Step 5. Copy the id from the oAuth2Permission array
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on behalf of the signed-in user.",
"adminConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"id": "2143704b-186b-4210-b555-d03aa61823cf",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on your behalf.",
"userConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"value": "user_impersonation"
}
],
步骤6.将"preAuthorizedApplications"条目替换为以下json.保持appId如下所示.
Step 6. Replace "preAuthorizedApplications" entry with the following json. Keep the appId as it is written below.
"preAuthorizedApplications": [
{
"appId": "00000003-0000-0ff1-ce00-000000000000",
"permissionIds": [
"YOUR COPIED ID FROM STEP 5"
]
}
],
第7步.点击保存.
让我知道这是否对您有用.我从 https://github.com/引用了上述步骤SharePoint/sp-dev-docs/issues/3923#issuecomment-514726341
Let me know if this works for you. I referred the above steps from https://github.com/SharePoint/sp-dev-docs/issues/3923#issuecomment-514726341
这篇关于MSTeams Desktop Client中的SPFx Webpart引发UnauthorizedAccessException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!