Closed michael-jensen closed 3 years ago
@erwinvanhunen @KoenZomers please let me know if you have any questions/concerns about this PR, as Apply-PnPTenantTemplate stopped working in the 3.24.2008.0 release for connections via an App Only AAD app and this PR provides one way to address this.
Please accept this PR, the issue is there for many months now and forces us to work with PnP version 3.23.2007.1 (July release) 👎
Get-PnPTenantTemplate seems to be also affected by this problem.
I'm beginning to build some tools to provision on-demand SharePoint sites on my company's tenant but all thses commands seems to be affected by quite annoying bugs.
@KoenZomers @erwinvanhunen any chance this PR will get approved in time for the November release?
Hi. There will be likely a very late November release, alternatively we will skip November due to me having covid-19. When I'm back on my feet things will continue again.
Oh no - please take care of yourself @erwinvanhunen
Might very well be related to this issue as well
@erwinvanhunen I hope you are OK, can you tell us if you plan to port this PR in a 3.28.2012.1 release or do we have to wait again for v3.29.xx ? Thanks
Thank you! Your PR made it to last release we will do in January 2021. I also ported it to the new version of PnP PowerShell.
Hi. @erwinvanhunen, the issue still applies when running Apply-PnPProvisioningTemplate with AAD App running on latest version, 3.28.2012.1. :-( Until this is fixed it is not possible to apply PnP-Templates unless we're using version 3.23.2007.1 or older.
Related issue: #2861
Type
Related Issues?
Potentially fixes #2861 (as the error message is the same one I originally encountered).
What is in this Pull Request ?
Starting with the 3.24.2008.0 release, the Apply-PnPTenantTemplate cmdlet failed with the error Your template contains artifacts that require an access token. Please provide consent to the PnP Management Shell application first by executing: Connect-PnPOnline -Graph -LaunchBrowser when connected via an AAD App, that has Sites.FullControl.All and TermStore.ReadWrite.All app only permissions.
When stepping through the latest code (both PnP.Core and PnP.PowerShell), and comparing it to the 3.23.2007.1 release code I noticed the GetAccessToken method in Microsoft.SharePoint.Client.Client.ClientContextExtensions had added the following condition
which now took the code through the ApplyTenantTemplate's PnPProvisioningContext delegate method, which currently only supports a graph endpoint or being connected via the legacy credentials approach. This meant that any template that required a call to an SPO REST API would fall into the condition where the PSInvalidOperationException would be thrown (the error message is a little different in the latest code).
This PR adds a condition to support a.sharepoint.com resource in that delegate method while connected via an AAD App.