Error inside my azure function:- This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant
I have this CSOM code inside my Azure Function inside Visual Studio 2022:-
var certificate = GetCertificateByThumbprint(Environment.GetEnvironmentVariable("CertificateThumbPrint"));
// Set up the MSAL client
var clientApplication = ConfidentialClientApplicationBuilder
.Create(Environment.GetEnvironmentVariable("ClientId"))
.WithCertificate(certificate)
.WithAuthority($"https://login.microsoftonline.com/{Environment.GetEnvironmentVariable("TenantId")}")
.Build();
// Acquire an access token
var scopes = new[] { Environment.GetEnvironmentVariable("SiteUrl")+ ".default" };
var authenticationResult = await clientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
var accessToken = authenticationResult.AccessToken;
// Set up the SharePoint context
var clientContext = new ClientContext(Environment.GetEnvironmentVariable("SiteUrl"));
clientContext.ExecutingWebRequest += (sender, e) =>
{
e.WebRequestExecutor.RequestHeaders["Authorization"] =
"Bearer " + accessToken;
};
clientContext.Load(clientContext.Web);
clientContext.ExecuteQuery();
but i am getting this error on var authenticationResult = await clientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
{"AADSTS500011: The resource principal named https://****.sharepoint.com/sites/DocumentManagement was not found in the tenant named ***. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: 99efd092-ee23-4519-9c41-43f2d8db2101\r\nCorrelation ID: f4aa1bb1-2209-4674-a763-652fa123d554\r\nTimestamp: 2023-02-27 14:51:35Z"}
Here is the Azure Active Directory APP i am using, which i configured it to have access to a single site using this powershell command:-
$siteUrl = "https://***.sharepoint.com/sites/DocumentManagement/"
$clientId = "***"
$certThumbprint = "***"
$tenant = "***.onmicrosoft.com"
Connect-PnPOnline -Url $siteUrl -Interactive
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId $clientId -DisplayName "FolderStructure"
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"
Here is a screen shot of my Azure AD App:-
Any advice on this please? the error is saying that it can not access this site https://***.sharepoint.com/sites/DocumentManagement/
which is a valid site inside my tenant and i have granted the Azure Ad APP full control on it (as shown in the power shell script)