search

pnp / PnP-PowerShell

SharePoint PnP PowerShell CmdLets
https://pnp.github.io/powershell
Other
985 stars 665 forks source link

Fix ApplyTenantTemplate with AAD App #2944

Closed michael-jensen closed 3 years ago

michael-jensen commented 3 years ago

Type

Related Issues?

Potentially fixes #2861 (as the error message is the same one I originally encountered).

What is in this Pull Request ?

Starting with the 3.24.2008.0 release, the Apply-PnPTenantTemplate cmdlet failed with the error Your template contains artifacts that require an access token. Please provide consent to the PnP Management Shell application first by executing: Connect-PnPOnline -Graph -LaunchBrowser when connected via an AAD App, that has Sites.FullControl.All and TermStore.ReadWrite.All app only permissions.

When stepping through the latest code (both PnP.Core and PnP.PowerShell), and comparing it to the 3.23.2007.1 release code I noticed the GetAccessToken method in Microsoft.SharePoint.Client.Client.ClientContextExtensions had added the following condition

if (PnPProvisioningContext.Current != null)
{
    accessToken = PnPProvisioningContext.Current.AcquireToken(new Uri(clientContext.Url).Authority, null);
}

which now took the code through the ApplyTenantTemplate's PnPProvisioningContext delegate method, which currently only supports a graph endpoint or being connected via the legacy credentials approach. This meant that any template that required a call to an SPO REST API would fall into the condition where the PSInvalidOperationException would be thrown (the error message is a little different in the latest code).

This PR adds a condition to support a .sharepoint.com resource in that delegate method while connected via an AAD App.

michael-jensen commented 3 years ago

@erwinvanhunen @KoenZomers please let me know if you have any questions/concerns about this PR, as Apply-PnPTenantTemplate stopped working in the 3.24.2008.0 release for connections via an App Only AAD app and this PR provides one way to address this.

valpvt commented 3 years ago

Please accept this PR, the issue is there for many months now and forces us to work with PnP version 3.23.2007.1 (July release) 👎

adzero commented 3 years ago

Get-PnPTenantTemplate seems to be also affected by this problem.

I'm beginning to build some tools to provision on-demand SharePoint sites on my company's tenant but all thses commands seems to be affected by quite annoying bugs.

michael-jensen commented 3 years ago

@KoenZomers @erwinvanhunen any chance this PR will get approved in time for the November release?

erwinvanhunen commented 3 years ago

Hi. There will be likely a very late November release, alternatively we will skip November due to me having covid-19. When I'm back on my feet things will continue again.

michael-jensen commented 3 years ago

Oh no - please take care of yourself @erwinvanhunen

balle3201 commented 3 years ago

Might very well be related to this issue as well

2861

valpvt commented 3 years ago

@erwinvanhunen I hope you are OK, can you tell us if you plan to port this PR in a 3.28.2012.1 release or do we have to wait again for v3.29.xx ? Thanks

erwinvanhunen commented 3 years ago

Thank you! Your PR made it to last release we will do in January 2021. I also ported it to the new version of PnP PowerShell.

balle3201 commented 3 years ago

Hi. @erwinvanhunen, the issue still applies when running Apply-PnPProvisioningTemplate with AAD App running on latest version, 3.28.2012.1. :-( Until this is fixed it is not possible to apply PnP-Templates unless we're using version 3.23.2007.1 or older.

Related issue: #2861