PnP-PowerShell icon indicating copy to clipboard operation
PnP-PowerShell copied to clipboard

Published 20 hours ago verified publisher icon pnp

Not able to execute any PnP related commands after connecting to SPO site using app id and app secret

Open ymihir opened this issue 4 years ago • 10 comments

I want to execute Get-PnPProvisioningTemplate command. For this first I am connecting to SPO site using Connect-PnPOnline site by passing AppId and AppSecret. Connection was successful. Then I am executing Get-PnPProvisioningTemplate command and I was ended up with (401) unauthorized error. Then I tried with simple command as Get-PnPList, this also same issue. I gave tenant level full control permissions to the given app id. image

I have created a new trial tenant and executed, there also I am getting same issue. If use -UseWebLogin instead of AppId and secret then it is working fine. What is the root cause.

Note: I executed same command 5 months back and it worked like charm. Now giving the issue. What is the reason?

ymihir avatar Oct 22 '20 17:10 ymihir

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

ghost avatar Oct 22 '20 17:10 ghost

No solution for this?

ymihir avatar Oct 23 '20 13:10 ymihir

Hi @ymihir Have you giving your app registration in Azure AD the correct permissions?

fastlaneb avatar Oct 26 '20 16:10 fastlaneb

Why azure AD comes here?

ymihir avatar Oct 27 '20 18:10 ymihir

The AppID and AppSecret you're using are for an App Registration. Those are Azure AD functionality. If you to the App Registration blade in Azure AD you should see your App Registration and see what permissions it has.

ToddKlindt avatar Oct 27 '20 18:10 ToddKlindt

Hi @ymihir When you use the app secret method to connect you are also using an application registration in Azure AD. This is the "AppId" you are plugging in.

fastlaneb avatar Oct 27 '20 18:10 fastlaneb

@fastlaneb, @ToddKlindt App ID created in SharePoint undr appregnew.aspx. I trying to execute with app only policy by applying below permission xml to the app id

<AppPermissionRequests AllowAppOnlyPolicy="true" >
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Why to create azure app registration and what permission to give? Any documentation to refer?

ymihir avatar Nov 12 '20 11:11 ymihir

Hi @ymihir If you're explicitly adding the perms via the SharePoint page you reference appregnew.aspx(SharePoint App-Only) I don't believe you have to do anything in the Azure App Reg blade. If you do want to read about Azure AD App-Only for SharePoint you can check it out here: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

fastlaneb avatar Nov 12 '20 15:11 fastlaneb

@fastlaneb Earlier it used to work. But from couple of months it stopped working. Not sure why this behavior.

ymihir avatar Nov 19 '20 09:11 ymihir

@ymihir using the appregnew page the App Secret expires after one year. You can review that on Azure AD > App Registrations > Search for your AppId > Secrets, you will see there the expiration date. Then you can create a new App Secret.

bmarcos81 avatar Jan 12 '21 15:01 bmarcos81