get access denied from specific sites using sharepoint REST APIs

[mistysya]

What type of issue is this?

Question

What SharePoint development model, framework, SDK or API is this about?

SharePoint REST API

Target SharePoint environment

SharePoint Online

What browser(s) / client(s) have you tested

• 💥 Internet Explorer
• 💥 Microsoft Edge
• 💥 Google Chrome
• 💥 FireFox
• 💥 Safari
• mobile (iOS/iPadOS)
• mobile (Android)
• not applicable
• other (enter in the "Additional environment details" area below)

Additional environment details

• browser version
• SPFx version
• Node.js version
• etc

Issue description

Hi, I used below SharePoint REST API to get the site's information.
https://graph.microsoft.com/v1.0/sites/{site-id}
https://graph.microsoft.com/v1.0/sites/{site-id}/drives

However, when I used some site-ids, I received the following response:

{
    "error": {
        "code": "accessDenied",
        "message": "Access denied",
        "innerError": {
            "date": "2023-03-30T01:20:24",
            "request-id": "a56c6c25-1b86-47d7-84aa-6acb458becfb",
            "client-request-id": "a56c6c25-1b86-47d7-84aa-6acb458becfb"
        }
    }
}

When I tried the same REST API with other site-ids in the same tenant and token, I received the expected response:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites/$entity",
    "createdDateTime": "2023-03-30T04:08:20.17Z",
    "description": "",
    "id": "XXXX",
    "lastModifiedDateTime": "2023-03-30T04:19:07Z",
    "name": "XXXX",
    "webUrl": "XXXX",
    "displayName": "XXXX",
    "root": {},
    "siteCollection": {
        "hostname": "XXXX"
    }
}

I also checked my JWT token at jwt.ms and confirmed that I have the Sites.FullControl.All permission, and I can receive the expected response with the same token.

{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/dcb0e1d1-6cde-4420-a658-ede52a8bead1/",
  "iat": 1680155149,
  "nbf": 1680155149,
  "exp": 1680159049,
  ......
  "roles": [
    "TeamSettings.ReadWrite.All",
    "Mail.ReadWrite",
    "User.ReadWrite.All",
    "TeamsTab.Create",
    "Channel.ReadBasic.All",
    "Directory.ReadWrite.All",
    "TeamsTab.ReadWrite.All",
    "Contacts.ReadWrite",
    "Team.Create",
    "Group.ReadWrite.All",
    "Files.ReadWrite.All",
    "TeamMember.ReadWrite.All",
    "Team.ReadBasic.All",
    "ChannelMessage.Read.All",
    "Calendars.ReadWrite",
    "Chat.ReadWrite.All",
    "ChannelMember.ReadWrite.All",
    "ChannelSettings.ReadWrite.All",
    "Channel.Create",
    "Sites.FullControl.All"
  ],
  "sub": "30035663-67f3-468e-a0a8-1cdcc40f30c6",
  "tenant_region_scope": "AS",
  ......
}

I would like to know why I only received this response from specific sites. What does the error message mean? Are there any settings that could cause this issue?

Thank you for your reply.

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

[github-actions]

Thank you for taking the time to file an issue. We periodically archive older or inactive issues as part of our issue management process, which automatically closes them once they are archived.

If you’d like to understand more about why and how we handle archived (closed) issues, please see Our approach to closed issues.

We appreciate your contribution and if this is still an active issue with the latest SPFx versions, please do resubmit the details. We needed to perform a cleanup, so that we can start with a clean table with a new process. We apologize for the inconvenience this might cause.