Not able to read the files and folders from sharepoint

Hi all,

I am not able to read the file and folders from the sharepoint site. I am getting the below error while accessing it. I have all the details correct the tenant id, application and cilent secret also the permission are granted refer the screenshot.

Error message:
Find Files And Folders: Code: AccessDenied
Message: Either scp or roles claim need to be present in the token.
Inner error:
AdditionalData:
date: 2025-01-21T07:04:29
request-id: dd57062a-980b-4280-a7b4-fa064ca66dd1
client-request-id: dd57062a-980b-4280-a7b4-fa064ca66dd1
ClientRequestId: dd57062a-980b-4280-a7b4-fa064ca66dd1

Hi @vishal_nachankar,

Can you please share details on which authentication type you are using to connect to sharepoint using Microsoft O365 package?

I think Delegate access won’t work for you and you might need application access.

Also sharing few thread from similar error, please follow the steps mentioned in these posts:

Regards
Sonali

@vishal_nachankar

as per error , Application scope is what you for the file access…

cheers

Using application id and secret for authentication type

sorry can you please explain?

@vishal_nachankar

In the screenshot …second column says delegated…it should say application

Cheers

any reason why it should be application only? just curious to know the reason so that i can explain the same to the IT team of azure of my cilent

@vishal_nachankar

Delegated are user specific permissions…when used with 3rd party applications with client id and secret user cannot authenticate so application scope is to be used

Cheers

as per IT they can provide only delegated type of access only for the application

@vishal_nachankar

then change your authentication type from client id secret to others

please check for more info

cheers

tried with authentication type as username and password but getting below error Find Files And Folders: Code: generalException
Message: An error occurred sending the request.

@vishal_nachankar

open exceptions details from locals panel you would see the actual exception there

cheers

RemoteException wrapping Microsoft.Graph.ServiceException: Code: generalException
Message: An error occurred sending the request.
—> RemoteException wrapping Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50076: Due to a configuration change made by your administrator,
or because you moved to a new location,
you must use multi-factor authentication to access ‘00000003-0000-0000-c000-000000000000’. Trace ID: e3356654-13a3-4286-94f5-216324ac5400 Correlation ID: a194e8ae-56d0-40a1-96e2-82949052abf3 Timestamp: 2025-01-22 07:01:37Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response,
RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response,
RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.d__111.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__10.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__10.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest.<ExecuteAsync>d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at UiPath.Shared.Authentication.Microsoft.Services.MsalLogonService.<AuthenticateInternalAsync>d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at UiPath.Shared.Authentication.Microsoft.Services.MsalLogonService.<AuthenticateAsync>d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at UiPath.Shared.Services.Graph.GraphClientServiceFactory.<TimeoutAfter>d__191.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at UiPath.Shared.Services.Graph.GraphClientServiceFactory.d__15.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at UiPath.Shared.Services.Graph.GraphClientServiceFactory.d__25.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at UiPath.Shared.Services.Graph.GraphClientServiceFactory.d__13.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at UiPath.Shared.Authentication.Microsoft.Extensions.HttpRequestMessageExtensions.d__4.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.AuthenticationHandler.d__16.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.d__58.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.SimpleHttpProvider.d__13.MoveNext()
— End of inner exception stack trace —
at Microsoft.Graph.SimpleHttpProvider.d__13.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.SimpleHttpProvider.d__10.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.BaseRequest.d__40.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.BaseRequest.d__341.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.SiteRequest.<GetAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at UiPath.MicrosoftOffice365.Files.Extensions.FilesExtensions.<FindFilesAndFoldersAsync>d__36.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at UiPath.MicrosoftOffice365.Activities.Files.FindFilesAndFolders.<ExecuteAsync>d__32.MoveNext() --- End of stack trace from previous location where exception was thrown --- at UiPath.Shared.Activities.AsyncTaskCodeActivityImplementation.EndExecute(AsyncCodeActivityContext context, IAsyncResult result) at UiPath.Shared.Activities.AsyncTaskCodeActivity.EndExecute(AsyncCodeActivityContext context, IAsyncResult result) at UiPath.Shared.Activities.ContinuableAsyncCodeActivity.EndExecute(AsyncCodeActivityContext context, IAsyncResult result) at UiPath.MicrosoftOffice365.Activities.Office365BaseClientActivity.EndExecute(AsyncCodeActivityContext context, IAsyncResult result) at UiPath.MicrosoftOffice365.Activities.Office365ClientActivity2.EndExecute(AsyncCodeActivityContext context,
IAsyncResult result)
at System.Activities.AsyncCodeActivity.System.Activities.IAsyncCodeActivity.FinishExecution(AsyncCodeActivityContext context,
IAsyncResult result)
at System.Activities.AsyncCodeActivity.CompleteAsyncCodeActivityData.CompleteAsyncCodeActivityWorkItem.Execute(ActivityExecutor executor,
BookmarkManager bookmarkManager)

@vishal_nachankar

as per errors looks like mfa is enabled and when it is enabled username and password cannot be used…shift to interactive token

cheers

Tried with Interactive token as well getting below error

@vishal_nachankar

Error is clear your admin needs to provide you access

The link provided above has all details…i would suggest provide it to your admin so that he can look into it and give the best option as per your organization rules

Cheers

Hi @vishal_nachankar,

We have also faced all these kinds of errors in the past while trying to enable usage of Microsoft Office 365 package.

Looks like you have MFA enabled. And if that is the case, only 1 and 4 option mentioned in my below post would work for you. After a lot of tests and our talks with Office365 product team from UiPath, this conclusion was made.

I clearly understand when you say your admin says only these delegated permissions can be provided. Issue with using application access is it exposes the application fully so proper controls need to be set before providing you the access.

Hence, I would suggest to have your internal information security team involved and work with your Office365 admin team to come up with an architecture on how and to what level application access should be given.

For our case also, we did the same and set proper controls in place - even though we use application access, only the SharePoint urls added to the whitelist can be accessed using that application access and nothing else. For each and every SharePoint url and its corresponding user, we raise request to our admin team to have the access provided. It’s not a straightforward and quick thing but it works. It has been working fine for us for last 2 years now.

I hope this info helps you as well:

Please note: for option 1, delegated permissions were allowed to us and for option 4, application permission.

Regards
Sonali

Hi @vishal_nachankar,

Application id and secret won’t work with delegated access. It only works with application level access.

Please read my above post on same.

I have provided all the details on what we had to do to make it work.

Regards
Sonali