Environment variable based auth no longer functioning in 2.9.0 (Connect-MgGraph -EnvironmentVariable)

[tehmichael]

Describe the bug When trying to use Connect-MgGraph -Environment USGov -EnvironmentVariable, I receive this error:

This is working in 2.8.0.

To Reproduce Define the three needed environment variables and execute Connect-MgGraph with the -EnvironmentVariable switch.

$Env:AZURE_CLIENT_ID 
$Env:AZURE_TENANT_ID 
$Env:AZURE_CLIENT_SECRET
Connect-MgGraph -Environment USGov -EnvironmentVariable

Expected behavior I expect Connect-MgGraph to succeed and a connect to be established.

Debug Output

> Connect-MgGraph -Environment USGov -EnvironmentVariable -Debug
DEBUG: EnvironmentCredential.GetToken invoked. Scopes: [ https://graph.microsoft.us/.default ] ParentRequestId:
DEBUG: ClientSecretCredential.GetToken invoked. Scopes: [ https://graph.microsoft.us/.default ] ParentRequestId:
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] MSAL MSAL.NetCore with assembly version '4.56.0.0'. CorrelationId(df29ae4d-20fd-4463-aca8-053265dab90d)
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d]
=== Request Data ===
Authority Provided? - True
Scopes - https://graph.microsoft.us/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - df29ae4d-20fd-4463-aca8-053265dab90d
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] === Token Acquisition (ClientCredentialRequest) started:
         Scopes: https://graph.microsoft.us/.default
        Authority Host: login.microsoftonline.us
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] The current authority is targeting the /common or /organizations endpoint which is not recommended. See https://aka.ms/msal-net-client-credentials for more details.
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] [Region discovery] Not using a regional authority.
DEBUG: Request [3cfb2123-ab70-433d-99fd-78a5fdf49154] POST https://login.microsoftonline.us/common/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:3cfb2123-ab70-433d-99fd-78a5fdf49154
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.10.3 (.NET 7.0.13; Microsoft Windows 10.0.22631)
client assembly: Azure.Identity
DEBUG: Error response [3cfb2123-ab70-433d-99fd-78a5fdf49154] 400 Bad Request (00.1s)
Cache-Control:no-store, no-cache
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:9ea3c34f-c784-4464-a31b-b66747d46f00
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Wed, 15 Nov 2023 21:06:40 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:459

DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] Response status code does not indicate success: 400 (BadRequest).
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] Request retry failed.
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] HttpStatusCode: 400: BadRequest
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] === Token Acquisition (1004) failed.
        Host: login.microsoftonline.us.
DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: invalid_request
HTTP StatusCode 400
CorrelationId df29ae4d-20fd-4463-aca8-053265dab90d

DEBUG: False MSAL 4.56.0.0 MSAL.NetCore .NET 7.0.13 Microsoft Windows 10.0.22631 [2023-11-15 21:06:40Z - df29ae4d-20fd-4463-aca8-053265dab90d] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: invalid_request
HTTP StatusCode 400
CorrelationId df29ae4d-20fd-4463-aca8-053265dab90d

   at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders, Func`2 onBeforePostRequestData)
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.GetTokenAsync(Uri endPoint, RequestContext requestContext, Boolean addCommonHeaders, Func`2 onBeforePostRequestHandler)
   at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
   at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
   at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary`2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(IDictionary`2 additionalBodyParameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
DEBUG: ClientSecretCredential.GetToken was unable to retrieve an access token. Scopes: [ https://graph.microsoft.us/.default ] ParentRequestId:  Exception: Azure.Identity.AuthenticationFailedException (0x80131500): ClientSecretCredential authentication failed: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 9ea3c34f-c784-4464-a31b-b66747d46f00 Correlation ID: df29ae4d-20fd-4463-aca8-053265dab90d Timestamp: 2023-11-15 21:06:40Z
 ---> Microsoft.Identity.Client.MsalServiceException (0x80131500): AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 9ea3c34f-c784-4464-a31b-b66747d46f00 Correlation ID: df29ae4d-20fd-4463-aca8-053265dab90d Timestamp: 2023-11-15 21:06:40Z
DEBUG: EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://graph.microsoft.us/.default ] ParentRequestId:  Exception: Azure.Identity.AuthenticationFailedException (0x80131500): ClientSecretCredential authentication failed: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 9ea3c34f-c784-4464-a31b-b66747d46f00 Correlation ID: df29ae4d-20fd-4463-aca8-053265dab90d Timestamp: 2023-11-15 21:06:40Z
 ---> Microsoft.Identity.Client.MsalServiceException (0x80131500): AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 9ea3c34f-c784-4464-a31b-b66747d46f00 Correlation ID: df29ae4d-20fd-4463-aca8-053265dab90d Timestamp: 2023-11-15 21:06:40Z
Connect-MgGraph: ClientSecretCredential authentication failed: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 9ea3c34f-c784-4464-a31b-b66747d46f00 Correlation ID: df29ae4d-20fd-4463-aca8-053265dab90d Timestamp: 2023-11-15 21:06:40Z

