Closed pmatthews05 closed 4 years ago
You're correct. This has to do with the fact that we changed the underlying authentication methods to follow Microsoft recommended approaches. While we investigate this, maybe you can consider using Invoke-PnPSPRestMethod?
Invoke-PnPSPRestMethod -Method Get -Url "/_api/web"
Having said the above: I just reverted myself to version 3.18.2002.0 but I fail to retrieve an access token using Get-PnPAccessToken with that installation if I use -UseWebLogin. This kinda makes sense, as using -UseWebLogin does not use an access token based auth, but a cookie based authentication.
As you most likely use -UseWebLogin because you have MFA enabled, consider using:
Connect-PnPOnline -Url https://yourtenant.sharepoint.com/sites/yoursite -PnPO365ManagementShell
Hi @erwinvanhunen , It's very strange, I did have it working with version 3.18.2002.0, but after downgrading and then tried to replicate it again to give you screenshot, I too got the same issue where I couldn't grab an accessToken.
The good thing is, after upgrading to the latest version, and trying your suggestion of Invoke-PnPSPRestMethod I was able to make the calls I wanted to make.
Although this would probably be a seperate issue/bug I did find that Invoke-PnPSPRestMethod is case sensitive with the Site URL. For example if I connected to my site
Connect-PnPOnline -Url https://yourtenant.sharepoint.com/sites/yoursite -useweblogin
$body = "{'Title':'Test'}"
Invoke-PnPSPRestMethod -Method Post -Url "/_api/web/lists/GetByTitle('Test')/items" -Content $body
If the URL is actually https://yourtenant.sharepoint.com/sites/YourSite with capitals in the alias then the Invoke-PnPSPRestMethod gave me an Access denied error message. I was able to work around this by doing
Connect-PnPOnline -Url https://yourtenant.sharepoint.com/sites/yoursite -useweblogin
$body = "{'Title':'Test'}"
$siteUrl = (Get-PnPSite).Url
$apiCall = $siteUrl + "/_api/web/lists/GetByTitle('Test')/items"
Invoke-PnPSPRestMethod -Method Post -Url $apiCall -Content $body
The last issue you posted has to most likely to with the fact that -UseWebLogin uses a cookie based upon the URL. We take the URL you entered with the Url parameter to connect to SharePoint and as a result that cookie gets stored for that URL. When we then subsequently make a REST request, we retrieve that cookie, and insert it in the request. However, the cookie was issued for the Url with the upper case Site title, whereas the REST request was made against the lowercase URL (we retrieve the URL in the Invoke-PnPSPRestMethod from the context that is being returned from the server). I'll investigate and see if we can fix that in a later release (by forcibly lowercasing the URL before we launch the weblogin flow)
It will be fixed in the August release.
Reporting an Issue or Missing Feature
When connecting to SharePoint using Connect-PnpOnline -url:https://site.sharepoint.com -UseWebLogin, after logging in successfully, a previous version of PNP Powershell (3.18.2002.0 worked) when calling Get-PnpAccessToken use to provide you with an access token that you could use in REST Queries to SharePoint.
I understand that Get-PnPAccessToken has been made obsolete, and should be using Get-PnPGrahAccessToken instead, however neither give me an AccessToken when using -UseWeblogin.
Expected behavior
Should be able to login using -UseWebLogin and get my AccessToken for SharePoint. This still works if using ClientID and Certificate.
Actual behavior
Get an error message:
This error message does indicate that Get-PNPAccess token only works with -ClientId or -Scopes. So is there another way to get my AccessToken in code using PNP when logging in with -useweblogin? As it used to work, and now it's breaking change.
Steps to reproduce behavior
Which version of the PnP-PowerShell Cmdlets are you using?
What is the version of the Cmdlet module you are running?
3.23.2007.0
How did you install the PnP-PowerShell Cmdlets?