search

microsoftgraph / msgraph-sdk-powershell

Powershell SDK for Microsoft Graph
https://www.powershellgallery.com/packages/Microsoft.Graph
Other
677 stars 157 forks source link

Set-MgApplicationVerifiedPublisher Status: 403 (Forbidden) ErrorCode: UnknownError #2765

Open stas-sultanov opened 1 month ago

stas-sultanov commented 1 month ago

Describe the bug

I am trying to set Application VerfiedPublisherId with powershell and MsGraph. I can set VerifiedPublishelId with request via GraphExplorer but can not do the same via PowerShell script. I definitely have all the permissions.

Expected behavior

204 Command executed and verified publisher is set.

How to reproduce

$body = @{ VerifiedPublisherId = $desiredState.VerifiedPublisher.VerifiedPublisherId }

Set-MgApplicationVerifiedPublisher -ApplicationId $application.Id -BodyParameter $body;

SDK Version

2.19.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: POST Absolute Uri: https://graph.microsoft.com/v1.0/applications/45385439-4846-49bf-911b-d2540b79bd43/microsoft.graph.setVerifiedPublisher Headers: FeatureFlag : 00000043 Cache-Control : no-store, no-cache User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631; en-GB),PowerShell/2024.2.2 Accept-Encoding : gzip SdkVersion : graph-powershell/2.19.0 client-request-id : acdb195d-1ee9-43ae-812c-d48f8fa165bc Body: { "verifiedPublisherId": "6838492" } DEBUG: ============================ HTTP RESPONSE ============================ Status Code: Forbidden Headers: Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : dd6961b8-3ddc-4af1-b593-f622d8e4d0a3 client-request-id : acdb195d-1ee9-43ae-812c-d48f8fa165bc x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Sweden Central","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"GV2PEPF00000EA7"}} Date : Thu, 30 May 2024 07:56:34 GMT Body: { "error": { "code": "UnknownError", "message": "", "innerError": { "date": "2024-05-30T07:56:34", "request-id": "dd6961b8-3ddc-4af1-b593-f622d8e4d0a3", "client-request-id": "acdb195d-1ee9-43ae-812c-d48f8fa165bc" } } } ```

Configuration

Windows 11 x64

Other information

No response

petrhollayms commented 1 month ago

Hi @stas-sultanov ,

How do you authenticate in your code, could you please share the code snipped and log output? Could you also please check that the permissions are set correctly by using Get-MgContext cmdlet?

Also, are you setting the publisher for the same app registration in Graph Explorer and PowerShell SDK? Are you sure all requirements for setting the publisher have been met? https://learn.microsoft.com/en-us/entra/identity-platform/publisher-verification-overview#requirements

stas-sultanov commented 1 month ago

@petrhollayms, the thing is that I can manage all aspects of application registration like CRUD, except set VerifiedPublisher

this is how I connect to MgGraph

Connect-AzAccount -Environment AzureCloud -Tenant 'XXXXX'

# get access token
$accessToken = (Get-AzAccessToken -ResourceTypeName MSGraph).Token | ConvertTo-SecureString -AsPlainText -Force;

......

# connect to Graph
Connect-MgGraph -AccessToken $accessToken -NoWelcome;

this is the result of Get-MgContext

ClientId               : 1950a258-227b-4e31-a9cf-717495945fc2
TenantId               : XXXXX
Scopes                 : {AuditLog.Read.All, Directory.AccessAsUser.All, email, offline_access…}
AuthType               : UserProvidedAccessToken
TokenCredentialType    : UserProvidedAccessToken
CertificateThumbprint  : 
CertificateSubjectName : 
SendCertificateChain   : False
Account                : stas@XXXXX
AppName                : Microsoft Azure PowerShell
ContextScope           : Process
Certificate            : 
PSHostVersion          : 2024.2.2
ManagedIdentityId      : 
ClientSecret           : 
Environment            : Global
stas-sultanov commented 1 month ago

@petrhollayms , I can set VerifiedPublisherId via GraphExplorer or by hand via Portal. but not with my script.

Unfortunately, I receive "code": "UnknownError" which gives 0 understanding about what the issue is.

petrhollayms commented 1 month ago

Hi @stas-sultanov ,

Thank you for the confirmation, we will look into it.

timayabi2020 commented 2 weeks ago

@stas-sultanov is it possible to add -Debug parameter and share the output?

stas-sultanov commented 2 weeks ago

@timayabi2020 , I did this. the output attached to the initial message in Debug section.