New-PartnerAccessToken : Parameter set cannot be resolved using the specified named parameters.

[cblackuk]

Steps to reproduce

   $AccessToken = New-PartnerAccessToken -Credential $Credentials -Resource $Resource -TenantId $TenantId -RefreshToken $SPNRefreshToken

Expected behavior

Should return AccessToken

Actual behavior

New-PartnerAccessToken : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:24
+ ... cessToken = New-PartnerAccessToken -Credential $Credentials -Resource ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [New-PartnerAccessToken], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.Store.PartnerCenter.PowerShell.Commands.NewPartnerAccessToken

PS C:\Users\testuser> Get-Module PartnerCenter

ModuleType Version    Name                                ExportedCommands                                                                           
---------- -------    ----                                ----------------                                                                           
Script     2.0.1909.1 PartnerCenter                       {Add-PartnerCustomerCartLineItem, Add-PartnerCustomerUserRoleMember, Connect-PartnerCent...

[cblackuk]

Basically, the New-PartnerAccessToken command no longer issues AccessToken like it used to as the function has been totally re-written.

How can we replicate this behaviour in the new function?

New -> https://github.com/microsoft/Partner-Center-PowerShell/blob/master/src/PowerShell/Commands/NewPartnerAccessToken.cs

Old -> https://github.com/microsoft/Partner-Center-PowerShell/blob/1984dbf7edd25204c2ecdeca160f1d72bc731ac0/src/PowerShell/Commands/NewPartnerAccessToken.cs

[cblackuk]

 New-PartnerAccessToken -ApplicationId 'xxx-xxx-xxx-xxx' -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -UseAuthorizationCode -Credential $Credentials -ServicePrincipal
cmdlet New-PartnerAccessToken at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Tenant: xxxx.onmicrosoft.com
WARNING: Attempting to launch a browser for authorization code login.
WARNING: We have launched a browser for you to login. For the old experience with device code flow, please run 'Connect-PartnerCenter -UseDeviceAuthen
tication'.
New-PartnerAccessToken : AADSTS7000215: Invalid client secret is provided.
Trace ID: d6dce574-aaf9-4304-9087-263ebe481800
Correlation ID: 7f4f285b-5e52-4031-bdca-db5ca81e5eb6
Timestamp: 2019-09-13 15:55:18Z
At line:1 char:10
+          New-PartnerAccessToken -ApplicationId 'xxxxx-xxxx-xxx-xx...
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-PartnerAccessToken], MsalServiceException
    + FullyQualifiedErrorId : Microsoft.Identity.Client.MsalServiceException,Microsoft.Store.PartnerCenter.PowerShell.Commands.NewPartnerAccessToken

Does not seem to work either... no matter what.

This works:

New-PartnerAccessToken -ApplicationId 'xxxx-xxx-xxx-xxx-xxxx'  -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -UseAuthorizationCode

But only gives you AccessToken, no RefreshToken

Help?

[cblackuk]

      $AccessTokenTestAccess = New-PartnerAccessToken -ApplicationId 'xxx-xxx-xxx-xxx-xxxxx'  -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -UseAuthorizationCode

         New-PartnerAccessToken -AccessToken $AccessTokenTestAccess.AccessToken  -ApplicationId 'xxx-xxx-xx-xxx-xxxx' -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' 

Results in:

New-PartnerAccessToken : Object reference not set to an instance of an object.
At line:1 char:10
+          New-PartnerAccessToken -AccessToken $AccessTokenTestAccess.A ...
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-PartnerAccessToken], NullReferenceException
    + FullyQualifiedErrorId : System.NullReferenceException,Microsoft.Store.PartnerCenter.PowerShell.Commands.NewPartnerAccessToken
 

However,

 $AccessTokenTestAccess 


RefreshToken            : 
AccessToken             : eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCIsImtpZCI6ImllX3FXQ1hoWHh0MxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxhTDZrREdXUjRvTm12VFdvVFlISHpIZnVtNlJ2ZGlubVpnUGVzPSIsImFtciI6WyJwd2QiLCJtZmEiXSwiYXBwaWQiOiIwNGIwZGFjciI60ZW5hbnRfcmVnaW9uX3Njb3BlIjoiRVUiLCJ0aWQiOiI5ZmVhNDYwNi0
                          3YzA
IsExtendedLifeTimeToken : False
UniqueId                : xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
ExpiresOn               : 9/13/2019 5:06:42 PM +00:00
ExtendedExpiresOn       : 9/13/2019 5:06:42 PM +00:00
TenantId                : xx-x-xx-xx-xx
Account                 : Account username: xxxx@xxxx.onmicrosoft.com environment login.windows.net home account id: AccountId: 
                          xxxxx-xxxx-xxxx-xxxx-xxxxx.xxxx-xxx-xxx-xxx-xxxxxxxxxxxxxxx
IdToken                 : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                          1_5vzmf54ceG4sYsw
Scopes                  : {https://api.partnercenter.microsoft.com/user_impersonation}
User                    : 

[slavizh]

I am getting the same experience. I really hoped this would be smoother experience to upgrade. Also it is not clear how do we generate new refresh tokens with this command. We need to generate new refresh token every day otherwise the refresh token expires after certain period and we do not want to run manual actions where we have to generate the refresh token by entering the user credentials in a browser.

[cblackuk]

Glad I am not alone... this "transition" so far has been hell...

[slavizh]

And it is not the first transition as we had many breaking changes. Feels like we are in some constant preview.
Now I am getting this error:

New-PartnerAccessToken : AADSTS700007: The grant was issued for a different client id.

Not sure how I reached to that state. It is generated even in a new powershell session. Also -Debug does not produce anything so why we have that at all.

[cblackuk]

Exactly the same issue as above mate.

