Question
BPM Company
NL
Last activity: 2 Apr 2024 4:53 EDT
Authentication 403 error in SharePoint Online component
Hi all,
We've installed the SharePoint Online Integration v2 component on our PegaCloud dt1 environment and using it in our application.
We followed the configuration steps as described https://docs-previous.pega.com/data-management-and-integration/87/installing-sharepoint-online-component and https://docs-previous.pega.com/data-management-and-integration/87/connecting-your-application-sharepoint .
We connect to a sharepoint-site that was recently configured by our client. The site was configured with a Sharepoint expert and we double checked the authorization configuration of the sharepoint site.
While running one of the data pages (D_SPOnlineGetAllLists) we get a 403 http status code. In the log I see that an error occurs:
BEARER authentication error: No access token available
HTTP Status code: 403 Forbidden
We did a connection setup in postman following the steps of Microsoft: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#configure-a-client-application-to-access-web-apis . Here we are succesfully able to retrieve a list of lists. The setup is different than how the SP Online component handles the authentication calls, a high-trust sharepoint is used not line with the steps that Microsoft provides in the URL above.
Hi all,
We've installed the SharePoint Online Integration v2 component on our PegaCloud dt1 environment and using it in our application.
We followed the configuration steps as described https://docs-previous.pega.com/data-management-and-integration/87/installing-sharepoint-online-component and https://docs-previous.pega.com/data-management-and-integration/87/connecting-your-application-sharepoint .
We connect to a sharepoint-site that was recently configured by our client. The site was configured with a Sharepoint expert and we double checked the authorization configuration of the sharepoint site.
While running one of the data pages (D_SPOnlineGetAllLists) we get a 403 http status code. In the log I see that an error occurs:
BEARER authentication error: No access token available
HTTP Status code: 403 Forbidden
We did a connection setup in postman following the steps of Microsoft: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#configure-a-client-application-to-access-web-apis . Here we are succesfully able to retrieve a list of lists. The setup is different than how the SP Online component handles the authentication calls, a high-trust sharepoint is used not line with the steps that Microsoft provides in the URL above.
Now from the Microsoft documentation, it seems that the API to retrieve an access token has changed because of the the Graph API introduction. For the Graph API, the authentication method is different from the Sharepoint API.
Here, we use the endpoints:
- Auth URL: https://login.windows.net/common/oauth2/authorize?resource=https%3A%2F%2Fgraph.microsoft.com
- Access token URL: https://login.microsoftonline.com/common/oauth2/token
- Also, the endpoint to which we make the call is different. For example, for retrieving all lists from Sharepoint, the endpoint was
.. and with Graph API became https://graph.microsoft.com/v1.0/sites/<SPO site>/lists (see the site: https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/use-postman-and-aad-app-to-get-data-from-sharepoint-online-using/ba-p/510051)
Either way, I don't manage to make this work in our Pega environment, also if I use the exact same setup as in Postman Pega doesn't manage to get a token.
Help is very much appreciated!
Best regards,
Erwin
Accepted Solution
Updated: 1 Aug 2023 5:08 EDT
Pegasystems Inc.
GB
@MaartenBPM I can see that INC-A4556 was closed with your permission.
Our support team provided you with some suggestions on using the Sharepoint Online component by making the following changes:
In the screenshot of the auth profile shared by you, it seems you've reused the auth endpoint for the access token endpoint. These are distinct resources in the OAuth2 flow, and are used for different purposes.
Try to modify the auth profile in use and replace the auth token endpoint with the value https://login.microsoftonline.com/common/oauth2/token
If this does not resolve the issue, you could further try and replace the redirect URI value with https://[modified].pegadocuments.com/oauth2/callback to copy the postman configuration exactly
We understand that you managed to get through the authentication procedure by using Graph API and that you are no longer using the steps from the default component.
Updated: 29 Jun 2023 6:31 EDT
Pegasystems Inc.
GB
Are you referring to the MarketPlace component as referenced here?
Did you follow the steps from Integrating SharePoint Online with Pega Platform, Installing the SharePoint Online Component and Connecting your application to SharePoint?
If you need to liaise with Pega Cloud, please check Working with Pega Cloud Services for the section Integrating Pega applications with external systems
Covers connecting to REST or SOAP services, and configuring enterprise messaging with either JMS or IBM MQ. It also includes information about the security best practices and the process for conducting security assessments for applications on Pega Cloud
Are you referring to the MarketPlace component as referenced here?
Did you follow the steps from Integrating SharePoint Online with Pega Platform, Installing the SharePoint Online Component and Connecting your application to SharePoint?
If you need to liaise with Pega Cloud, please check Working with Pega Cloud Services for the section Integrating Pega applications with external systems
Covers connecting to REST or SOAP services, and configuring enterprise messaging with either JMS or IBM MQ. It also includes information about the security best practices and the process for conducting security assessments for applications on Pega Cloud
If you have additional questions perhaps you could PM Prasad Akella who is listed there as the product owner.
@nvkap @ChandraSekharBk could one of you comment on this question about SharePoint integration?
BPM Company
NL
@MarijeSchillernIt's indeed the Sharepoint Online component and Erwin and I followed and double checked the configuration steps multiple times together with a Sharepoint expert. As we got a 403, it means we have connection from PegaCloud to the sharepoint but there's an authentication/authorization issue. We have the configuration working from Postman following the steps from Microsoft.
We contacted the PO of the component earlier but got no response so far, we also raised a ticket INC-A4556 and got no solution so far, it seems the PO is off.
Unfortunately, as GCS, marketplace components are not supported by us.
Since the owner of the mentioned component is right now on leave until next week, we will need to wait for him to comeback and investigate this further
Pegasystems Inc.
GB
Hoi @MaartenBPM many thanks for the above details. I will subscribe to the support ticket and will continue to chase the SME for you.
Hopefully in the meantime another forum user will be able to add their experience and observations in this forum post.
Accepted Solution
Updated: 1 Aug 2023 5:08 EDT
Pegasystems Inc.
GB
@MaartenBPM I can see that INC-A4556 was closed with your permission.
Our support team provided you with some suggestions on using the Sharepoint Online component by making the following changes:
In the screenshot of the auth profile shared by you, it seems you've reused the auth endpoint for the access token endpoint. These are distinct resources in the OAuth2 flow, and are used for different purposes.
Try to modify the auth profile in use and replace the auth token endpoint with the value https://login.microsoftonline.com/common/oauth2/token
If this does not resolve the issue, you could further try and replace the redirect URI value with https://[modified].pegadocuments.com/oauth2/callback to copy the postman configuration exactly
We understand that you managed to get through the authentication procedure by using Graph API and that you are no longer using the steps from the default component.
Updated: 1 Apr 2024 6:39 EDT
Evoke Technologies
US
@MaartenBPM @MarijeSchillern Facing similar issue, may I know, how you resolved this issue.
Pegasystems Inc.
GB
@AkshithReddyT as this post is now almost a year old, if you do not get a response I suggest that you log a support issue in order to have our support team help investigate your issue.