Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Graph API - Setup

JohanSörman
Level 5

‎26-10-22 10:23 AM

Hi,

I have access to Azure portal and have an application created. After setting up client key and secret, is that enough to use the actions in BP or do you have to manually configure Web API like any normal REST API?

Another question, in a previous version we had to create an app inside of the Sharepoint for the site we wanted to interact with to get the client secret. With Graph, is this still required or is it enough for the account being a member/admin of the site (for protected sites or whatever they're called)?

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes
15 REPLIES 15

ewilson
Staff
Staff
In response to JohanSörman

‎31-10-22 04:01 PM

@Johan Sörman,

You are correct for the most part. If there are no permissions granted on the application registration in the Azure Portal then you won't be able to get a token. However, when a new registration is created there is a default permission that is added which is the Delegated Access permission User.Read

Regarding the multiple errors on the MSAL VBO, we can adjust the code of the action to give us more details. I assume you're using the Get Auth Token - Client Secret action, correct? If so, open the Code stage on that action in the VBO. It should look like this:

7097.png
Let's try adding this additional catch block:

catch (AggregateException ae) 
{
	StringBuilder exceptionMessages = new StringBuilder();
	foreach (var e in ae.Flatten().InnerExceptions) 
	{
		exceptionMessages.Append(e.Message);
		exceptionMessages.Append("\n");
	}
	Exception = exceptionMessages.ToString();
}
​

So the final code will look like this:

7098.png
Can you try that and see if you get additional exception details when using an Application Access token?

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎01-11-22 01:25 PM

@ewilson,
Thank you for the additional code. I've added it to the action and will report back when we've tested it.​

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes

ewilson
Staff
Staff
In response to JohanSörman

‎10-12-22 12:02 AM

Hello @Johan Sörman,

Have you been able to try out that new code?

Cheers,​

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎12-12-22 09:23 AM

Hi @ewilson,
Unfortunately our IT department declined our request ​for application permissions so I haven't been able to verify the addtional code. 

It seems like the Graph API gives access to all site on the domain which they did not like. So seems like a roadblock for our use until the API gets more dynamic/flexible for Sites.

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes

ewilson
Staff
Staff
In response to JohanSörman

‎12-12-22 12:21 PM

Hi @Johan Sörman,

There are a couple ways to address this, which it sounds like your IT team have not looked into.

1) Instead of getting an Application Access token you could requested a Delegated Access token. This is essentially that case of a Digital Worker running under a specific Active Directory account (i.e. as a user). If your IT team is willing to create a user with the approved permissions on whatever SharePoint sites you should be good to go.

2) Alternatively, there is a Graph permission known as Sites.Selected.​ I haven't looked into this to much myself, but it seems it would be a way for Application Access tokens to be limited to specific sites. You can read more about it here.

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎12-12-22 12:33 PM

As for suggestion 1 it doesn't seem practical for our use case, due to the fact we would had needed to interact with 200+ sites with each site having different owners/members.

By the sounds of it, suggestion 2 sounds a lot like similar configuration you had to do with the old sharepoint skill you offered but I haven't had the chance to look into that.

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes