search

microsoft / Partner-Center-PowerShell

PowerShell module for managing Partner Center resources.
https://docs.microsoft.com/powershell/partnercenter/
MIT License
130 stars 59 forks source link

Error using refresh token to get access token : New-PartnerAccessToken : AADSTS700007: The grant was issued for a different client id #419

Closed mkraibt closed 8 months ago

mkraibt commented 9 months ago

Steps to reproduce

$applicationId= 'xxxx-xxxx-xxxx-xxxx'
 #App Secret ID and Value Provided Here
$credential = Get-Credential  
#Directory (tenant) ID from APP Overview
$tenant = 'yyyy-yyyy-yyyy-yyyy'
$scope = 'https://api.partnercenter.microsoft.com/user_impersonation'

$token = New-PartnerAccessToken -ApplicationId  $applicationId -Scopes  $scope -ServicePrincipal -Credential $credential -Tenant $tenant -UseAuthorizationCode

It works till this point and I get both the AccessToken and a RefreshToken. I can use the AccessToken to connect to the Partner Center and all command works fine. The issue arose when I used the RefreshToken to get a new AccessToken

$newToken = New-PartnerAccessToken -ApplicationId  $applicationId -Scopes  $scope -ServicePrincipal -Credential $credential -Tenant $tenant -RefreshToken $token.RefreshToken

The error comes up as

New-PartnerAccessToken : AADSTS700007: The grant was issued for a different client id. Trace ID: 2917c15e-6c7.. Correlation ID: 7f320e16-4297-4... Timestamp: 2023-11-29 06:26:32Z
At line:1 char:13
+ $newToken = New-PartnerAccessToken -ApplicationId 'xxxx-xxxx-xxxx-xx ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-PartnerAccessToken], MsalServiceException
    + FullyQualifiedErrorId : Microsoft.Store.PartnerCenter.PowerShell.Commands.NewPartnerAccessToken

Expected behavior

Requesting new AccessToken using RefreshToekn should return same as it did using -UseAuthorizationCode

Actual behavior

Error as I am using the same app id, tenant id, secrets

`New-PartnerAccessToken : AADSTS700007: The grant was issued for a different client id. Trace ID: 2917c15e-6c7.. Correlation ID: 7f320e16-4297-4... Timestamp: 2023-11-29 06:26:32Z

Environment

PS C:\WINDOWS\system32> $PSVersionTable

Name                           Value                                                                                                                                                                                                     
----                           -----                                                                                                                                                                                                     
PSVersion                      5.1.22621.2506                                                                                                                                                                                            
PSEdition                      Desktop                                                                                                                                                                                                   
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                                   
BuildVersion                   10.0.22621.2506                                                                                                                                                                                           
CLRVersion                     4.0.30319.42000                                                                                                                                                                                           
WSManStackVersion              3.0                                                                                                                                                                                                       
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                       
SerializationVersion           1.1.0.1      

PS C:\WINDOWS\system32> Get-Module -Name PartnerCenter

ModuleType Version    Name                                ExportedCommands                                                                                                                                                               
---------- -------    ----                                ----------------                                                                                                                                                               
Script     3.0.10     PartnerCenter                       {Add-PartnerCustomerCartLineItem, Add-PartnerCustomerUserRoleMember, Connect-PartnerCenter, Disconnect-PartnerCenter...}

Been stuck on this for days and I can't figure it out why this won't work. I doubt it may be an issue at the API endpoint. Has anyone encountered the same issue and been able to overcome it? TIA

mkraibt commented 8 months ago

Fixed. Recreated the app and seems to work now.

mkraibt commented 8 months ago

closing