[BUG] The refresh token has expired due to inactivity

[tarjeieo]

Environment

[X] Office 365 / SharePoint Online
[ ] SharePoint 2016
[ ] SharePoint 2013

If SharePoint on-premises, what's exact CU version:

Expected or Desired Behavior

Trying to add Teams to an O365 group with user credentials. This has been working fine for weeks. I expect the Team to be created for the group site.

I'm not 100% sure if this is a bug with O365, PnP or something I'm doing wrong. I'm using this user-based enabling of Teams to avoid issues with "your team is not ready" and "can't find your files" which I'm experiencing when toggling Team using graph calls.

Observed Behavior

I'm running the following super simple PnP commands to enable Teams for a group site. I'm doing this in an automated process, but the problem also occurs on other machines. Using credentials from Automation Credentials store.

Connect-PnPOnline -Url https://xxx.sharepoint.com/sites/xxx -Credentials $creds
Add-PnPTeamsTeam

Getting the following error message about an expired refresh token:
"AADSTS700082: The refresh token has expired due to inactivity.\u00a0The token was issued on 2020-05-06T07:49:52.9345328Z and was inactive for 90.00:00:00.\r\nTrace ID: 33517a7d-024d-4786-9f6d-9d589427f700\r\nCorrelation ID: c7d27e9f-6010-9000-8387-331a986422c1\r\nTimestamp: 2020-09-29 7:53:38Z"},"error.redirectUrl":"https://xxx.sharepoint.com/sites/xxx?reauthid=2.MXwwfA.Ec3D....."

I've tried different releases, from May2020.2 to Sept2020.1, consistent results.
I've tested this in multiple tenants, with different results. Two tenants always throws this error, while two other tenants works fine and creates the Team.

Steps to Reproduce

I'm running the following PnP commands:

Connect-PnPOnline -Url https://xxx.sharepoint.com/sites/xxx
Add-PnPTeamsTeam

Note: If I connect using UseWebLogin, everything works as expected. However, that is not a possibility since I'm running this as part of a provisioning Automation runbook.

[ghost]

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

[waaromikniet]

We have the same issue when using:

Connect-PnPOnline -Url https://xxx.sharepoint.com/sites/xxx
Add-PnPTeamsTeam

But when we indeed use

Connect-PnPOnline -Url https://xxx.sharepoint.com/sites/xxx -UseWebLogin
Add-PnPTeamsTeam

It seems to work. But we use automated install. So want to use CredentialManager.

[waaromikniet]

Another issue about this problem mentioned here: pnp/PnP-PowerShell#2963

[nilang-shah]

I am also having the exact same issue, while using Apply-PnPTenantTemplate , will appreciate any help on this.

[waaromikniet]

We have reproduced this issue using basic REST operations. So without PnP. We have created a call with Microsoft and they could also reproduce. They are looking into this to see if the endpoint has had a change by the product team. We are using PnP with username/password which in fact is using SharePointOnline Credential class to authenticate. This is using legacy authentication (cookie based) so the error about a refresh token is not expected. since that is used when using modern authentication.