search

pnp / cli-microsoft365

Manage Microsoft 365 and SharePoint Framework projects on any platform
https://aka.ms/cli-m365
MIT License
909 stars 317 forks source link

m365 login failed #6339

Open dschenlin opened 1 week ago

dschenlin commented 1 week ago

Priority

(Urgent) I can't use the CLI

Description

m365 login works correctly with my account, but since 9 Sep, I can't login with my account, but my account still works with any microsoft apps, ( teams, sharepoint, outlook, etc...)

Steps to reproduce

m365 login --authType password --userName --password --debug

Expected results

login success

Actual results

Executing command login with options {"options":{"output":"json","debug":true,"verbose":false,"authType":"password","cloud":"Public","userName":"chen.lin@company.com","password":"Password"}} Executing command as 'Chen.Lin@company.com', appId: 31359c7f-bd7e-, tenantId: bc74e59c* Logging out from Microsoft 365... Signing in to Microsoft 365... No token found for resource https://graph.microsoft.com. [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Info - getTokenCache called [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-common@14.13.0 : Info - CacheManager:getIdToken - No token found Retrieving new access token using credentials... [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Info - acquireTokenByUsernamePassword called [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - initializeRequestScopes called [Thu, 12 Sep 2024 07:40:46 GMT] : [a8c127f9-eee2-41ba-84f2-4b3959c6f6ac] : @azure/msal-node@2.10.0 : Verbose - buildOauthClientConfiguration called [Thu, 12 Sep 2024 07:40:46 GMT] : [a8c127f9-eee2-41ba-84f2-4b3959c6f6ac] : @azure/msal-node@2.10.0 : Verbose - createAuthority called [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Attempting to get cloud discovery metadata from authority configuration [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values. [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Found cloud discovery metadata from hardcoded values. [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Attempting to get endpoint metadata from authority configuration [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values. [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Replacing tenant domain name bc74e59c with id {tenantid} [Thu, 12 Sep 2024 07:40:46 GMT] : [a8c127f9-eee2-41ba-84f2-4b3959c6f6ac] : @azure/msal-node@2.10.0 : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/bc74e59c-5fa3-4157-9c37-6e5063d11a62/oauth2/v2.0/token. [Thu, 12 Sep 2024 07:40:46 GMT] : [a8c127f9-eee2-41ba-84f2-4b3959c6f6ac] : @azure/msal-node@2.10.0 : Verbose - Username password client created [Thu, 12 Sep 2024 07:40:46 GMT] : [a8c127f9-eee2-41ba-84f2-4b3959c6f6ac] : @azure/msal-common@14.13.0 : Info - in acquireToken call in username-password client [Thu, 12 Sep 2024 07:40:46 GMT] : [] : @azure/msal-node@2.10.0 : Verbose - Replacing tenant domain name bc74e59c**** with id {tenantid} Error: ServerError: invalid_client: Error(s): 7000218 - Timestamp: 2024-09-12 07:40:46Z - Description: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 8dc91be4-bce0-451c-bc16-220f51c62c00 Correlation ID: ff1b21ef-776e-4a1e-9015-37f123d6e188 Timestamp: 2024-09-12 07:40:46Z - Correlation ID: ff1b21ef-776e-4a1e-9015-37f123d6e188 - Trace ID: 8dc91be4-bce0-451c-bc16-220f51c62c00 at ResponseHandler.validateTokenResponse (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/response/ResponseHandler.mjs:98:33) at UsernamePasswordClient.acquireToken (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/node_modules/@azure/msal-node/dist/client/UsernamePasswordClient.mjs:28:25) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async PublicClientApplication.acquireTokenByUsernamePassword (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/node_modules/@azure/msal-node/dist/client/ClientApplication.mjs:170:20) at async Auth.ensureAccessToken (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/dist/Auth.js:192:26) at async login (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/dist/m365/commands/login.js:120:17) at async LoginCommand.commandAction (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/dist/m365/commands/login.js:138:9) at async LoginCommand.action (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/dist/m365/commands/login.js:148:9) at async Object.executeCommand (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/dist/cli/cli.js:242:9) at async Object.execute (file:///Users/clin/.nvm/versions/node/v18.19.0/lib/node_modules/@pnp/cli-microsoft365/dist/cli/cli.js:191:9) { errorCode: 'invalid_client', errorMessage: "Error(s): 7000218 - Timestamp: 2024-09-12 07:40:46Z - Description: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 8dc91be4-bce0-451c-bc16-220f51c62c00 Correlation ID: ff1b21ef-776e-4a1e-9015-37f123d6e188 Timestamp: 2024-09-12 07:40:46Z - Correlation ID: ff1b21ef-776e-4a1e-9015-37f123d6e188 - Trace ID: 8dc91be4-bce0-451c-bc16-220f51c62c00", subError: '', errorNo: 7000218, status: undefined, correlationId: 'a8c127f9-eee2-41ba-84f2-4b3959c6f6ac' }

