Priority
(Medium) I'm annoyed but I'll live
Description
When using application permissions, if you want to retrieve a new access token using util accesstoken get -r graph --new, instead of fetching a new access token, CLI just retrieves a token from the cache.
When running the command in debug mode, you get the following result (check red arrow):
Steps to reproduce
- Login using an app-only context
m365 login --authType certificate --certificateFile xxxx --password yyyy --appId zzzz --tenant uuuu
- In Microsoft Entra ID, add a permission scope to your app registration.
- Fetch a new token
m365 util accesstoken get -r graph --new
The newly added scope is not included in the new token.
Expected results
To fetch a new token instead of returning one from the cache.
Actual results
Token from cache is returned.
Diagnostics
No response
CLI for Microsoft 365 version
v7.6.0
nodejs version
v20.10.0
Operating system (environment)
Windows
Shell
PowerShell
cli doctor
No response
Additional Info
Debug info:
m365 util accesstoken get -r graph --new -o text --debug
Executing command util accesstoken get with options {"options":{"resource":"graph","new":true,"output":"text","debug":true}}
Executing command as 'CLI for Microsoft 365', appId: xxxxx, tenantId: yyyyy
Access token expired. Token: eyJ0eXAiOiJKV1..., ExpiresAt: 2024-03-08T09:50:06.000Z
Retrieving new access token using certificate...
pkcs8ShroudedKeyBagkeyBags length is 1
keyBag length is 0
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Info - acquireTokenByClientCredential called
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - initializeRequestScopes called
[Fri, 08 Mar 2024 08:50:21 GMT] : [513be026-4950-4501-9b88-9d37e7368fdc] : @azure/[email protected] : Verbose - buildOauthClientConfiguration called
[Fri, 08 Mar 2024 08:50:21 GMT] : [513be026-4950-4501-9b88-9d37e7368fdc] : @azure/[email protected] : Verbose - createAuthority called
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Found cloud discovery metadata from hardcoded values.
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name xxxxxx with id {tenantid}
[Fri, 08 Mar 2024 08:50:21 GMT] : [yyyyyyyyyyyyy] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/xxxxxxxx/oauth2/v2.0/token.
[Fri, 08 Mar 2024 08:50:21 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name xxxxx with id {tenantid}
[Fri, 08 Mar 2024 08:50:21 GMT] : [yyyyyyyyyy] : @azure/[email protected] : Verbose - Client credential client created
Response
{
authority: 'https://login.microsoftonline.com/xxxxxxxxxx/',
uniqueId: '',
tenantId: '',
scopes: [ 'https://graph.microsoft.com/.default' ],
account: null,
idToken: '',
idTokenClaims: {},
accessToken: 'eyJ0eXAiOi...',
fromCache: true,
expiresOn: 2024-03-08T09:50:06.000Z,
extExpiresOn: 2024-03-08T10:50:05.000Z,
refreshOn: undefined,
correlationId: '513be026-4950-4501-9b88-9d37e7368fdc',
requestId: '',
familyId: '',
tokenType: 'Bearer',
state: '',
cloudGraphHostName: '',
msGraphHost: '',
code: undefined,
fromNativeBroker: false
}
eyJ0eX....
Priority
(Medium) I'm annoyed but I'll live
Description
When using application permissions, if you want to retrieve a new access token using
util accesstoken get -r graph --new, instead of fetching a new access token, CLI just retrieves a token from the cache.When running the command in debug mode, you get the following result (check red arrow):
Steps to reproduce
The newly added scope is not included in the new token.
Expected results
To fetch a new token instead of returning one from the cache.
Actual results
Token from cache is returned.
Diagnostics
No response
CLI for Microsoft 365 version
v7.6.0
nodejs version
v20.10.0
Operating system (environment)
Windows
Shell
PowerShell
cli doctor
No response
Additional Info
Debug info: