search

AzureAD / MSAL.PS

MIT License
163 stars 29 forks source link

Get-MsalToken interactive fails on PowerShell 7 #18

Closed muzzar78 closed 3 years ago

muzzar78 commented 4 years ago

I have tried using Get-MsalToken -interactive in PowerShell 7.03 and PowerShell 7.1 preview 7 and it fails with the following error.

image

It launches the browser successfully and I can see the code is returned however the error is then returned. image

When I run the same command from PowerShell 5.1 it completes successfully and I get the token back. Any help is appreciated.

jazuntee commented 3 years ago

I am not sure why the behavior would be different between versions unless there is a difference in how the MSAL.net library works in .NET Framework vs Core but that does not appear to be the issue here.

If you follow the instructions in the error message you should be able to resolve this by making your app registration a public client. You are requesting a token for a public client, not a confidential client, because you are not providing an app secret or certificate as part of the authentication. https://aka.ms/msal-net-invalid-client

muzzar78 commented 2 years ago

@IpsitoDutta - I found the reason the interactive login wasn't working was the Azure AD app registration had the incorrect redirect URL. We were originally using localhost but when we change it to https://login.microsoftonline.com/common/oauth2/nativeclient then it worked as expected.

image

IpsitoDutta commented 2 years ago

So an update. I did have the redirect URI, but the platform chosen was web. After changing the platform to Mobile/Desktop app, I'm able to get the token issued but Yammer is still not accepting it. I am looking into it.

IpsitoDutta commented 2 years ago

Final update: After changing the platform to Mobile/Desktop and using the script below, I am able to call Yammer Rest APIs after a successful interactive auth:

$TenantId='' $ClientId='' $Scopes=@('https://api.yammer.com/.default') $token=Get-MsalToken -TenantId $TenantId -ClientId $ClientId -Scopes $Scopes -Interactive $Bearertoken="Bearer " + $token.Accesstoken $headers = @{Authorization=$Bearertoken} $response=Invoke-RestMethod -Method Get -Uri "https://www.yammer.com/api/v1/users/current.json” -Headers $headers $response

Thank you for pointing me in the right direction. @muzzar78