Expected behavior

Retrieve the information about the specified custom action located in the specified site no matter if you're connected to that site or to the tenant admin site.

Actual behavior

When connected to the tenant admin site, and trying to retrieve a custom action from a regular site using spo customaction get, the CLI throws the following error:

Error: 401 - {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}

CLI version

v0.3.0+

Additional information

This is caused by using ensureAccessToken to get the access token for the site:

https://github.com/SharePoint/office365-cli/blob/a771a94c162273162c6e7170be384c969066af99/src/o365/spo/commands/customaction/customaction-get.ts#L43

This method returns a fresh access token for the same resource as the connected site (tenant admin in this case). To get a valid access token for the specified site, instead the command should be using the getAccessToken method instead:

https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/o365/spo/commands/app/app-install.ts#L37-L41

/cc: @VelinGeorgiev