I'm trying to login with tenant id and app id, but the command fails before I'm able to enter device code in the browser.
m365 login --tenant <tenant_id> --appId <app_id>
Executing command login with options {"options":{"output":"json","debug":true,"verbose":false,"cloud":"Public","appId":"<app_id>","tenant":"<tenant_id>"}}
Logging out from Microsoft 365...
Signing in to Microsoft 365...
No token found for resource https://graph.microsoft.com.
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Info - getTokenCache called
Starting Auth.ensureAccessTokenWithDeviceCode. resource: https://graph.microsoft.com, debug: true
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Info - acquireTokenByDeviceCode called
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - initializeRequestScopes called
[Fri, 18 Apr 2025 14:23:23 GMT] : [fbae7401-de67-485f-ab4d-4b8ccbf9b75e] : @azure/[email protected] : Verbose - createAuthority called
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Found cloud discovery metadata from hardcoded values.
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
[Fri, 18 Apr 2025 14:23:23 GMT] : [fbae7401-de67-485f-ab4d-4b8ccbf9b75e] : @azure/[email protected] : Verbose - buildOauthClientConfiguration called
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name <tenant_id> with id {tenantid}
[Fri, 18 Apr 2025 14:23:23 GMT] : [fbae7401-de67-485f-ab4d-4b8ccbf9b75e] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token.
[Fri, 18 Apr 2025 14:23:23 GMT] : [fbae7401-de67-485f-ab4d-4b8ccbf9b75e] : @azure/[email protected] : Verbose - Device code client created
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name <tenant_id> with id {tenantid}
Request:
{
"url": "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/devicecode",
"method": "post",
"headers": {
"Accept": "application/json, text/plain, */*",
"Content-Type": "application/x-www-form-urlencoded;charset=utf-8",
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/10.6.0",
"accept-encoding": "gzip, deflate",
"X-ClientService-ClientTag": "M365CLI:10.6.0"
},
"responseType": "text",
"decompress": true,
"data": "scope=https%3A%2F%2Fgraph.microsoft.com%2F.default%20openid%20profile%20offline_access&client_id=<app_id>"
}
Response:
{
"url": "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/devicecode",
"status": 200,
"statusText": "OK",
"headers": {
"cache-control": "no-store, no-cache",
"pragma": "no-cache",
"content-type": "application/json; charset=utf-8",
"expires": "-1",
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"p3p": "CP=\"DSP CUR OTPi IND OTRi ONL FIN\"",
"x-ms-request-id": "1fabc414-b442-4d23-9e40-a0b404de0600",
"x-ms-ests-server": "2.1.20540.3 - NEULR1 ProdSlices",
"x-ms-srs": "1.P",
"content-security-policy-report-only": "object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-MDa9fHHE6m1yxto4RgwpbA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All",
"x-xss-protection": "0",
"set-cookie": "fpc=xxx; expires=Sun, 18-May-2025 14:23:23 GMT; path=/; secure; HttpOnly; SameSite=None, esctx=xxx; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly, stsservicecookie=estsfd; path=/; secure; samesite=none; httponly",
"date": "Fri, 18 Apr 2025 14:23:23 GMT",
"content-length": "473"
},
"data": "{\"user_code\":\"DQFCZ7J9F\",\"device_code\":\"xxx\",\"verification_uri\":\"https://microsoft.com/devicelogin\",\"expires_in\":900,\"interval\":5,\"message\":\"To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DQFCZ7J9F to authenticate.\"}"
}
Response:
[Fri, 18 Apr 2025 14:23:23 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name <tenant_id> with id {tenantid}
Request:
{
userCode: 'DQFCZ7J9F',
deviceCode: 'xxx',
verificationUri: 'https://microsoft.com/devicelogin',
expiresIn: 900,
interval: 5,
message: 'To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DQFCZ7J9F to authenticate.'
}
{
"url": "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token?client-request-id=fbae7401-de67-485f-ab4d-4b8ccbf9b75e",
"method": "post",
"headers": {
"Accept": "application/json, text/plain, */*",
"Content-Type": "application/x-www-form-urlencoded;charset=utf-8",
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/10.6.0",
"accept-encoding": "gzip, deflate",
"X-ClientService-ClientTag": "M365CLI:10.6.0"
},
"responseType": "text",
"decompress": true,
"data": "scope=https%3A%2F%2Fgraph.microsoft.com%2F.default%20openid%20profile%20offline_access&client_id=<app_id>&grant_type=device_code&device_code=xxx&client-request-id=fbae7401-de67-485f-ab4d-4b8ccbf9b75e&client_info=1&x-client-SKU=msal.js.node&x-client-VER=3.4.1&x-client-OS=win32&x-client-CPU=x64&x-ms-lib-capability=retry-after%2C%20h429&x-client-current-telemetry=5%7C671%2C0%2C%2C%2C%7C%2C&x-client-last-telemetry=5%7C0%7C%7C%7C0%2C0"
}
🌶️ To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DQFCZ7J9F to authenticate.
