Get-PartnerCustomer : (invalid_grant) When using Service Principal

[L-P-G]

We have been using the API via user-based auth without issues, but now we're trying to fully automate our process. In doing so we added an app secret to the AAD Partner Center app we have registered in AAD. After that I tested the authentication using the command below. Connect-PartnerCenter works fine.

However, trying to get any information off the portal returns back

Get-PartnerCustomer : (invalid_grant)

According to the documentation linked below. When requesting a token from AAD (using the AppID/Secret/Tenant) a grant_type is sent in the body to login.microsft.com. What I don't know is if the grant_type sent by the module is incorrect or if there is something else messed up with permissions in the app registration in AAD

https://learn.microsoft.com/en-us/partner-center/developer/partner-center-authentication#rest-request

AAD registered app permissions

Steps to reproduce

What steps can reproduce the defect?

$appId = "REDACTED"
$secret =  ConvertTo-SecureString "REDACTED" -AsPlainText -Force
$tenantId = 'REDACTED'
$credential = New-Object System.Management.Automation.PSCredential($appId, $secret)
Connect-PartnerCenter -Credential $credential -Tenant $tenantId -ServicePrincipal
$PartnerCustomers = Get-PartnerCustomer
Get-PartnerCustomer : (invalid_grant)

Environment

PartnerCenter Module v3.0.10

[antt1995]

I am having the Same Issue $PartnerCustomers = Get-PartnerCustomer Get-PartnerCustomer: (invalid_grant)

[paulobriennz]

Same issue

[L-P-G]

Same issue

I ended up finding the issue. Forgot to post back here.

Service principal Auth only works for some actions on the partner portal API. Others require user OAuth.

See the first bullerlt point on the link below: https://learn.microsoft.com/en-us/partner-center/developer/partner-center-authentication