Module Version

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Manifest   2.9.0                 Microsoft.Graph                     Core,Desk
Script     2.9.0                 Microsoft.Graph.Applications        Core,Desk {Add-MgApplicationKey, Add-MgApplicatio…
Script     2.9.0                 Microsoft.Graph.Authentication      Core,Desk {Connect-MgGraph, Disconnect-MgGraph, G…
Manifest   2.9.0                 Microsoft.Graph.Beta                Core,Desk
Script     2.9.0                 Microsoft.Graph.Beta.Applications   Core,Desk {Add-MgBetaApplicationKey, Add-MgBetaAp…
Script     2.9.0                 Microsoft.Graph.Beta.Bookings       Core,Desk {Get-MgBetaBookingBusiness, Get-MgBetaB…
Script     2.9.0                 Microsoft.Graph.Beta.Calendar       Core,Desk {Get-MgBetaGroupCalendar, Get-MgBetaGro…
Script     2.9.0                 Microsoft.Graph.Beta.ChangeNotific… Core,Desk {Get-MgBetaSubscription, Invoke-MgBetaR…
Script     2.9.0                 Microsoft.Graph.Beta.CloudCommunic… Core,Desk {Add-MgBetaCommunicationCallLargeGaller…
Script     2.9.0                 Microsoft.Graph.Beta.Compliance     Core,Desk {Add-MgBetaComplianceEdiscoveryCaseCust…
Script     2.9.0                 Microsoft.Graph.Beta.CrossDeviceEx… Core,Desk {Get-MgBetaUserActivity, Get-MgBetaUser…
Script     2.9.0                 Microsoft.Graph.Beta.DeviceManagem… Core,Desk {Get-MgBetaAdminEdge, Get-MgBetaAdminEd…
Script     2.9.0                 Microsoft.Graph.Beta.DeviceManagem… Core,Desk {Add-MgBetaDeviceManagementAndroidManag…
Script     2.9.0                 Microsoft.Graph.Beta.DeviceManagem… Core,Desk {Get-MgBetaDeviceManagementApplePushNot…
Script     2.9.0                 Microsoft.Graph.Beta.DeviceManagem… Core,Desk {Get-MgBetaDeviceManagementAndroidDevic…
Script     2.9.0                 Microsoft.Graph.Beta.DeviceManagem… Core,Desk {Compare-MgBetaDeviceManagementIntent, …
Script     2.9.0                 Microsoft.Graph.Beta.Devices.Cloud… Core,Desk {Get-MgBetaPrint, Get-MgBetaPrintConnec…
Script     2.9.0                 Microsoft.Graph.Beta.Devices.Corpo… Core,Desk {Clear-MgBetaDeviceAppManagementWindows…
Script     2.9.0                 Microsoft.Graph.Beta.Devices.Servi… Core,Desk {Get-MgBetaServiceAnnouncementHealthOve…
Script     2.9.0                 Microsoft.Graph.Beta.DirectoryObje… Core,Desk {Confirm-MgBetaDirectoryObjectMemberGro…
Script     2.9.0                 Microsoft.Graph.Beta.Education      Core,Desk {Get-MgBetaEducationClass, Get-MgBetaEd…
Script     2.9.0                 Microsoft.Graph.Beta.Files          Core,Desk {Add-MgBetaDriveListContentTypeCopy, Ad…
Script     2.9.0                 Microsoft.Graph.Beta.Financials     Core,Desk {Get-MgBetaFinancial, Get-MgBetaFinanci…
Script     2.9.0                 Microsoft.Graph.Beta.Groups         Core,Desk {Add-MgBetaGroupDriveListContentTypeCop…
Script     2.9.0                 Microsoft.Graph.Beta.Identity.Dire… Core,Desk {Add-MgBetaTenantRelationshipManagedTen…
Script     2.9.0                 Microsoft.Graph.Beta.Identity.Gove… Core,Desk {Add-MgBetaAccessReviewDecision, Add-Mg…
Script     2.9.0                 Microsoft.Graph.Beta.Identity.Part… Core,Desk {Get-MgBetaTenantRelationshipDelegatedA…
Script     2.9.0                 Microsoft.Graph.Beta.Identity.Sign… Core,Desk {Confirm-MgBetaInformationProtectionSig…
Script     2.9.0                 Microsoft.Graph.Beta.Mail           Core,Desk {Get-MgBetaUserInferenceClassification,…
