sp-dev-docs icon indicating copy to clipboard operation
sp-dev-docs copied to clipboard
verified publisher icon SharePoint

Creating Team site with 'SharePointOnlineCredentials' no longer working ["Forwardable token to MSGraph is not available"]

Open Tanddant opened this issue 7 months ago • 9 comments

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

SharePoint CSOM

Developer environment

Windows

What browser(s) / client(s) have you tested

  • [ ] 💥 Internet Explorer
  • [ ] 💥 Microsoft Edge
  • [ ] 💥 Google Chrome
  • [ ] 💥 FireFox
  • [ ] 💥 Safari
  • [ ] mobile (iOS/iPadOS)
  • [ ] mobile (Android)
  • [x] not applicable
  • [ ] other (enter in the "Additional environment details" area below)

Additional environment details

SharePointPnPCoreOnline 3.12.1908

Describe the bug / error

I have a VERY old solution, that has been running flawlessly since 2018, and now all of a sudden about two weeks ago it stopped working, flat out.

The solution is following the (dated) instructions from learn, here to create modern team sites.

Now all of a sudden I'm getting an error "Forwardable token to MSGraph is not available" (Code: "-1, Microsoft.Office.Server.Directory.DirectoryObjectUnauthorizedAccessException")

And while I appreciate that things have improved a lot since then, and that I should just move to Graph, that's no small feat to upgrade an old .NET Framework solution all the way up to be modern, and I'm not interested in a game of tug-of-war over the bill that my client would get if I had to spent hours upgrading this solution.

I'm more than happy to accept this as "the new way", if you can point me to a piece of documentation/blog where you announced this change, and I just missed it, but otherwise, this feels a little big like a rug-pull I know loads of orgs have older solutions still running where they no longer have contact to any of the devs that can help them fix it.

Steps to reproduce

  1. Find an old project that relies on the SharePointOnlineCredentials object for auth
  2. Attempt to create a Modern Team Site

Expected behavior

To provision a modern team site

Tanddant avatar Jun 05 '25 06:06 Tanddant

Hello @Tanddant, Thank you for bringing this issue to our attention. We will look into it and get back to you shortly.

Ashlesha-MSFT avatar Jun 05 '25 11:06 Ashlesha-MSFT

@Tanddant, we're actively taking follow-ups with the engineering team on this issue regarding SharePointOnlineCredentials and modern site provisioning. The questions you've raised are valid, and we're working to get clarity on whether this is an expected backend change or part of the platform's evolution.

we'll share updates as soon as we hear back from engineering.

Thanks for your patience!

Ashlesha-MSFT avatar Jun 09 '25 06:06 Ashlesha-MSFT

We're having similar logic for creating sites which also stopped working very recently, giving the following error message when a PowerShell script is run that provisions modern team sites and their related data:

New-PnPSite : {"error":{"code":"-1, Microsoft.Office.Server.Directory.DirectoryObjectUnauthorizedAccessException","message":"Forwardable token to MSGraph is not available"}}

Kaaber avatar Jun 10 '25 10:06 Kaaber

@Tanddant, @Kaaber,

We were able to reproduce the issue, and we are investigating it. We have logged this as a bug, and our engineering team will look into it. Thank you for your patience!

Ashlesha-MSFT avatar Jun 10 '25 14:06 Ashlesha-MSFT

I should add, it seems the rest of my code functions, with SharePointOnlineCredentials - so this might be a change on the Graph side of the house (as indicated by the error message), but really hoping for some clarification, or public statement if this is the direction we're moving.

Also, is there any way to identify sign-ins done with SharePointOnlineCredentials in my logs somewhere? - would love to check through tenants with solutions that we've inherited to make sure they won't face issue, or aren't facing issues they haven't identified themselves.

Tanddant avatar Jun 11 '25 05:06 Tanddant

We have exactly the same error from a very old solution that just stopped suddenly working because of this error.

Exception while executing function: CreateSite {"error":{"code":"-1, Microsoft.Office.Server.Directory.DirectoryObjectUnauthorizedAccessException","message":{"lang":"en-US","value":"Forwardable token to MSGraph is not available"}}}

ArianAtapour avatar Jun 19 '25 07:06 ArianAtapour

I can confirm the same issue with credential authentification. Why should i use credential instead of clientId and secret/crtificate? becuase of this issue https://github.com/pnp/PnP-PowerShell/issues/2618

Is there any solution?

moudhafersalhi avatar Jul 10 '25 08:07 moudhafersalhi

What I have done maybe it helps others as well we ended up moving the whole site creation to Power Automate. If you are using a third party application as the trigger you can also send a post request via the "when a request is received". The SharePoint connector you need to create a site for example is "Send an HTTP request to SharePoint". You can read more about it here: Sharepoint site creation tutorial in PA. My current setup is as follows in the screenshot (P.S. Site Address at the top is your Sharepoint Site).

Setup PA Sharepoint site creation

ArianAtapour avatar Jul 10 '25 08:07 ArianAtapour

Hi @Ashlesha-MSFT - are there any updates on this matter?

JokerBoyCP avatar Sep 19 '25 12:09 JokerBoyCP