Adam-it
commented
4 months ago Thank you @BrainSlugs83 for bringing it up. We will look into it ASAP.
Closed BrainSlugs83 closed 4 months ago
Adam-it
commented
4 months ago Thank you @BrainSlugs83 for bringing it up. We will look into it ASAP.
milanholemans
commented
4 months ago Thanks for the detailed info @BrainSlugs83, your extra information helps quite a lot! It's always hard to develop stuff for tenants we don't have access to 😊 Changing the login flow for USGov to commercial endpoints is quite easy as far as I can see. However, currently, all Power Automate commands we provide only work with public cloud tenants. If I'm not mistaken, we encountered some issues to make it work for non-public clouds, or we couldn't find the right endpoint (https://github.com/pnp/cli-microsoft365/issues/1931).
Since currently we're not supporting Power Automate commands for non-public clouds, it might be a good idea to create a separate issue for this and keep this issue to fix the login issue.
Let's involve @waldekmastykarz in this thread since he worked on the non-public support a few months ago.
Adam-it
commented
4 months ago thanks @milanholemans for the clarify about the Power Automate commands. I had a quick check in code and it seems we might be doing it wrong for the login command as well.
it seems for any of the USGov... CloudType we use the same AzureCloudInstance which in this case is AzureUsGovernment but as pointed out we for the USGov we should be using AzurePublic
due to that, we get
which I think is the problem
waldekmastykarz
commented
4 months ago Thank you for bringing this to our attention @BrainSlugs83 and sharing the additional information about GCC. Like @Adam-it pointed out, it's a bug on our end. We'll get this fixed asap. Sorry for the trouble.
waldekmastykarz
commented
4 months ago As for lack of support for non-public clouds for Power Platform commands, it's currently by-design, and we're tracking it in here: https://github.com/pnp/cli-microsoft365/issues/4746
Adam-it
commented
4 months ago @BrainSlugs83 we've just released a new beta release with a fix to the login command that should solve your case. May I kindly ask you to double check and let us know it is ok now? Thanks for using CLI for Microsoft 365 and for helping us improve it. You Rock 🤩 Cheers 👍
BrainSlugs83
commented
4 months ago Sure, I'll check it out tomorrow. Sorry for the delay.
BrainSlugs83
commented
4 months ago @BrainSlugs83 we've just released a new beta release with a fix to the login command that should solve your case. May I kindly ask you to double check and let us know it is ok now? Thanks for using CLI for Microsoft 365 and for helping us improve it. You Rock 🤩 Cheers 👍
Well, the login to my USGov account is working now -- but without #4746, I'm not really able to test anything beyond the login.
milanholemans
commented
4 months ago If you could post your findings on how to obtain power automate flows on USGov tenants on that issue, that would be helpful.
Priority
(Urgent) I can't use the CLI
Description
If I login without specifying the cloud to my GCC Low / USGov Cloud tenant, the login succeeds. But when I try something like
m365 flow list -e <env GUID>I get the following error:If I try to login specifying the cloud via
m365 login --cloud UsGovthe login fails saying it can't find my account.This leads me to believe it's using the USGov high end points to authenticate, and not the commercial endpoints.
Because GCC Low uses Commercial endpoints for authentication; Please see the diagram below for more info:
Steps to reproduce
Try to login to a GCC Low environment and list the flows -- notice that the --cloud USGov option does not work and is behaving as if it's a GCC High login.
Expected results
GCC Low should use the regular commercial endpoints to login (i.e.
https://login.microsoftonline.com/{{TenantId}}/oauth2/v2.0/tokenwith scopes such ashttps://gov.service.flow.microsoft.us//.default) , and still be able to query for the list of flows viahttps://gov.api.flow.microsoft.us/providers/Microsoft.ProcessSimple/environments/{{envId}}/flows/, etc.Actual results
Can't login to GCC Low -- Can't list flows when logged in as commercial.
Diagnostics
You can see here it's directing us to use https://microsoft.com/deviceloginus -- but for GCC Low it should be doing a regular devicelogin.
The difference between GCC and commercial is that the scopes are different. The APIs are all at .us locations, but we login with Commercial Azure AD.
CLI for Microsoft 365 version
v7.9.0
nodejs version
v20.14.0
Operating system (environment)
Windows
Shell
PowerShell
cli doctor
{ "os": { "platform": "win32", "version": "Windows 11 Enterprise", "release": "10.0.22631" }, "cliVersion": "7.9.0", "nodeVersion": "v20.14.0", "cliAadAppId": "31359c7f-bd7e-475c-86db-fdb8c937548e", "cliAadAppTenant": "common", "authMode": "DeviceCode", "cliEnvironment": "", "cliConfig": {}, "roles": [], "scopes": { "https://graph.microsoft.com": [ "AllSites.FullControl", "AppCatalog.ReadWrite.All", "ChannelMember.ReadWrite.All", "ChannelMessage.Send", "ChannelSettings.ReadWrite.All", "Directory.AccessAsUser.All", "Directory.ReadWrite.All", "Group.ReadWrite.All", "IdentityProvider.ReadWrite.All", "Mail.ReadWrite", "Mail.Send", "Policy.Read.All", "Reports.Read.All", "Tasks.ReadWrite", "Team.Create", "TeamMember.ReadWrite.All", "TeamsApp.ReadWrite.All", "TeamsAppInstallation.ReadWriteForUser", "TeamSettings.ReadWrite.All", "TeamsTab.ReadWrite.All", "TermStore.ReadWrite.All", "User.Invite.All", "User.ReadWrite.All", "profile", "openid", "email" ], "https://management.azure.com/": [ "user_impersonation" ] } }
Additional Info
Let me know if you need me to test a specific build or something. -- As-is, I can't use this on my customer's GCC tenant. -- I can share a login flow that works using Postman if it helps.