Forum Discussion
Solved
Authenticating with an access token Connect-MicrosoftTeams
Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
- FYI - I raised a ticket, and it should be fixed by mid november.
Issue description:
Cannot properly run Connect-MicrosoftTeams -AccessTokens
Resolution Steps:
Escalated case with our engineering Team
Issue is known bug and currently being fixed
Expecting a fix to go out by NOV mid
MicrosoftTeams PowerShell Module 4.0.0 has been released
https://www.powershellgallery.com/packages/MicrosoftTeams/4.0.0
I've tested it with App Only Authentication (Certificate / ClientSecret). Still does not work
In my Microsoft Case [Case #:28612860] they said that the ETA will be early Q2 2022. I guess we still have to wait.
Regards Andres
I've had the same problem with several different versions of the MicrosoftTeams modules...
Including:
Install-Module -Name MicrosoftTeams -RequiredVersion 2.3.2-preview -AllowPrerelease
Install-Module -Name MicrosoftTeams -RequiredVersion 3.0.0
Install-Module -Name MicrosoftTeams -RequiredVersion 3.1.1
Install-Module -Name MicrosoftTeams -RequiredVersion 4.0.0
Install-Module -Name MicrosoftTeams -RequiredVersion 4.0.1-preview -AllowPrerelease
My tokens are correct:
PS> $($graphToken | Get-JWTDetails).Roles | sort
AppCatalog.Read.All
AppCatalog.ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
Group.Read.All
Group.ReadWrite.All
People.Read.All
Schedule.Read.All
Schedule.ReadWrite.All
Team.ReadBasic.All
TeamSettings.Read.All
User.Read.All
UserShiftPreferences.Read.All
UserShiftPreferences.ReadWrite.All
PS> $($teamsToken | Get-JWTDetails).Roles | sort
application_access
application_access_custom_sba_appliance
All of them give me this:
PS> Connect-MicrosoftTeams -AccessTokens @("$graphToken", "$teamsToken")
Connect-MicrosoftTeams : Object reference not set to an instance of an object.
At line:1 char:1
+ Connect-MicrosoftTeams -AccessTokens @("$graphToken", "$teamsToken")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-MicrosoftTeams], NullReferenceException
+ FullyQualifiedErrorId : Connect-MicrosoftTeams,Microsoft.TeamsCmdlets.Powershell.Connect.ConnectMicrosoftTeams
Connect-MicrosoftTeams : Object reference not set to an instance of an object.
At line:1 char:1
+ Connect-MicrosoftTeams -AccessTokens @("$graphToken", "$teamsToken")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-MicrosoftTeams], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,Microsoft.TeamsCmdlets.Powershell.Connect.ConnectMicrosoftTeams​
Logged it here too: https://github.com/MicrosoftDocs/office-docs-powershell/issues/9188
As written here - i have running code (with Delegated Permissions)
Using Delegated Permissions does not make sense - i totally agree 🙂
I had a Ticket open at Microsoft #28612860. It was closed with the ETA of Mid April for the Fix. So we will see.
Tested a code with Application Permissions with Teams PowerShell Module 4.1.0 - still does not work.
Regards
Andres
- Hi Andres,
that's great to hear. hopefully MS will fix this, an the connect-microsoftTeams will work as expected with ApplicationPermissions (include using a certificate an not an AppSecret)....
BrRonar85 and Andres-Bohren
Thanks for the link and comments. Still cannot get it working...
#Install-Modules Install-Module JWTDetails #Not needed - just for debug Install-Module MSAL.PS -MaximumVersion 4.36.1.2 -acceptlicense -SkipPublisherCheck -force Install-Module MicrosoftTeams -MaximumVersion 3.0.0 -force #Import Modules Import-module -name JWTDetails Import-Module MSAL.PS -MaximumVersion 4.36.1.2 Import-Module MicrosoftTeams -MaximumVersion 3.0.0 Get-Module #Clear TokenCache Clear-MsalTokenCache #Prep Add-Type -AssemblyName System.Web $ImpersonationUPN="Email address removed" $TenantID="TENANTNAME-OR-TENANTID" $ApplicationID="REDACTED" $ImpersonationUPN="Email address removed" $ClientSecret="REDACTED" #TeamsAccessToken $Scope = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default" $Token = Get-MsalToken -ClientId $ApplicationID -TenantId $TenantId -Scope $Scope -ClientSecret $(ConvertTo-SecureString -String $ClientSecret -AsPlainText -force) $TeamsAccessToken = $Token.AccessToken Get-JWTDetails $TeamsAccessToken #GraphAccessToken $Scope = "https://graph.microsoft.com/.default" $Token = Get-MsalToken -ClientId $ApplicationID -TenantId $TenantId -Scope $Scope -ClientSecret $(ConvertTo-SecureString -String $ClientSecret -AsPlainText -force) $GraphAccessToken = $Token.AccessToken Get-JWTDetails $GraphAccessToken #Connect To MS TEAMS Connect-MicrosoftTeams -AccessTokens @($GraphAccessToken,$TeamsAccessToken) -AccountId $($impersonatedUser.id) -verbose #Error: Parameter set cannot be resolved using the specified named parameters. Connect-MicrosoftTeams -LogLevel Verbose -LogFilePath %temp%\Connect-MSTeams.log -AccessTokens @($GraphAccessToken,$TeamsAccessToken) notepad %temp%\Connect-MSTeams.logDebug:
2022-04-04T13:55:38.2302931Z,Error ,Connect-MicrosoftTeams.ProcessRecord, System.NullReferenceException - Object reference not set to an instance of an object.. at Microsoft.TeamsCmdlets.Powershell.Connect.RMProfileClient.GetTokenClaimValue(JsonWebToken webToken, String value) at Microsoft.TeamsCmdlets.Powershell.Connect.RMProfileClient.ProcessProvidedAccessTokens(AzureAccount account, String tenantId) at Microsoft.TeamsCmdlets.Powershell.Connect.RMProfileClient.AcquireAccessToken(AzureAccount account, AzureEnvironment environment, String tenantId, SecureString password, AuthenticationFlow authFlow) at Microsoft.TeamsCmdlets.Powershell.Connect.RMProfileClient.Login(AzureAccount account, AzureEnvironment environment, String tenantId, SecureString password, AuthenticationFlow authFlow)
