Microsoft Graph Api - Azure Active Directory B2B collaboration invitation redemption - lost access to documents

1
votes

I noticed very weird issue. If user has Microsoft Account and accept invitation, system remove permission to all shared documents.

  1. upload document: 
await _graphClient.Drives[_driveId].Root.ItemWithPath(itemWithPath)
                            .Content.Request()
                            .PutAsync<DriveItem>(fileStream)
  1. create guest: 
await _graphClient.Invitations.Request().AddAsync(new Invitation()
            {
                InvitedUserEmailAddress = email,
                InvitedUserDisplayName = displayName,
                SendInvitationMessage = false,
                InviteRedirectUrl = NullableString.Parse(ConfigurationManager.AppSettings["AppAddress"])
            });
  1. add permission: 
await _graphClient.Drives[_driveId].Items[driveItemId].Invite(
                 recipients,
                 requireSignIn: true,
                 roles: new[] { "write" },
                 sendInvitation: false
             ).Request().PostAsync();

In onedrive on document I see user is granted, but once user open url to document and accept invitation redemption to azure active directory see error, no access to document. In azure directory user first is marked (source) as Invited User than Microsoft User if accept terms.

If I repeat the same scenario once user accept invitation redemption than access stay as expected. So what is wrong? Why system are removing access?

1
azureazure-ad-graph-api

1 Answers

0
votes

It still does not works as I expected so I had to find different, less convenient way for my clients.

Solution: 1- create document 2- create invitation, but this time send message from Microsoft azure to b2b users 3- client need to accept privacy policy 4- after accept redirect to my system and add permission to document

Expected solution: 1- create document 2- create invitation, without message from azure 3- add permission to document for invited users b2b 4- if user open document have to accept privacy policy and Microsoft redirect to document point 4 does not work. Once user accept privacy document user see Deny Access do document