azureoffice365sharepoint-onlineazure-app-registration
Unable to define the sites for an App Registration for SahrePoint with Site.Selected
I have this App registration inside Azure with Site.Selected for SharePoint online:-
I want to define the sites for the above "Sites.Selected", so I tried the following:-
$siteUrl = "https://*.sharepoint.com/sites/integration-prod"
$clientId = "2**0a"
$certThumbprint = "7**EA"
$tenant = "**.onmicrosoft.com"
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -Thumbprint $certThumbprint -Tenant $tenant
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId $clientId -DisplayName "SPGPIntegration-Test"
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"
But I got these errors:-
Grant-PnPAzureADAppSitePermission: {"error":{"code":"AccessDenied","message":"Either scp or roles claim need to be present in the token.","innerError":{"date":"2024-09-17T14:01:55","request-id":"38072694-80cf-4235-9b4c-3d0335ee72ff","client-request-id":"38072694-80cf-4235-9b4c-3d0335ee72ff"}}}
Get-PnPAzureADAppSitePermission: Forbidden (403): Either scp or roles claim need to be present in the token.
Set-PnPAzureADAppSitePermission: Cannot validate argument on parameter 'PermissionId'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
any advice on this please?
Thanks EDIT
I also tried with an App Registration which have full control but got the exact error , here what i tried, so i have 2 client IDs (one for the App registration with full control , while the other for the App registration which have Site.Selected), as mentioned in the description:-
$siteUrl = "https://*****"
$clientId = "Client ID For the App Registration which have full control"
$certThumbprint = "Thumbprint For the App Registration which have full control"
$tenant = "****.onmicrosoft.com"
connect-PnPOnline -Url $siteUrl -ClientId $clientId -Thumbprint $certThumbprint -Tenant $tenant
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId "Client ID For the App Registration which have Sites.Seleced" -DisplayName "SPGPIntegration-Test"
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity "Client ID For the App Registration which have Sites.Seleced""
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"
but got the exact same error...
Solution
Created a Microsoft Entra ID Application and granted same API permissions as you:
When tried the script got the same errors:
To resolve the error, you need to grant Microsoft Graph Sites.FullControl.All application type API permission to the application
After granting the API permission I am able to do the operations successfully by modifying the script like below:
$siteUrl = "https://XXX.sharepoint.com/sites/testrukk"
$appName = "SharePointPnPApp"
$clientId = "ClientID"
$certThumbprint = "XXX"
$tenant = "XXX.onmicrosoft.com"
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -Thumbprint $certThumbprint -Tenant $tenant
if ($permission -ne 'FullControl' ) {
Grant-PnPAzureADAppSitePermission -AppId $clientId -DisplayName $appName -Site $siteUrl -Permissions "Write"
}
else {
Grant-PnPAzureADAppSitePermission -AppId $clientId -DisplayName $appName -Site $siteUrl -Permissions Write
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $appId
Set-PnPAzureADAppSitePermission -Site $siteUrl -PermissionId $(($PermissionId).Id) -Permissions FullControl
}
Get-PnPAzureADAppSitePermission -Site "https://XXX.sharepoint.com/sites/testrukk"
Reference:
- How can I define compile time constants in bicep configuration language?
- Outlook calendar don't render with FullCalendar
- Azure functions decoding error for IotHub device connection state message schema
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- How to mount multiple disks in a loop using ansible
- How can I get sub value in nested json via KQL?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to transfer "Set Variable" activity output into Json file using "Copy Data" activity or any other options?
- Verify Microsoft Access token on my ASP.NET Core Web API
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Check if the resource exists before using data
- Not able to see azure 'LifecyclePolicyCompleted event' log
- Direct Web Push gives Error when used from Notification Hub
- Azure Remove User Consent to API
- Flutter-Azure Deviops pipelineThe discrepancy between the number of tests reported as passed or failed in the pipeline output and the test report
- App_location on deployment of a static webapp
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Reading values from a key value based file and passing these values to azure devops template
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- How to retrieve the front door id from a Microsoft CDN (classic)
- What is HEAD operation in CosmosDB reported in Azure Monitoring
- Deploying a Python App to Azure App Service with Github Actions
- How to Query User Access Logs for Azure Front Door
- How can I add email recipients to a Graph API request programmatically?
- How to create Azure Devops Service Connection Docker Registry Type Other
- Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
- Azure Document Intelligence Custom Classification Python API
- Azure Function App unaccounted for time in Application Insights Timeline