Showing results for 
Search instead for 
Did you mean: 
Regular Visitor

Canvas PowerApp: Failed to get onbehalfof access token: connectionId=sharepointonline, message=MSGraph discovery endpoint

This is the situation we are experiencing with one of the apps:


  • We have a Canvas Powerapp that uses SharePoint lists for storing the data. Lists are stored in a newly created Team site.
  • App is shared with some Guest users (They have E3 licences in their tenants). We also gave them permissions on SharePoint site.
    App uses User().Email to query the lists based on a value in some PeoplePicker columns.
  • For users in our tenant everything works fine.
  • For guest users everything works fine once we give them permissions. But then, every morning, when they start the app, they do not see any data in it. No error is shown.
  • We debugged the app using the Monitor, and saw that every request to SharePoint ends up with 401 Unauthorized error. This is the response we get:


"response": {
"duration": 0,
"size": 0,
"status": 401,
"headers": {
"Content-Length": 503,
"Content-Type": "application/json",
"x-ms-apihub-cached-response": false,
"x-ms-apihub-obo": true,
"x-ms-failure-cause": "apihub-token-exchange",
"x-ms-client-request-id": "[GUID]"
"body": "Failed to get onbehalfof access token: connectionId=sharepointonline, message=MSGraph discovery endpoint returned status code 401 (Unauthorized). Response:\r\n{\"error\":{\"code\":\"accessDenied\",\"message\":\"There has been an error authenticating the request.\",\"innerError\":{\"date\":\"2022-08-09T08:38:35\",\"request-id\":\"[GUID]\",\"client-request-id\":\"[GUID]\"}}}"



As soon as the guest user visits the SharePoint site and tries to reload the Powerapp, the data becomes visible in the app and everything starts working normaly. Until the next morning.

We tried to share the app with other tenants and the same thing happens. Some guest users have MFA activated and the others do not, but with all of them we have the same issue.

The question:
Is there anything we can do to refresh this token without asking the users to open the SharePoint site in browser, since that is not an option?


Helpful resources

October Events

Mark Your Calendars

So many events that are happening this month - don't miss out!

Ignite 2022


Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Power Apps Africa Challenge 2022

Power Apps Africa Challenge

Your chance to join an engaging competition of Power Platform enthusiasts.

Users online (2,724)