Closed pawp81 closed 3 years ago
Are you running the command in PowerShell or ISE? VS Code is currently not supported for interactive logon.
If you don't use MFA, you can save credentials to a variable and then get the accesstoken.
$Cred = Get-Credential
Get-AADIntAccessTokenForAADJoin -SaveToCache -Credentials $Cred
I am running it in PowerShell. Yes I am using PowerShell so the option -Credentials parameter didn't work:
Do you have any error reports for the non-workingGet-AADIntAccessTokenForAADJoin -SaveToCache -Credentials $Cred
?
Get-AADIntAccessTokenForAADJoin -SaveToCache -Credentials $Cred
Invoke-RestMethod : {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change
made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access
'01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9'.\r\nTrace ID: 2b627b3e-bf70-429e-8c62-538c6a217100\r\nCorrelation ID:
54aadd25-9fbf-46ee-8f13-ecab888406b3\r\nTimestamp: 2021-01-22 11:55:18Z","error_codes":[50076],"timestamp":"2021-01-22
11:55:18Z","trace_id":"2b627b3e-bf70-429e-8c62-538c6a217100","correlation_id":"54aadd25-9fbf-46ee-8f13-ecab888406b3","e
rror_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}
At C:\Program Files\WindowsPowerShell\Modules\AADInternals\0.4.4\AccessToken_utils.ps1:2510 char:19
+ ... $response=Invoke-RestMethod -Uri $url -ContentType $contentType -Me ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Could not get Access Token!
At C:\Program Files\WindowsPowerShell\Modules\AADInternals\0.4.4\AccessToken_utils.ps1:2437 char:13
+ Throw "Could not get Access Token!"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Could not get Access Token!:String) [], RuntimeException
+ FullyQualifiedErrorId : Could not get Access Token!
Okay, seems that your organisation requires MFA so the credentials wont work. Back to the original issue then.
You are probably using a quite recent Windows 10, which is missing a registry key HKCU:\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
As a workaround, you can create the missing registry key and add the value of 0x00002af9
for powershell.exe
and powershell_ise.exe
as illustrated below. After that, start a new PS session and the original command should work.
I'll fix this issue for the next release.
I have same issue unfortunately, I checked and already had those reg keys.
Are you also trying to use saved credentials and MFA is required? Any error messages?
I tried with an account that doesnt have MFA and after entering the password in the popup box, it just goes blank white, I eventually close it which causes this error:
Could not get OAuthInfo! At C:\Program Files\WindowsPowerShell\Modules\AADInternals\0.6.2\AccessToken.ps1:1327 char:17
+ CategoryInfo : OperationStopped: (Could not get OAuthInfo!:String) [], RuntimeException
+ FullyQualifiedErrorId : Could not get OAuthInfo!
Another bug due to recent changes :(
Try to comment out the line 1322 in AccessToken_utils.ps1 and remove and import module:
# $web.ScriptErrorsSuppressed = $True
That worked! Very nice :)
When running on Windows 1809 (not joined to domain or AAD):
Get-AADIntAccessTokenForAADJoin -SaveToCache
I receive following error: