Not able to execute any PnP related commands after connecting to SPO site using app id and app secret

[ymihir]

I want to execute Get-PnPProvisioningTemplate command. For this first I am connecting to SPO site using Connect-PnPOnline site by passing AppId and AppSecret. Connection was successful. Then I am executing Get-PnPProvisioningTemplate command and I was ended up with (401) unauthorized error. Then I tried with simple command as Get-PnPList, this also same issue. I gave tenant level full control permissions to the given app id.

I have created a new trial tenant and executed, there also I am getting same issue. If use -UseWebLogin instead of AppId and secret then it is working fine. What is the root cause.

Note: I executed same command 5 months back and it worked like charm. Now giving the issue. What is the reason?

[ghost]

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

[ymihir]

No solution for this?

[fastlaneb]

Hi @ymihir Have you giving your app registration in Azure AD the correct permissions?

[ymihir]

Why azure AD comes here?

[ToddKlindt]

The AppID and AppSecret you're using are for an App Registration. Those are Azure AD functionality. If you to the App Registration blade in Azure AD you should see your App Registration and see what permissions it has.

[fastlaneb]

Hi @ymihir When you use the app secret method to connect you are also using an application registration in Azure AD. This is the "AppId" you are plugging in.

[ymihir]

@fastlaneb, @ToddKlindt App ID created in SharePoint undr appregnew.aspx. I trying to execute with app only policy by applying below permission xml to the app id

<AppPermissionRequests AllowAppOnlyPolicy="true" >
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Why to create azure app registration and what permission to give? Any documentation to refer?

[fastlaneb]

Hi @ymihir If you're explicitly adding the perms via the SharePoint page you reference appregnew.aspx(SharePoint App-Only) I don't believe you have to do anything in the Azure App Reg blade. If you do want to read about Azure AD App-Only for SharePoint you can check it out here: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

[ymihir]

@fastlaneb Earlier it used to work. But from couple of months it stopped working. Not sure why this behavior.

[bmarcos81]

@ymihir using the appregnew page the App Secret expires after one year. You can review that on Azure AD > App Registrations > Search for your AppId > Secrets, you will see there the expiration date. Then you can create a new App Secret.