Skip to content
This repository was archived by the owner on Jun 18, 2024. It is now read-only.

Missing "MyFiles" capability #98

Open
MiguelGL opened this issue May 11, 2016 · 9 comments
Open

Missing "MyFiles" capability #98

MiguelGL opened this issue May 11, 2016 · 9 comments

Comments

@MiguelGL
Copy link

MiguelGL commented May 11, 2016
edited
Loading

Hello, we are since recently experiencing problems with our Android app accessing OneDrive via the following dependencies:

compile group: 'com.microsoft.services', name: 'odata-engine-core', version: '0.13.0'
compile group: 'com.microsoft.services', name: 'odata-engine-android-impl', version: '0.13.0', ext: 'aar'
compile group: 'com.microsoft.services', name: 'discovery-services', version: '0.13.0'
compile group: 'com.microsoft.aad', name: 'adal', version: '1.1.11'
compile group: 'com.microsoft.services', name: 'file-services', version: '0.11.1'

When we read the ServiceInfos returned by discoveryClient.getservices().read(); we now read a single service info which just has the Directory capability. Until some time ago what we used to obtain was at least one ServiceInfo which had a capability named MyFiles. We then checked for this specific capability and went on to our OneDrive using code without problems.

So now that we do not get this MyFiles cap, our application fails. If we try to test to skip this capability check in our own code and directly go to the OneDrive specific code, we then get 403 errors reported via Exception from your API.

The "Delegated Permissions" we are using in our application, set in the Azure Portal are:

Windows Azure Active Directory: (2 perms)

  • Access the directory as the signed-in user
  • Sign in and read user profile

Microsoft Graph: (5 perms)

  • Have full access to user files
  • Read user files
  • Read items in all site collections
  • Read files that the user selects
  • Sign in and read user profile

Has anything changed? Do we need to delegate any additional permissions?

Or, maybe, should we now implement a different approach for any reason?

For the record, our iOS team using these deps for months now are experiencing no issues:

pod 'LiveSDK'
pod 'ADALiOS', '~> 1.2.2' # 1.2.2 < ver < 1.2.2
pod 'OrcEngine/Implementation', :git => 'https://github.com/MSOpenTech/orc-for-ios.git', :branch => 'dev'
pod 'Office365/Files', :git => 'https://github.com/greathansen/Office-365-SDK-for-iOS', :branch => 'orc-poc'`

Thanks in advance!
@ricalo
Copy link

ricalo commented May 11, 2016

Hi @MiguelGL,

I think that with this SDK you have to use permissions in the Office 365 SharePoint Online application instead of Microsoft Graph.
image

You can use the Microsoft Graph permissions with REST endpoints or the Microsoft Graph SDK for Android (Preview).

Let me know if you have more questions.

@MiguelGL
Copy link
Author

Hey @ricalo thanks for such quick response!

The thing is I do not find such "Office 365 SharePoint Online" permissions section when I enter our Azure Portal settings. I am attaching a screenshot of those available when I use the old Portal and go to "Active Directory" -> "Default Directory" -> "Applications" -> (select our app) -> "Configure" -> "Add Application" Button.

Also, trying to perform a similar navigation through the new Portal ends up leading me to exactly the same place into the old portal.

Is there anything else we need to configure for these "Office 365 SharePoint Online" permissions to be available?

Thanks again!

azure_app_config

@ricalo
Copy link

ricalo commented May 11, 2016

Mmm... is it possible that you're browsing a directory that doesn't have an Office 365 subscription?
This StackExchange thread explains the problem.

Check if Default directory really is the directory that is linked to your Office 365 subscription. You can probably identify this by looking at the users. Instead of going to
Active Directory > Default Directory > Applications
go to...
Active Directory > Default Directory > Users
And verify that the users listed there have access to Office 365.

Let me know how this goes.

@MiguelGL
Copy link
Author

Hey thanks again. We happen to be experiencing the same problem as the one described on the StackExchange link.

The weird thing is our organisation does have a SharePoint Online subscription (we browse and edit documents online, Excel, Doc etc.).

Could it be that our SharePoint subscription is not linked (or whatever) to the Domain we access when through the Azure Portal? If so, how could we fix this?

Thanks again for your help.

@ricalo
Copy link

ricalo commented May 12, 2016

It's kind of hard to tell.

If Active Directory > Default Directory > Users has the same users that can access SharePoint Online then you should be okay and your best bet is probably to contact support 😞

If not, you can try to link your Office 365 subscription to your Azure subscription. You'll find how to do it in the following article - Associate your Office 365 account with Azure AD to create and manage apps.

I'm sorry you're having such a hard time with this issue.

@MiguelGL
Copy link
Author

Dear @ricalo your kind and detailed help is very much appreciated :)

When following the steps in the provided link I am missing the Use existing directory option after selecting Custom Create. The only choice I am offered is a dialog as the one shown here:
ad_create
Is that maybe an outdated article? Other things we could try?

Thanks a lot again!

@ricalo
Copy link

ricalo commented May 12, 2016

I saw that issue a long time ago. I think I remember how to solve it.

The problem is that the Use existing directory option doesn't show up unless you're using a Microsoft account ([email protected], [email protected] or [email protected]) to manage the directory. Try this:

  1. Go to Active Directory > Default Directory > Users
  2. Click Add user
  3. Select User with an existing Microsoft account
  4. Type your Microsoft account (create one if you don't have one already)
  5. In the User profile dialog, add the Global Admin role to the account.
  6. Open an inPrivate or incognito browser window.
  7. Go to the Azure Portal.
  8. Sign in with your Microsoft account.

Now you can try either of the following:

Hope this helps.

@MiguelGL
Copy link
Author

Hello again Ricalo. We are so grateful for your dedication and help. Unfortunately we have not been able to work this out as per your prev. indications. We have created a new @outlook.com account and added as Global Admin in Azure AD management.

But when we sign in with this @outlook.com user into the Azure Portal we get a "You have no Subscriptions" message preventing us from entering the portal. Also, the link you provided to "Associate your Office 365 account ... manage apps" does not work.

We're stuck here and have no further ideas... any hints you'd like to share?

Thanks again!!

@ricalo
Copy link

ricalo commented May 18, 2016

Mmmm... I'm running out of ideas. My guess is that the outlook.com account has to be added as a co-administrator, but I think the concepts have changed in the UI and I no longer can see how you can add a user as a co-administrator. What I can see is how to add him as an owner.

  1. Go to http://portal.azure.com and sign in with the account that has access to the subscription.
  2. On the navigation bar to the left click Subscriptions
  3. Select your subscription and then click Settings
  4. Click Users > Add > Select a role > Owner > Invite and then type the outlook account in the invite textbox.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MiguelGL @ricalo