Request error:
{
"url": "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token?client-request-id=fbae7401-de67-485f-ab4d-4b8ccbf9b75e",
"status": 400,
"statusText": "Bad Request",
"headers": {
"cache-control": "no-store, no-cache",
"pragma": "no-cache",
"content-type": "application/json; charset=utf-8",
"expires": "-1",
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"p3p": "CP=\"DSP CUR OTPi IND OTRi ONL FIN\"",
"x-ms-request-id": "c3208e57-db32-4176-b19f-cce7997a0700",
"x-ms-ests-server": "2.1.20540.3 - SEC ProdSlices",
"x-ms-clitelem": "1,70016,0,,",
"x-ms-srs": "1.P",
"content-security-policy-report-only": "object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-h4JWhVfMpPbrvhqJqI9lCQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All",
"x-xss-protection": "0",
"set-cookie": "fpc=AtuL-x4Os5VDvbPpVXKxJe0; expires=Sun, 18-May-2025 14:23:23 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly, stsservicecookie=estsfd; path=/; secure; samesite=none; httponly",
"date": "Fri, 18 Apr 2025 14:23:23 GMT",
"content-length": "501"
},
"error": "{\"error\":\"authorization_pending\",\"error_description\":\"AADSTS70016: OAuth 2.0 device flow error. Authorization is pending. Continue polling. Trace ID: c3208e57-db32-4176-b19f-cce7997a0700 Correlation ID: 0572f691-e9d8-44b7-a17c-098d7bc132dd Timestamp: 2025-04-18 14:23:23Z\",\"error_codes\":[70016],\"timestamp\":\"2025-04-18 14:23:23Z\",\"trace_id\":\"c3208e57-db32-4176-b19f-cce7997a0700\",\"correlation_id\":\"0572f691-e9d8-44b7-a17c-098d7bc132dd\",\"error_uri\":\"https://login.microsoftonline.com/error?code=70016\"}"
}
Error:
ClientAuthError: network_error: Network request failed
at createClientAuthError (file:///C:/Work/Personal/cli-microsoft365/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/error/ClientAuthError.mjs:255:12)
at DeviceCodeClient.sendPostRequest (file:///C:/Work/Personal/cli-microsoft365/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/client/BaseClient.mjs:132:23)
at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
at async DeviceCodeClient.executePostToTokenEndpoint (file:///C:/Work/Personal/cli-microsoft365/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/client/BaseClient.mjs:83:26)
at async DeviceCodeClient.acquireTokenWithDeviceCode (file:///C:/Work/Personal/cli-microsoft365/node_modules/@azure/msal-node/dist/client/DeviceCodeClient.mjs:162:30)
at async DeviceCodeClient.acquireToken (file:///C:/Work/Personal/cli-microsoft365/node_modules/@azure/msal-node/dist/client/DeviceCodeClient.mjs:26:26)
at async PublicClientApplication.acquireTokenByDeviceCode (file:///C:/Work/Personal/cli-microsoft365/node_modules/@azure/msal-node/dist/client/PublicClientApplication.mjs:72:20)
at async Auth.ensureAccessToken (file:///C:/Work/Personal/cli-microsoft365/dist/Auth.js:194:26)
at async LoginCommand.ensureAccessToken (file:///C:/Work/Personal/cli-microsoft365/dist/m365/commands/login.js:139:13)
at async LoginCommand.login (file:///C:/Work/Personal/cli-microsoft365/dist/m365/commands/login.js:199:9) {
errorCode: 'network_error',
errorMessage: 'Network request failed',
subError: '',
correlationId: 'fbae7401-de67-485f-ab4d-4b8ccbf9b75e'
}
Priority
(Medium) I'm annoyed but I'll live
Description
I'm trying to login with tenant id and app id, but the command fails before I'm able to enter device code in the browser.
Error message:
Steps to reproduce
Try login with tenant id and app id
Expected results
Can login
Actual results
Diagnostics
CLI for Microsoft 365 version
v10.6.0
nodejs version
v22.14.0
Operating system (environment)
Windows
Shell
PowerShell
cli doctor
Error: Log in to Microsoft 365 first
Additional Info
No response