question

CloudBitsNL avatar image
0 Votes"
CloudBitsNL asked saldana-msft edited

Search endpoint returns "BadRequest" when searching for documents with an external user

We want to let external users search for documents in our SharePoint.
For this we created a web API that gets an acces token (delegation) for MS Graph and executes the Search query.
This works fine for our own users but executing the query for external users (Guest users in our tenant) we get a BadRequest response.
The request we do:

 {
   "requests": [
     {
       "entityTypes": ["driveItem"],
       "query": {
         "queryString": "lorum path:\"https://mytenant.sharepoint.com/sites/subsite\""
       }
     }
   ]
 }

The BadRequest response we get

 {
   "error": {
     "code": "BadRequest",
     "message": "\r\n The call failed, please try again.",
     "innerError": {
       "date": "2021-05-17T10:27:49",
       "request-id": "SOME_ID",
       "client-request-id": "SOME_ID"
     }
   }
 }

I couldn't find anywhere if the call should work for external users. BadRequest responses often suggest that some incorrect permissions but we can't figure out what permissions we need to give.

Any information on this topic is welcome!



office-sharepoint-onlinemicrosoft-graph-search
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered Krasa edited

Hi @CloudBitsNL ,

Delegated permissions means that app would perform actions on behalf of the sign-in user. And I think it's the same as in SharePoint that MS Graph search is also not supported for external users.

As a workaround, you could use Application permissions to get the access token. This would work for you. https://docs.microsoft.com/en-us/graph/auth-v2-service


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Krasa avatar image Krasa ·

The error message should be changed to something meaningful - or at least to something not totally misleading.

0 Votes 0 ·
CloudBitsNL avatar image
0 Votes"
CloudBitsNL answered

Hi @MichaelHan-MSFT,

Thanks for your quick reply!

As a workaround we now use CSOM to search documents in a specific SharePoint site. This is works with delegated permissions and external users so the security trimming is handled by SharePoint.

We rather don't want to use Application permissions because that leeds to doing the security triming ourselves.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.