silicondt
commented
1 year ago So after testing is seems like this part of your script is the issue.
# Construct table with common parameter input for Get-AccessToken function
$AccessTokenArguments = @{
"TenantId" = $TenantID
"ClientId" = $ClientID
"RedirectUri" = $RedirectUri
"ErrorAction" = "Stop"
}**** This part below does not add the secret to the $AccessTokenArguments variable, even if it was passed to the script **** Also if the secret is ConvertTo-SecureString it comes back as an error the secret is wrong. If its passed without converting it, it works OK. I tested this my manually putting it in the $AccessTokenArguments and commenting out the below part ****
# Dynamically add parameter input for Get-MsalToken based on parameter set name
switch ($PSCmdlet.ParameterSetName) {
"ClientSecret" {
Write-Verbose "Using clientSecret"
$AccessTokenArguments.Add("ClientSecret", $(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force))
}
}
I am trying to use the latest version of Upload-WindowsAutopilotDeviceInfo (1.2.1)
The notes say "1.2.1 - (2023-06-07) Improved access token retrieval, now supports client credentials flow using ClientID and ClientSecret parameters"
Yet when I run the script and pass a CLIENT ID and a CLIENT secret from an azure app I made, it still pops up with a username and password prompt. What am I doing wrong?
Is there any guidance to how to create the enterprise app to work right? What permissions should be turned on in the app?
Example of code I tried.. but it still asks for a username and password.
Install-Script -Name Upload-WindowsAutopilotDeviceInfo -force -confirm:$false -Scope "AllUsers"
$tenant = "mydomain.com" $ClientID = "12sdsdsdsd-ffff-ssss-eeee-dsfsdfsdfsdf" $Clientsecret = "blablablabla"
cd "$env:ProgramFiles\WindowsPowerShell\Scripts" ./Upload-WindowsAutopilotDeviceInfo -TenantName $tenant -ClientID $clientID -ClientSecret $clientsecret