SharePoint
Graph token generated from SPFx app returns empty response from /usageRights endpoint
Target SharePoint environment
SharePoint Online
What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Developer environment
None
What browser(s) / client(s) have you tested
- [ ] 💥 Internet Explorer
- [x] 💥 Microsoft Edge
- [ ] 💥 Google Chrome
- [ ] 💥 FireFox
- [ ] 💥 Safari
- [ ] mobile (iOS/iPadOS)
- [ ] mobile (Android)
- [ ] not applicable
- [ ] other (enter in the "Additional environment details" area below)
Additional environment details
- browser version
- SPFx version 1.21.1
- Node.js version 18.18.0
- etc
Describe the bug / error
When using a Graph token generated from an SPFx app, the beta/me/usageRights endpoint returns an empty array with a 200 OK response. When using Graph Explorer, all licenses are returned.
I understand this may not be an SPFx issue. If this is a Graph API issue, how can I get this information over to them? This is stopping us from enforcing licenses on the SPFx side and is a major blocker. Thanks!
Graph explorer response:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#users('05c1fcca-11a6-444d-84f0-efd435dba6b0')/usageRights",
"@odata.nextLink": "https://graph.microsoft.com/beta/users/05c1fcca-11a6-444d-84f0-efd435dba6b0/usageRights?$skiptoken=***",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET users('<guid>')/usageRights?$select=catalogId,serviceIdentifier",
"value": [
{
"id": "***",
"catalogId": "***",
"serviceIdentifier": "***",
"state": "inactive"
}
]
}
Response from SPFx app:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#users('05c1fcca-11a6-444d-84f0-efd435dba6b0')/usageRights",
"value": []
}
Steps to reproduce
- Log in as a user with an assigned license
- Generate a Graph token from the SPFx app with User.Read permissions
- Call https://graph.microsoft.com/beta/me/usageRights
Expected behavior
Endpoint returns a list of assigned licenses.
Hello @pheidler , Thank you for bringing this issue to our attention. We will look into it and get back to you shortly.
@pheidler, After reviewing and testing the behavior, it appears that this is not an SPFx (SharePoint Framework) issue, but rather a problem with the Microsoft Graph API endpoint itself. This behavior is reproducible in both SPFx apps and Graph Explorer, which confirms that the issue is not related to how the token is generated or how SPFx interacts with Graph, but instead an inconsistency in the Graph API's response.
Suggested action: Please consider opening this issue in the Microsoft Graph docs contributions repository, which is the correct place to track API-related bugs: https://github.com/microsoftgraph/microsoft-graph-docs-contrib/issues
@Ashlesha-MSFT Issues are disabled in the repository that you linked. I've forwarded this issue to the Graph API team member that I was put in contact with through Microsoft support.
@Ashlesha-MSFT Can you please direct me to the appropriate place or person to report this issue? The repository you linked does not have issues enabled.
@pheidler, Since Issues are disabled in the repository, the only option available is to open the related documentation like below: https://learn.microsoft.com/en-us/graph/api/cloudlicensing-usageright-get?view=graph-rest-beta&tabs=http (issue related doc
Then, scroll to the right of the page and use the "Feedback" section to submit feedback related to the documentation.
Any update on this issue? Running into the same trying to get a transactional offer in the marketplace. It appears to be a problem with the token used in the SPFx framework. I've confirmed that /me/usageRights works with Graph Explorer, when signed in. Also, if hardcoded the token from Graph Explorer works in the SPFx solution. Produces Empty Response:
const graphClient = await context.msGraphClientFactory.getClient("3");
const response = await graphClient.api(`/me/usageRights`).version('beta').get();
Output:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#users('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')/usageRights",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET me/usageRights?$select=catalogId,serviceIdentifier",
"value": [ ]
}
Hard coded access token produces expected results.
const accessToken = "<Get from Graph Explorer>";
const response = await fetch("https://graph.microsoft.com/beta/me/usageRights", {
headers: {
"Authorization": `Bearer ${accessToken}`
}
});
const data = await response.json();
Output:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#users('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')/usageRights",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET me/usageRights?$select=catalogId,serviceIdentifier",
"value": [
{
"id": "xxxxxxxx",
"catalogId": "XXXXXXXXX:0001",
"serviceIdentifier": "my-offer-test.plan-a-test",
"state": "inactive"
}
]
}
I opened a ticket with Microsoft on this issue and took it as far as I could, but the team responsible is refusing to address the issue and claims it is working as intended (the call to usageRights from an SPFx is being security trimmed, even though the logic behind the trimming makes no sense, basically making the usageRights API useless in the context of a multi-tenant SPFx). An "improved" licensing API is supposedly being built, but the team is providing no details and no information on an ETA for the API.
