msgraph-sdk-powershell
msgraph-sdk-powershell copied to clipboard
microsoftgraph
Add a dedicate appId registration for mooncake
As a continuation of https://github.com/microsoftgraph/msgraph-sdk-powershell/pull/425, we should consider adding a special appId registration for mooncake since globally registered apps don't replicate to China cloud. This effort will build upon the existing model used by GE - https://github.com/microsoftgraph/microsoft-graph-explorer-v4/pull/955.
The current workaround is registering your own appId in mooncake and using it with Connect-MgGraph - Connect-MgGraph -ClientId $appId -Environment China.
AB#10522
hello there, may i know if there's any updates on this issue? my org in China has encountered this problem.
the workaround seems not working, with below error:
Connect-MgGraph -ClientId $appId -Environment China -Scopes "User.Read.All","Group.ReadWrite.All" -TenantId $tenantId
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '$appId'.
However, i tried to use below commands, another error occured:
Connect-MgGraph -ClientId $clientId -Environment China -TenantId $tenantId -CertificateThumbprint $thumbprint
Hi @leapyear1969 . Cloud you please call the command with -Debug and share the output?
Connect-MgGraph -Environment China -AppId $CN_App_Id -TenantId $CN_Tenant_Id -CertificateThumbprint $Cert_Thumbprint -Debug
hello @Icybiubiubiu , i saw that you regesiterd you own app, and it works, how did you do that? i tried both Self-signed certificate and CA certificate,no luck for me.
@Icybiubiubiu Is the certificate installed in your machine?
Can you execute with the certificate in memory:-
Connect-MgGraph -Environment China -AppId $CN_App_Id -TenantId $CN_Tenant_Id -Certificate $CertificateObject -Debug
@georgend Thanks for reminder. issue was resolved by installing cert on the client.
i still cannot connect to MSGraph via powershell SDK, even i installed the cert on my PC as trusted cert.
Connect-MgGraph -Environment China -AppId $CN_App_Id -TenantId $CN_Tenant_Id -Certificate $CertificateObject -Debug
@leapyear1969 have you uploaded the certificate to your mooncake (Azure Active Directory App Registration)?
@leapyear1969 have you uploaded the certificate to your mooncake (Azure Active Directory App Registration)?
@georgend yes,i did upload it to the AAD app registartion.
@leapyear1969, the certificate needs to be installed in your user's trusted store on the machine you are running the script from. You can use Get-ChildItem Cert:\CurrentUser\My\$CertThumbprint to verify if the certificate is indeed installed in the user store. See https://docs.microsoft.com/en-us/powershell/microsoftgraph/app-only?context=graph%2Fapi%2F1.0&view=graph-powershell-beta&tabs=azure-portal#certificate for more details.
Alternatively, you can -Certificate example shown in https://github.com/microsoftgraph/msgraph-sdk-powershell#usage.
I'm able to use app-only with a certificate thumbprint in China cloud without any issue.
@leapyear1969, the certificate needs to be installed in your user's trusted store on the machine you are running the script from. You can use
Get-ChildItem Cert:\CurrentUser\My\$CertThumbprintto verify if the certificate is indeed installed in the user store. See https://docs.microsoft.com/en-us/powershell/microsoftgraph/app-only?context=graph%2Fapi%2F1.0&view=graph-powershell-beta&tabs=azure-portal#certificate for more details.Alternatively, you can
-Certificateexample shown in https://github.com/microsoftgraph/msgraph-sdk-powershell#usage.I'm able to use app-only with a certificate thumbprint in China cloud without any issue.
Thanks so much Peter, it works for me after adding the cert to my local machine, i can check it via below command:
Get-ChildItem Cert:\CurrentUser\My\$CertThumbprint