msgraph-sdk-powershell
msgraph-sdk-powershell copied to clipboard
microsoftgraph
Set-MgApplicationVerifiedPublisher Status: 403 (Forbidden) ErrorCode: UnknownError
Describe the bug
I am trying to set Application VerfiedPublisherId with powershell and MsGraph. I can set VerifiedPublishelId with request via GraphExplorer but can not do the same via PowerShell script. I definitely have all the permissions.
Expected behavior
204 Command executed and verified publisher is set.
How to reproduce
$body = @{ VerifiedPublisherId = $desiredState.VerifiedPublisher.VerifiedPublisherId }
Set-MgApplicationVerifiedPublisher -ApplicationId $application.Id -BodyParameter $body;
SDK Version
2.19.0
Latest version known to work for scenario above?
No response
Known Workarounds
No response
Debug output
Click to expand log
```DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: POST
Absolute Uri: https://graph.microsoft.com/v1.0/applications/45385439-4846-49bf-911b-d2540b79bd43/microsoft.graph.setVerifiedPublisher
Headers: FeatureFlag : 00000043 Cache-Control : no-store, no-cache User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631; en-GB),PowerShell/2024.2.2 Accept-Encoding : gzip SdkVersion : graph-powershell/2.19.0 client-request-id : acdb195d-1ee9-43ae-812c-d48f8fa165bc
Body: { "verifiedPublisherId": "6838492" }
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: Forbidden
Headers: Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : dd6961b8-3ddc-4af1-b593-f622d8e4d0a3 client-request-id : acdb195d-1ee9-43ae-812c-d48f8fa165bc x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Sweden Central","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"GV2PEPF00000EA7"}} Date : Thu, 30 May 2024 07:56:34 GMT
Body: { "error": { "code": "UnknownError", "message": "", "innerError": { "date": "2024-05-30T07:56:34", "request-id": "dd6961b8-3ddc-4af1-b593-f622d8e4d0a3", "client-request-id": "acdb195d-1ee9-43ae-812c-d48f8fa165bc" } } }
</details>
### Configuration
Windows 11 x64
### Other information
_No response_
Hi @stas-sultanov ,
How do you authenticate in your code, could you please share the code snipped and log output? Could you also please check that the permissions are set correctly by using Get-MgContext cmdlet?
Also, are you setting the publisher for the same app registration in Graph Explorer and PowerShell SDK? Are you sure all requirements for setting the publisher have been met? https://learn.microsoft.com/en-us/entra/identity-platform/publisher-verification-overview#requirements
@petrhollayms, the thing is that I can manage all aspects of application registration like CRUD, except set VerifiedPublisher
this is how I connect to MgGraph
Connect-AzAccount -Environment AzureCloud -Tenant 'XXXXX'
# get access token
$accessToken = (Get-AzAccessToken -ResourceTypeName MSGraph).Token | ConvertTo-SecureString -AsPlainText -Force;
......
# connect to Graph
Connect-MgGraph -AccessToken $accessToken -NoWelcome;
this is the result of Get-MgContext
ClientId : 1950a258-227b-4e31-a9cf-717495945fc2
TenantId : XXXXX
Scopes : {AuditLog.Read.All, Directory.AccessAsUser.All, email, offline_access…}
AuthType : UserProvidedAccessToken
TokenCredentialType : UserProvidedAccessToken
CertificateThumbprint :
CertificateSubjectName :
SendCertificateChain : False
Account : stas@XXXXX
AppName : Microsoft Azure PowerShell
ContextScope : Process
Certificate :
PSHostVersion : 2024.2.2
ManagedIdentityId :
ClientSecret :
Environment : Global
@petrhollayms , I can set VerifiedPublisherId via GraphExplorer or by hand via Portal. but not with my script.
Unfortunately, I receive "code": "UnknownError" which gives 0 understanding about what the issue is.
Hi @stas-sultanov ,
Thank you for the confirmation, we will look into it.
@stas-sultanov is it possible to add -Debug parameter and share the output?
@timayabi2020 , I did this. the output attached to the initial message in Debug section.