Not able to execute any PnP related commands after connecting to SPO site using app id and app secret

Question

Not able to execute any PnP related commands after connecting to SPO site using app id and app secret

ymihir opened this issue 4 years ago · comments

I want to execute Get-PnPProvisioningTemplate command. For this first I am connecting to SPO site using Connect-PnPOnline site by passing AppId and AppSecret. Connection was successful. Then I am executing Get-PnPProvisioningTemplate command and I was ended up with (401) unauthorized error. Then I tried with simple command as Get-PnPList, this also same issue. I gave tenant level full control permissions to the given app id.

I have created a new trial tenant and executed, there also I am getting same issue. If use -UseWebLogin instead of AppId and secret then it is working fine. What is the root cause.

Note: I executed same command 5 months back and it worked like charm. Now giving the issue. What is the reason?

Deleted user · Answer 1 · Fri Oct 23 2020 01:44:07 GMT+0800 (China Standard Time)

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

ymihir · Answer 2 · Fri Oct 23 2020 21:53:42 GMT+0800 (China Standard Time)

No solution for this?

Lane Blundell · Answer 3 · Tue Oct 27 2020 00:00:48 GMT+0800 (China Standard Time)

Hi @ymihir Have you giving your app registration in Azure AD the correct permissions?

ymihir · Answer 4 · Wed Oct 28 2020 02:45:11 GMT+0800 (China Standard Time)

Why azure AD comes here?

Todd Klindt · Answer 5 · Wed Oct 28 2020 02:52:53 GMT+0800 (China Standard Time)

The AppID and AppSecret you're using are for an App Registration. Those are Azure AD functionality. If you to the App Registration blade in Azure AD you should see your App Registration and see what permissions it has.

Lane Blundell · Answer 6 · Wed Oct 28 2020 02:52:54 GMT+0800 (China Standard Time)

Hi @ymihir When you use the app secret method to connect you are also using an application registration in Azure AD. This is the "AppId" you are plugging in.

ymihir · Answer 7 · Thu Nov 12 2020 19:42:01 GMT+0800 (China Standard Time)

@fastlaneb, @ToddKlindt App ID created in SharePoint undr appregnew.aspx. I trying to execute with app only policy by applying below permission xml to the app id

<AppPermissionRequests AllowAppOnlyPolicy="true" >
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Why to create azure app registration and what permission to give? Any documentation to refer?

Lane Blundell · Answer 8 · Thu Nov 12 2020 23:32:08 GMT+0800 (China Standard Time)

Hi @ymihir If you're explicitly adding the perms via the SharePoint page you reference appregnew.aspx(SharePoint App-Only) I don't believe you have to do anything in the Azure App Reg blade. If you do want to read about Azure AD App-Only for SharePoint you can check it out here: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

ymihir · Answer 9 · Thu Nov 19 2020 17:34:15 GMT+0800 (China Standard Time)

@fastlaneb Earlier it used to work. But from couple of months it stopped working. Not sure why this behavior.

bmarcos81 · Answer 10 · Tue Jan 12 2021 23:40:00 GMT+0800 (China Standard Time)

@ymihir using the appregnew page the App Secret expires after one year. You can review that on Azure AD > App Registrations > Search for your AppId > Secrets, you will see there the expiration date. Then you can create a new App Secret.