Steps to reproduce:
C:\Projects\office365-cli (customaction-list-with-fixes -> origin) (@pnp/[email protected])
λ o365
o365$ spo connect https://xxx-admin.sharepoint.com
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DQMHF7XXX to authenticate.
o365$ spo app install -i 81c00f3b-71f6-487d-abe7-f29d5803c328 -s https://xxx.sharepoint.com/sites/xxx
Error: 401 - "{\"error_description\":\"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown.\"}"
o365$Expected:
The app is installed on the site
Actual:
Error: 401 - "{"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}"
Additional Info:
This is caused because some commands are using the Service.accessToken property
https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/Auth.ts#L7
for sending the jwt token in the header like 'Bearer ${auth.site.accessToken}'. Examples:
https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/o365/spo/commands/app/app-install.ts#L65
https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/o365/spo/commands/customaction/customaction-get.ts#L97
However if we use the Auth.getAccessToken to swap the context from tenant admin to site, the newly retrieved token does not replace the tenant admin token in the accessToken property.
We have to ensure that that property is updated or find other way to pass the correct token.
Fix:
Steps to reproduce:
Expected:
The app is installed on the site
Actual:
Error: 401 - "{"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}"
Additional Info:
This is caused because some commands are using the Service.accessToken property
https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/Auth.ts#L7
for sending the jwt token in the header like 'Bearer ${auth.site.accessToken}'. Examples:
https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/o365/spo/commands/app/app-install.ts#L65
https://github.com/SharePoint/office365-cli/blob/c0f3ca598e04534cca8006f2143494abfd2beede/src/o365/spo/commands/customaction/customaction-get.ts#L97
However if we use the
Auth.getAccessTokento swap the context from tenant admin to site, the newly retrieved token does not replace the tenant admin token in the accessToken property.We have to ensure that that property is updated or find other way to pass the correct token.
Fix:
spo app installspo app uninstallspo app upgrade