search

microsoftgraph / msgraph-cli-archived

The Microsoft Graph CLI repository has moved. This repository is now an archive.
https://github.com/microsoftgraph/msgraph-cli
Other
44 stars 9 forks source link

Handle scenario where user consent is disabled for a tenant user #18

Closed MIchaelMainer closed 4 years ago

MIchaelMainer commented 4 years ago

https://github.com/microsoftgraph/msgraph-cli/releases/tag/microsoftgraph.msgraph-cli_main_20200904.13

Run: mg --version

Python (Windows) 3.6.6 (v3.6.6:4cf1f54eb7, Jun 27 2018, 02:47:15) [MSC v.1900 32 bit (Intel)]
Python location 'C:\Program Files (x86)\Microsoft SDKs\Msgraph\CLI\python.exe'

Repro

This occurred on a freshly flattened computer with Windows 10 installed

  1. Download and run the installer on Windows. Note that the installer is not from a trusted source so there are a lot of security checks that have to overridden to install.
  2. Open terminal and run mg login --scopes user.read. Login is successful.
  3. Run mg usersuser list-user. The UI hangs, the command doesn't return, it is not complete, I have to terminate the job.
jobala commented 4 years ago

@MIchaelMainer try out the latest release and let me know if you still can't make requests.

MIchaelMainer commented 4 years ago

I installed the latest MSI release without uninstalling the last.

@jobala Remembered that I shouldn't try to use my work account as user consent is disabled. I used a dev program user, I could make a call. So, really this issue is that we don't handle the results when a tenant doesn't support user consent. I'll rename this issue to represent this.

As another issue, when issuing the call with dev program user, and using the example from the readme, I encountered:

D:\repos> mg login --scopes "user.read, user.readwrite, mail.read"
Logged in successfully
D:\repos> mg usersuser list-user --query "[?userType=='Member'].{name: displayName, email: mail}" --output table
You have insufficient privileges to complete the operation, login with required scopes
jobala commented 4 years ago

@MIchaelMainer

As another issue, when issuing the call with dev program user, and using the example from the readme, I encountered:

For list-user you need the user.read.all scope.

@jobala Remembered that I shouldn't try to use my work account as user consent is disabled.

Not sure what is the issue here, are you saying that using your work account breaks the CLI?

MIchaelMainer commented 4 years ago

Okay, fixed the first issue where the example mg login to support the subsequent mg usersuser list-user with https://github.com/microsoftgraph/msgraph-cli/pull/22.

Strange. I'm getting a different behavior today upon login with my corp account. It is behaving as would be expected with my corp account. Either something transient, or I'm transient.