Skip to content

Permission Denied when using Graph API service to call Sharepoint with an Azure AD Guest account #1039

@deck05

Description

@deck05

My app is using Azure AD as an entry point to access both Sharepoint and website.

Good Case Scenario:
I login as an AD user, the app runs as it should. I can use both Graph Api and PNP SP to retrieve data from Sharepoint.

Issue:
If an external user (i.e. gmail, yahoo accounts) is used, the Graph Api throws permission denied error. I added the account on both the Azure AD and added it to the Sharepoint users. If I login to Sharepoint manually as an external user, the site will run perfectly fine. My guess is that the token that Graph API uses does not have the correct permissions to consume Sharepoint services. Can you please help?

Category

  • Question
  • Documentation issue
  • Bug

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions