SPFx Webpart – External User Access

Introduction

Hi friends, today we are going to look at a major issue when using SharePoint Framework web part. Today, most of the custom developments are done using SPFx for SharePoint Online and as long as there is a list or library level permission the web part will work for Internal users. If it comes to an External user, the use case is entirely different and though they have read access to the lists and libraries, the SPFx web part will throw an error.

Let us see how to resolve the access issue for External user while accessing the SharePoint Framework web part.

Resolution

Follow below steps and try to access the web part for external users.

Make sure you have granted read access to the page where the SPFx web part is added and also to the lists and libraries if required by the web part.
When SPFx web parts are deployed to App Catalog (Tenant or Site Collection), all the JS and other relevant files are added to the ClientSideAssets folder. Below are the URL to the folder based on your site or tenant name
- Site Collection App Catalog – https://tenant.sharepoint.com/sites/sitename/ClientSideAssets
- Tenant App Catalog – https://tenant.sharepoint.com/sites/<appcatalog name>/ClientSideAssets
Make sure the above special library or the app catalog site has read permission for the External users.
Since app catalog and ClientSideAssets are special site and folder, you cannot add the external user claim and assign permission. You can give a try but if you get an error saying Could not resolve user id or claim, please try the below steps.
Follow the below steps if step 4 is unsuccessful.
- Make sure you have installed SharePoint Online Management Shell
- Open SharePoint Online Management Shell under Admin privilege and execute the below commands
- Connect-SPOService -Url https://tenantname-admin.sharepoint.com – this will connect to the admin site. The settings we are going to enable is on the tenant level and it should be done by the Tenant administrator.
- Set-SPOTenant -ShowEveryoneClaim $true -ShowPeoplePickerSuggestionsForGuestUsers $true – This will enable the tenant to show all the users claim including the external users.
- Now try the step 4. You can also give Everyone read acces, instead of manually adding all the external users email. To select Everyone also, you need to execute the above commands.