search

pnp / cli-microsoft365

Manage Microsoft 365 and SharePoint Framework projects on any platform
https://aka.ms/cli-m365
MIT License
920 stars 326 forks source link

Display authentification URL when running "m365 setup" #6332

Open apc005 opened 1 month ago

apc005 commented 1 month ago

Priority

(Low) Something is a little off

Description

When setting up m365 you are required to do an interactive login to create an AppId in Office 365 Tenant. On a headless server this is not easy (you have to install a browser an tunnel a X.Windows session within ssh for example). I suggest the command could print the required URL in the terminal, so that you can copy/paste it in, a local browser

Steps to reproduce

m365 setup, create a new appId in the Tenant

Expected results

Display the URL as well as trying to start the browser

Actual results

Just starts the browser

Diagnostics

No response

CLI for Microsoft 365 version

v9.0.0

nodejs version

v18.19.0

Operating system (environment)

Windows

Shell

bash

cli doctor

No response

Additional Info

No response

Adam-it commented 1 month ago

@apc005 thanks for this suggestion 👍. We will look into it ASAP

dshirk-uci commented 1 month ago

Is there a way for me to formulate the required URL from the error message below? I am attempting to login from a headless installation and getting the following (ID's replaced by xxx):

$ m365 login To sign in, use the web browser that just has been opened. Please sign-in there. node:events:491 throw er; // Unhandled 'error' event ^

Error: spawn xdg-open ENOENT at ChildProcess._handle.onexit (node:internal/child_process:283:19) at onErrorNT (node:internal/child_process:476:16) at process.processTicksAndRejections (node:internal/process/task_queues:82:21) Emitted 'error' event on ChildProcess instance at: at ChildProcess._handle.onexit (node:internal/child_process:289:12) at onErrorNT (node:internal/child_process:476:16) at process.processTicksAndRejections (node:internal/process/task_queues:82:21) { errno: -2, code: 'ENOENT', syscall: 'spawn xdg-open', path: 'xdg-open', spawnargs: [ 'https://login.microsoftonline.com/xxxxx-xxxx-xxxx-xxxx-xxxxxxx/oauth2/authorize?response_type=code&client_id=xxxxxxx-e9d3-xxxx-xxxx-xxxxxxxx&redirect_uri=http://localhost:34891&state=xxxxxxxxxx&resource=https://graph.microsoft.com&prompt=select_account' ] }

milanholemans commented 1 month ago

Is there a way for me to formulate the required URL from the error message below? I am attempting to login from a headless installation and getting the following (ID's replaced by xxx):

$ m365 login To sign in, use the web browser that just has been opened. Please sign-in there. node:events:491 throw er; // Unhandled 'error' event ^

Error: spawn xdg-open ENOENT at ChildProcess._handle.onexit (node:internal/child_process:283:19) at onErrorNT (node:internal/child_process:476:16) at process.processTicksAndRejections (node:internal/process/task_queues:82:21) Emitted 'error' event on ChildProcess instance at: at ChildProcess._handle.onexit (node:internal/child_process:289:12) at onErrorNT (node:internal/child_process:476:16) at process.processTicksAndRejections (node:internal/process/task_queues:82:21) { errno: -2, code: 'ENOENT', syscall: 'spawn xdg-open', path: 'xdg-open', spawnargs: [ 'https://login.microsoftonline.com/xxxxx-xxxx-xxxx-xxxx-xxxxxxx/oauth2/authorize?response_type=code&client_id=xxxxxxx-e9d3-xxxx-xxxx-xxxxxxxx&redirect_uri=http://localhost:34891&state=xxxxxxxxxx&resource=https://graph.microsoft.com&prompt=select_account' ] }

I don't really understand what you're asking. Is it related to this issue?

dshirk-uci commented 1 month ago

Sorry for the confusion. Our installation is on a "headless" linux server with no web browser installed. So, the operation to popup an interactive web browser during the m365 setup and/or login was failing and produced the above error message. I was wondering if there was some manual way to put together a URL that could be copy/pasted into a browser to do the authentication. The error message does show a URL but it did not seem to work when I pasted it into a web browser.

Anyway, as I indicated in the other issue (6333) our installation is working again after manually adding the app registration permissions and doing a m365 login with the appID and tenant ID. So, my comment can be disregarded. Thank you for looking at this.

The feature requested in this ticket, to display the authentication URL when running m365 setup, would be very useful and I hope it can be implemented. Thank you!

milanholemans commented 1 month ago

Thanks for the clarification. Glad to hear your setup works again. The site that we try to open is to authenticate the current user and be able to create a new application registration in Azure that CLI can consume. Logging the URL, just like we do for m365 login is indeed a good suggestion.

Adam-it commented 1 month ago

@dshirk-uci you may already get the URL just by adding the --debug to the setup or login command. You will find the redirect URL in the printed logs image

waldekmastykarz commented 1 month ago

For headless servers you should use the device code login method which is made specifically for this case: it prints a code in the terminal which you copy and paste to the login page. Have you considered using it @apc005?

apc005 commented 1 month ago

Thx but I was talking about the "setup" process, not the login one

milanholemans commented 1 month ago

To clarify @waldekmastykarz, when running m365 setup and creating a new app registration, the URL to authenticate to Azure CLI is not printed in the terminal as is the case for m365 login.

waldekmastykarz commented 1 month ago

Ah sorry, I misunderstood. Thank you for clarifying. In that case, we should consider allowing you to choose whether you want to login to Azure using the browser or device code auth.

Is there btw a reason you need to create the app from the headless server rather than say locally and on the headless server use the option to use an existing app?