Azure Function "Connect-MgGraph -Identity" to access SPO files in SiteAssets doc lib #3030
Unanswered
Stressf1sh
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Dear community,
when trying to access a file hosted in the "SiteAssets" document library of SharePoint Online, using a "system assigned managed identity" for an Azure Function, I'm receiving the error message: "401 (Unauthorized)". The ErrorDetails states: "error":{"code":"InvalidAuthenticationToken","message":"Access token is empty."
Import-Module -Name Microsoft.Graph.Authentication
Import-Module -Name Microsoft.Graph.Users
Import-Module -Name Microsoft.Graph.Sites
Connect-MgGraph -Identity
$item = Get-MgSiteListItem -ListId '' -SiteId '' -ExpandProperty Fields ### (works perfectly fine, followed by a foreach)
$params = @{
UseBasicParsing = $true
Method = "GET"
Uri = "https://graph.microsoft.com/v1.0/sites/hostname.sharepoint.com:/sites/sitename:/items/$($item.id):/content"
TimeoutSec = 10
ErrorAction = "SilentlyContinue"
}
$item = Invoke-WebRequest @params
I tried the following endpoints without any success using the Azure Function. However, it worked perfectly fine using delegated permissions with Graph Explorer:
https://graph.microsoft.com/v1.0/sites/<siteId>/drives/<driveId>/root:/$($serverRelativeUrl) https://graph.microsoft.com/v1.0/sites/<hostname>.sharepoint.com:/sites/<siteName>:/items/$($item.id) https://graph.microsoft.com/v1.0/drives/<driveId>/items/$($item.id)I'm not sure: is it because of the endpoint I'm using, which is not accepting "application permissions"? Or is it a problem of the managed identity (got "Sites.Read.All" and "User.ReadWrite.All" permissions)? Or is there some more "auth magic" needed?
Thanks in advance for any assistance.
Beta Was this translation helpful? Give feedback.
All reactions