Script     2.9.0                 Microsoft.Graph.Beta.ManagedTenants Core,Desk {Get-MgBetaTenantRelationshipManagedTen…
Script     2.9.0                 Microsoft.Graph.Beta.Notes          Core,Desk {Get-MgBetaGroupOnenoteNotebook, Get-Mg…
Script     2.9.0                 Microsoft.Graph.Beta.People         Core,Desk {Get-MgBetaUserActivityStatistics, Get-…
Script     2.9.0                 Microsoft.Graph.Beta.PersonalConta… Core,Desk {Get-MgBetaUserContact, Get-MgBetaUserC…
Script     2.9.0                 Microsoft.Graph.Beta.Planner        Core,Desk {Get-MgBetaGroupPlanner, Get-MgBetaGrou…
Script     2.9.0                 Microsoft.Graph.Beta.Reports        Core,Desk {Confirm-MgBetaAuditLogSignInCompromise…
Script     2.9.0                 Microsoft.Graph.Beta.SchemaExtensi… Core,Desk {Get-MgBetaSchemaExtension, Get-MgBetaS…
Script     2.9.0                 Microsoft.Graph.Beta.Search         Core,Desk {Add-MgBetaExternalConnectionItemActivi…
Script     2.9.0                 Microsoft.Graph.Beta.Security       Core,Desk {Add-MgBetaSecurityCaseEdiscoveryCaseCu…
Script     2.9.0                 Microsoft.Graph.Beta.Sites          Core,Desk {Add-MgBetaSite, Add-MgBetaSiteContentT…
Script     2.9.0                 Microsoft.Graph.Beta.Teams          Core,Desk {Add-MgBetaChatMember, Add-MgBetaTeamCh…
Script     2.9.0                 Microsoft.Graph.Beta.Users          Core,Desk {Get-MgBetaUser, Get-MgBetaUserAppRoleA…
Script     2.9.0                 Microsoft.Graph.Beta.Users.Actions  Core,Desk {Add-MgBetaUserChatMember, Add-MgBetaUs…
Script     2.9.0                 Microsoft.Graph.Beta.Users.Functio… Core,Desk {Export-MgBetaUserDeviceAndAppManagemen…
Script     2.9.0                 Microsoft.Graph.Beta.WindowsUpdates Core,Desk {Add-MgBetaWindowsUpdatesDeploymentAudi…
Script     2.9.0                 Microsoft.Graph.Bookings            Core,Desk {Get-MgBookingBusiness, Get-MgBookingBu…
Script     2.9.0                 Microsoft.Graph.Calendar            Core,Desk {Get-MgGroupCalendar, Get-MgGroupCalend…
Script     2.9.0                 Microsoft.Graph.ChangeNotifications Core,Desk {Get-MgSubscription, Invoke-MgReauthori…
Script     2.9.0                 Microsoft.Graph.CloudCommunications Core,Desk {Add-MgCommunicationCallLargeGalleryVie…
Script     2.9.0                 Microsoft.Graph.Compliance          Core,Desk {Get-MgCompliance, Get-MgPrivacySubject…
Script     2.9.0                 Microsoft.Graph.CrossDeviceExperie… Core,Desk {Get-MgUserActivity, Get-MgUserActivity…
Script     2.9.0                 Microsoft.Graph.DeviceManagement    Core,Desk {Get-MgAdminEdge, Get-MgAdminEdgeIntern…
Script     2.9.0                 Microsoft.Graph.DeviceManagement.A… Core,Desk {Clear-MgDeviceManagementManagedDevice,…
Script     2.9.0                 Microsoft.Graph.DeviceManagement.A… Core,Desk {Get-MgDeviceManagementApplePushNotific…
Script     2.9.0                 Microsoft.Graph.DeviceManagement.E… Core,Desk {Get-MgDeviceManagementConditionalAcces…
Script     2.9.0                 Microsoft.Graph.DeviceManagement.F… Core,Desk {Confirm-MgDeviceManagementWindowsEnrol…
Script     2.9.0                 Microsoft.Graph.Devices.CloudPrint  Core,Desk {Get-MgPrint, Get-MgPrintConnector, Get…
Script     2.9.0                 Microsoft.Graph.Devices.CorporateM… Core,Desk {Get-MgDeviceAppManagement, Get-MgDevic…
Script     2.9.0                 Microsoft.Graph.Devices.ServiceAnn… Core,Desk {Get-MgServiceAnnouncementHealthOvervie…
Script     2.9.0                 Microsoft.Graph.DirectoryObjects    Core,Desk {Confirm-MgDirectoryObjectMemberGroup, …
Script     2.9.0                 Microsoft.Graph.Education           Core,Desk {Get-MgEducationClass, Get-MgEducationC…
Script     2.9.0                 Microsoft.Graph.Files               Core,Desk {Add-MgDriveListContentTypeCopy, Add-Mg…
Script     2.9.0                 Microsoft.Graph.Groups              Core,Desk {Add-MgGroupDriveListContentTypeCopy, A…
Script     2.9.0                 Microsoft.Graph.Identity.Directory… Core,Desk {Confirm-MgContactMemberGroup, Confirm-…
Script     2.9.0                 Microsoft.Graph.Identity.Governance Core,Desk {Add-MgIdentityGovernanceAccessReviewDe…
Script     2.9.0                 Microsoft.Graph.Identity.Partner    Core,Desk {Get-MgTenantRelationshipDelegatedAdmin…
Script     2.9.0                 Microsoft.Graph.Identity.SignIns    Core,Desk {Confirm-MgRiskyServicePrincipalComprom…
Script     2.9.0                 Microsoft.Graph.Mail                Core,Desk {Get-MgUserInferenceClassification, Get…
Script     2.9.0                 Microsoft.Graph.Notes               Core,Desk {Get-MgGroupOnenoteNotebook, Get-MgGrou…
Script     2.9.0                 Microsoft.Graph.People              Core,Desk {Get-MgUserLastSharedMethodInsight, Get…
Script     2.9.0                 Microsoft.Graph.PersonalContacts    Core,Desk {Get-MgUserContact, Get-MgUserContactCo…
Script     2.9.0                 Microsoft.Graph.Planner             Core,Desk {Get-MgGroupPlanner, Get-MgGroupPlanner…
Script     2.9.0                 Microsoft.Graph.Reports             Core,Desk {Get-MgAuditLogDirectoryAudit, Get-MgAu…
Script     2.9.0                 Microsoft.Graph.SchemaExtensions    Core,Desk {Get-MgSchemaExtension, Get-MgSchemaExt…
Script     2.9.0                 Microsoft.Graph.Search              Core,Desk {Add-MgExternalConnectionItemActivity, …
Script     2.9.0                 Microsoft.Graph.Security            Core,Desk {Add-MgSecurityCaseEdiscoveryCaseCustod…
Script     2.9.0                 Microsoft.Graph.Sites               Core,Desk {Add-MgSite, Add-MgSiteContentTypeCopy,…
Script     2.9.0                 Microsoft.Graph.Teams               Core,Desk {Add-MgChatMember, Add-MgTeamChannelMem…
Script     2.9.0                 Microsoft.Graph.Users               Core,Desk {Get-MgUser, Get-MgUserCount, Get-MgUse…
Script     2.9.0                 Microsoft.Graph.Users.Actions       Core,Desk {Add-MgUserChatMember, Add-MgUserDriveL…
Script     2.9.0                 Microsoft.Graph.Users.Functions     Core,Desk {Export-MgUserDeviceAndAppManagementDat…

Environment Data

Name                           Value
----                           -----
PSVersion                      7.3.9
PSEdition                      Core
GitCommitId                    7.3.9
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

[timayabi2020]

Closing this because it's a duplicate of https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2439

[tehmichael]

Hey @timayabi2020 , I'm not seeing how this is 1:1 related to the other case. While the result is the same (not connecting), we're showing different errors. Using the exact same environment variables in 2.8.0 will succeed in connecting.

Thank you!