UnauthorizedAccessException where connection worked previously

[jkoppelm]

I have a very simple Sharepoint source connection that worked fine up until this morning. With no changes to the yaml, I am now getting:

Error: failed to sync v3 source sharepoint: rpc error: code = Internal desc = failed to init plugin: failed to initialize client: failed to connect to SharePoint: unable to request api: 403 Forbidden :: {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Attempted to perform an unauthorized operation."}}}

The same thing happens with 1.8.2 and 2.0.0.

spec:
  name: "sharepoint"
  registry: "github"
  path: "koltyakov/sharepoint"
  version: "v1.8.2"
  destinations: ["file"]
  tables: ["*"]
  spec:
    auth:
      strategy: "ondemand"
      creds:
        siteUrl: "https://sunpowercorp.sharepoint.com/sites/Engineering"
    lists:
      Lists/COE:

I have no problem hitting the list in a browser:
https://sunpowercorp.sharepoint.com/sites/Engineering/Lists/COE

[koltyakov]

Hi @jkoppelm,

Could it be that something was re-configured in your SharePoint Online tenant? E.g. 2FA, conditional access, 3rd party SSO added or the on-demand user's permissions were retracted.

Please try removing gosip folder in os.TempDir() OS temporary folder and re-authenticate.

There should be Chrome window popup for creds entry. Btw, it's also can be Chrome removed in the system causing issues with on-demand auth.

While on-demand auth is great with its simplicity when you quickly need to authenticate without asking for service level creds, the strategy might not be the best for scheduled automations. I'd recommend checking Azure auth or Addin-Only auth as an alternative if it's an ongoing sync scenario.

[jkoppelm]

Removing gosip did cause Chrome to popup. However, it looks like the sign-in attempt has an error. I see "connecting to site", then "redirecting", then: "Can't open this page", error code: STATUS_STACK_BUFFER_OVERRUN.

2023/11/01 10:00:21 {"method":"Runtime.consoleAPICalled","params":{"type":"info","args":[{"type":"string","value":"BSSO Telemetry: {\"result\":\"Error\",\"error\":\"NoExtension\",\"type\":\"ChromeSsoTelemetry\",\"data\":{},\"traces\":[\"BrowserSSO Initialized\",\"Creating ChromeBrowserCore provider\",\"Sending message for method CreateProviderAsync\",\"Received message for method CreateProviderAsync\",\"Error: ChromeBrowserCore error NoExtension: Extension is not installed.\"]}"}],"executionContextId":1,"timestamp":1.698858021472278e+12,"stackTrace":{"callFrames":[{"functionName":"","scriptId":"10","url":"https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js","lineNumber":17,"columnNumber":79673},{"functionName":"C","scriptId":"10","url":"https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js","lineNumber":17,"columnNumber":79629},{"functionName":"E","scriptId":"10","url":"https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js","lineNumber":17,"columnNumber":79566}]}}}

[koltyakov]

What's the OS and Chrome version?

I can't repro so far.

Could it be connected with this?

[jkoppelm]

Unfortunately, that does not solve the problem, even with reboot. It seems I'm going to have to use an alternative credential strategy to get this working, which is a lot of friction. We are using SSO... but I am certain ondemand worked this weekend, so I am puzzled but what changed.