Pnpjs: Remove requirement for Adal auth popup

Same here on this one, clearly the adal configs need to be updated in the common package.

@patrick-rodgers do you want to have a look? I have a few minutes tonight otherwise :)

IF you are operating inside SPFx >=1.6 and provided us the context then you should not see a pop-up. This is however entirely governed by SPFx. You can see the actual code that is running.

Edit: additional docs link

Is there more to operating inside 1.6 than the node SPFx package versions? I can guarantee those are absolutely 1.6 and always have been.

We are also having an issue with some SP tenants whereby the only way Graph successfully authenticates via the pop-up is if you do a find/replace all in node_modules for the "magic ID", replacing it with a different tenant-specific ID which has been generated.
I would imagine this is more likely a problem with SharePoint than PnP?

Can you share a minimal reproduction of what you are doing? Inside SPFx you shouldn't need to worry about creating any clients or anything, just provide the context as shown in the docs. The client should be auto created behind the scenes and you can just call the graph API.

public onInit(): Promise<void> {
  return super.onInit().then(_ => {
    graph.setup({
      spfxContext: this.context
    });
    graph.users.get().then(console.log); // Or any other graph endpoint at all.
  });
}

On newly created apps using either the @microsoft/sharepoint or @pnp/spfx generators, either:

• Produces the popup
• Appears to make no attempt to authenticate and the request returns 403.

Generally I've found authentication to be more reliable on Firefox than Chrome.

Have you followed the steps in this article specifically those around visiting the new API management page? There was a limited number of older tenants that needed an admin to visit this page to reset the AAD plumbing used by SPFx. My tenant was affected and I needed to visit this page, wait about 10 minutes, and then everything "magically" started working again.

I can't reproduce this so its very hard to debug. The other issues is that if you are using all the versions of things you say (and I believe you) then we are using directly the SPFx AAD token provider to get the token, there isn't much we can do to fix anything there. Do you get the same permission errors if you use the native graph client in SPFx? That would help us narrow down whether it is permissions/setup of something with the library.

My previous statement that it appears to make no attempt to authenticate seems to be wrong. Checking session storage shows adal authentication keys for Graph do appear when the first request is made, however the request is still returning 403 (I tested with /me so I know I definitely have permission to read the data).

I know permissions have definitely been set in the new API management page on tennants before to get Graph working, which has previously failed to make everything magically work as often described. I will however try again with a fresh application and report back.

Revoking and re-granting the permission in SharePoint seems to have fixed it, cheers for your help.

Awesome, glad things are working! I'll close this then as resolved, please _reopen_ should you need to continue the conversation. Thanks!