Timings: api: 0ms core: 15.007889ms command: 1005.587945ms options: 0.164666ms total: 1022.528086ms validation: 2.87981ms {"error":"invalid_client: Error(s): 7000218 - Timestamp: 2024-09-12 07:40:46Z - Description: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 8dc91be4-bce0-451c-bc16-220f51c62c00 Correlation ID: ff1b21ef-776e-4a1e-9015-37f123d6e188 Timestamp: 2024-09-12 07:40:46Z - Correlation ID: ff1b21ef-776e-4a1e-9015-37f123d6e188 - Trace ID: 8dc91be4-bce0-451c-bc16-220f51c62c00"}

Diagnostics

No response

CLI for Microsoft 365 version

9.0.0

nodejs version

18.19

Operating system (environment)

macOS

Shell

zsh

cli doctor

m365 cli doctor { "os": { "platform": "darwin", "version": "Darwin Kernel Version 23.6.0: Fri Jul 5 17:54:20 PDT 2024; root:xnu-10063.141.1~2/RELEASE_X86_64", "release": "23.6.0" }, "cliVersion": "9.0.0", "nodeVersion": "v18.19.0", "cliAadAppId": "31359c7f-bd7e-xxxxxx", "cliAadAppTenant": "organizations", "authMode": 1, "cliEnvironment": "", "cliConfig": { "autoOpenLinksInBrowser": false, "copyDeviceCodeToClipboard": false, "output": "json", "printErrorsAsPlainText": false, "prompt": false, "showHelpOnFailure": false, "showSpinner": false, "helpMode": "full", "authType": "browser", "clientId": "626864e0-xxxx", "tenantId": "bc74e59c-xxxxx", "clientSecret": "", "clientCertificateFile": "", "clientCertificateBase64Encoded": "" }, "roles": [], "scopes": { "https://graph.microsoft.com": [ "AllSites.FullControl", "AppCatalog.ReadWrite.All", "ChannelMember.ReadWrite.All", "ChannelMessage.Send", "ChannelSettings.ReadWrite.All", "Directory.AccessAsUser.All", "Directory.ReadWrite.All", "Group.ReadWrite.All", "IdentityProvider.ReadWrite.All", "Mail.ReadWrite", "Mail.Send", "Reports.Read.All", "Tasks.ReadWrite", "Team.Create", "TeamMember.ReadWrite.All", "TeamsApp.ReadWrite.All", "TeamsAppInstallation.ReadWriteForUser", "TeamSettings.ReadWrite.All", "TeamsTab.ReadWrite.All", "TermStore.ReadWrite.All", "User.Invite.All", "User.ReadWrite.All", "profile", "openid", "email" ], "https://xxxxxx.sharepoint.com": [ "AllSites.FullControl", "AppCatalog.ReadWrite.All", "ChannelMember.ReadWrite.All", "ChannelMessage.Send", "ChannelSettings.ReadWrite.All", "Directory.AccessAsUser.All", "Directory.ReadWrite.All", "Group.ReadWrite.All", "IdentityProvider.ReadWrite.All", "Mail.ReadWrite", "Mail.Send", "Reports.Read.All", "Tasks.ReadWrite", "Team.Create", "TeamMember.ReadWrite.All", "TeamsApp.ReadWrite.All", "TeamsAppInstallation.ReadWriteForUser", "TeamSettings.ReadWrite.All", "TeamsTab.ReadWrite.All", "TermStore.ReadWrite.All", "User.Invite.All", "User.ReadWrite.All" ] } }

Additional Info

No response

milanholemans commented 1 week ago

Hi @dschenlin, this has probably something to do with: https://github.com/pnp/cli-microsoft365/discussions/6335 The PnP Management Shell app registration was removed from all tenants on September 9.

waldekmastykarz commented 1 week ago

@dschenlin could you please confirm if you're still seeing this issue if you use a custom Entra app registration instead?