IdentityAuth / IdentityAuth7 throw PropertyNotFoundException when Result.Token is missing during MFA flows

[nicofnt]

Summary

IdentityAuth / IdentityAuth7 throws PropertyNotFoundException during MFA authentication flows because the code assumes Result.Token is always present in the response.

This can become terminating when using:

• Set-StrictMode -Version Latest
• $ErrorActionPreference = 'Stop'

Steps to Reproduce

1. Import the IdentityAuth7 module
2. Run:

$upCreds = Get-Credential

$headers = Get-IdentityHeader `
    -UPCreds $upCreds `
    -PCloudURL 'https://tenant.privilegecloud.cyberark.cloud/PasswordVault'

3. Complete the first authentication step (UP - Enter Password)
4. The module throws:

PropertyNotFoundException: The property 'Token' cannot be found on this object. Verify that the property exists.

Expected Results

The module should continue processing MFA challenges without throwing exceptions when Result.Token is not yet present in intermediate responses.

Actual Results

The following exception is thrown during MFA flows:

PropertyNotFoundException: The property 'Token' cannot be found on this object. Verify that the property exists.

The issue appears to come from this check inside Invoke-Challenge:

if ($answerToResponse.PSObject.Properties['success'] -and
    $answerToResponse.success -and
    $answerToResponse.Result.Token)

Intermediate MFA responses can contain:

• Challenges
• Summary
• SessionId

without containing Result.Token.

Suggested safer check:

if (
    $answerToResponse.PSObject.Properties['success'] -and
    $answerToResponse.success -and
    $answerToResponse.Result -and
    $answerToResponse.Result.PSObject.Properties['Token']
)

Reproducible

• Always
• Sometimes
• Non-Reproducible

Version/Tag number

• IdentityAuth7 module version: 2.0.0
• PowerShell 7.x

Environment setup

• Windows Server
• PowerShell 7
• CyberArk Privilege Cloud tenant
• MFA enabled on the Identity account