Search endpoint returns "BadRequest" when searching for documents with an external user

Bas Peeters 21 Reputation points
2021-05-17T12:00:34.6+00:00

We want to let external users search for documents in our SharePoint.
For this we created a web API that gets an acces token (delegation) for MS Graph and executes the Search query.
This works fine for our own users but executing the query for external users (Guest users in our tenant) we get a BadRequest response.
The request we do: 

{
  "requests": [
    {
      "entityTypes": ["driveItem"],
      "query": {
        "queryString": "lorum path:\"https://mytenant.sharepoint.com/sites/subsite\""
      }
    }
  ]
}

The BadRequest response we get 

{
  "error": {
    "code": "BadRequest",
    "message": "\r\n The call failed, please try again.",
    "innerError": {
      "date": "2021-05-17T10:27:49",
      "request-id": "SOME_ID",
      "client-request-id": "SOME_ID"
    }
  }
}

I couldn't find anywhere if the call should work for external users. BadRequest responses often suggest that some incorrect permissions but we can't figure out what permissions we need to give.

Any information on this topic is welcome!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,646 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,682 questions
0 comments
Accepted answer
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-05-18T04:20:43.007+00:00

    Hi @Bas Peeters ,

    Delegated permissions means that app would perform actions on behalf of the sign-in user. And I think it's the same as in SharePoint that MS Graph search is also not supported for external users.

    As a workaround, you could use Application permissions to get the access token. This would work for you. https://learn.microsoft.com/en-us/graph/auth-v2-service

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bas Peeters 21 Reputation points
    2021-05-18T06:53:30.15+00:00

    Hi @MichaelHan-MSFT ,

    Thanks for your quick reply!

    As a workaround we now use CSOM to search documents in a specific SharePoint site. This is works with delegated permissions and external users so the security trimming is handled by SharePoint.

    We rather don't want to use Application permissions because that leeds to doing the security triming ourselves.

    0 comments