Skip to content
This repository has been archived by the owner on Jan 19, 2021. It is now read-only.

[BUG] Apply-PnPProvisioningTemplate - Cannot execute ApplicationLifecycleManagement Handler without manually aquiring a Token via Connect-PnPOnline -PnpManagementShell first #2824

Open
FrankMuraschow opened this issue Jan 5, 2021 · 1 comment
Open

[BUG] Apply-PnPProvisioningTemplate - Cannot execute ApplicationLifecycleManagement Handler without manually aquiring a Token via Connect-PnPOnline -PnpManagementShell first #2824

FrankMuraschow opened this issue Jan 5, 2021 · 1 comment
Labels
Needs: Triage 🔍

Comments

@FrankMuraschow
Copy link

Environment

[ x ] Office 365 / SharePoint Online
[ ] SharePoint 2016
[ ] SharePoint 2013

Expected or Desired Behavior

I expect to be able to provision the site template including the ALM step.

Observed Behavior

The error that gets surfaced is Object reference not set to an instance of an object

Steps to Reproduce

  • Connect-PnPOnline using -Credential argument with userName and the application password (to prevent MFA prompt)

  • Aquire a template of a site with apps installed

  • Run Apply-PnPProvisioningTemplate with the ApplicationLifecycleManagement handler

Additional information

  • I did register the application in Azure-AD via Register-PnPManagementShellAccess

  • After debugging the current version of OfficeDevPnp.Core I was able to pin the issue down to the following class and method

PnP.PowerShell.Commands.Model.GenericToken
public static GenericToken AcquireDelegatedTokenWithCredentials(string clientId, string[] scopes, string authority, string username, SecureString securePassword)

  • When calling tokenResult = publicClientApplication.AcquireTokenByUsernamePassword(scopes, username, securePassword).ExecuteAsync().GetAwaiter().GetResult(); the error thrown here is

AADSTS50126: Error validating credentials due to invalid username or password

  • I then ran the Connect-PnpOnline command with the PnpMangementShellAccess argument. After that I was able to provision the ALM step but only for this one PowerShell session. After closing and reopening a new session, the error reappeared and I had to do the described step again. This is not feasible due to the fact that this script has to be used in an Azure Automation Runbook.

Github issue #2732 seems to be somewhat of the same origin as I also had problems when the template included the pnp:header element. I was able to "fix" the issue after removing the pnp:header element, but I suspect the header- and ALM-problem both have the same underlying issue.

Closing question

This the way of authenticating via classic Credentials still supported or should we look into other methods?

Thanks for your great work,
Frank Muraschow
@ghost
Copy link

ghost commented Jan 5, 2021

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

@ghost ghost added the Needs: Triage 🔍 label Jan 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Needs: Triage 🔍
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FrankMuraschow