[slavizh]

At least the old cmdlets work but unfortunately the reason why we need to move to the new version is the new customer agreement which we need to start onboarding our customers as it is process that takes time. I am seriously thinking of writing my own cmdlet for these things now.

[slavizh]

On top of that if I try to generate access token by providing the user credentials in a browser I get:

New-PartnerAccessToken : AADSTS7000215: Invalid client secret is provided.

Is there something that works at all I wonder.

[cblackuk]

I have the exact same issues so I think it is just plain broken as the creds are fine :-)

[slavizh]

When this change was communicated we understood that only the parameters will change but the wokflow will not change. We should be able to just use our existing refresh tokens and just modify the commands parameters

[cblackuk]

Exactly... but instead in typical fashion, everything is broken and documentation does not reflect the actual state of affairs... Please fix it guys...

[slavizh]

It is also interesting that the Get-PartnerAgreementDetail command does not return new customer agreement. It only returns old cloud agreement. I do not see any other cmdlet that can do that.

[chwilfing]

me too - everything seems broken and the documentation seems to be just wrong.

is there currently any way to successfully authenticate?

Additionally - I use a RefreshToken from a KeyVault to get the accesstoken (which did work with PartnerCenter.NetCore 1.5.xx) but if i try to load any AZ Module AFTER the PartnerCenter module i get an

Import-Module : Assembly with same name is already loaded
At line:1 char:1
+ Import-Module az.accounts
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Import-Module], FileLoadException
+ FullyQualifiedErrorId : FormatXmlUpdateException,Microsoft.PowerShell.Commands.ImportModuleCommand

The other way around, loading az module before partnercenter, loading the partnercenter module throws the error above.

current environment:

PS C:\Users\cw> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      6.2.2
PSEdition                      Core
GitCommitId                    6.2.2
OS                             Microsoft Windows 10.0.18362
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

PartnerCenter Module 2.0.1909.1
Az Modules: 2.4.0

it would be really great if we could get a proper powershell support!

[ghost]

Both of the problems mentioned in this issue have been resolved with version 2.0.1909.2. Let us know if you have any issues after updating.

[cblackuk]

@IsaiahWilliams Thanks for looking into it so quickly. Will re-test first thing on Monday. Really appreciate the help here.

[slavizh]

@IsaiahWilliams Ok I am manage now to issue access token and connect. When I issue access token I do not get refresh token though. How to issue refresh token as we need to renew that daily? Additionally customer agreement is still missing. Should I open separate issue for that?

Thanks for resolving the issues during non-working hours.

[slavizh]

Example:

PS C:\Users\stas> Get-PartnerAgreementDetail

AgreementLink                                              AgreementType           TemplateId                           VersionRank
-------------                                              -------------           ----------                           -----------
https://docs.microsoft.com/en-us/partner-center/agreements MicrosoftCloudAgreement 998b88de-aa99-4388-a42c-1b3517d49490           0

This is in Sandbox which in the UI for sure you can accept customer agreement.

[slavizh]

Also this:

PS C:\Users\stas> Get-PartnerAgreementTemplate
Get-PartnerAgreementTemplate : The term 'Get-PartnerAgreementTemplate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of
 the name, or if a path was included, verify that the path is correct and try again.                                                                                                At line:1 char:1                                                                                                                                                                    + Get-PartnerAgreementTemplate                                                                                                                                                      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                                                                                                          + CategoryInfo          : ObjectNotFound: (Get-PartnerAgreementTemplate:String) [], CommandNotFoundException                                                                        + FullyQualifiedErrorId : CommandNotFoundException                                                                                                                                                                                                          

[chwilfing]

Hi @slavizh
i'm not quit sure how you connected, my try with the example 3 from the documentation does give me a token containing a refreshtoken but - throws an error at the connect phase:

PS C:\Users\cw\LOCAL\Source\AzureSamples\Spielwiese\CSP> Connect-PartnerCenter -AccessToken $token.AccessToken -Tenant $TenantID -ApplicationId $appId
Connect-PartnerCenter : Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.
At line:1 char:1
+ Connect-PartnerCenter -AccessToken $token.AccessToken -Tenant $Tenant ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (:) [Connect-PartnerCenter], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.Store.PartnerCenter.PowerShell.Commands.ConnectPartnerCenter

@IsaiahWilliams many thanks for responding and fixing issues (especially out of business ours!). my first issue with loading az + partnercenter is fully fixed. hopefully you could give us the last push into the right direction understanding the authentication.

[slavizh]

Here is my auth command as it was in the example:

$p=New-PartnerAccessToken -ApplicationId "<app id>" -Credential (Get-Credential) -RefreshToken $token -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -ServicePrincipal -Tenant <tenant id>  

My $p.RefreshToken is empty. I want to get from one refresh token a new one.

On the customer agreement issue seems Get-PartnerCustomerAgreement -CustomerId
does not returns all agreements but if you do:
Get-PartnerCustomerAgreement -CustomerId -AgreementType MicrosoftCustomerAgreement

You can get it. Seems now we just have to know the value without having to get available agreement templates first.

[chwilfing]

For me this command creates a $p token containing a refresh token.

PS C:\Users\cw\LOCAL\Source\AzureSamples\Spielwiese\CSP> $p

RefreshToken            : OAQABAAAAAAAP0wLlqdLVToOpA4kXXXXXX <Shortened>
AccessToken             : eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiI<Shortened>
IsExtendedLifeTimeToken : False
UniqueId                : 2cbd5944-19d8-46e6-a610-e4c5f8a60bad
ExpiresOn               : 15/09/2019 08:09:24 +00:00
ExtendedExpiresOn       : 15/09/2019 08:09:24 +00:00
TenantId                : XXXXXXX-9b28-4520-xxxx-XXXXXXXXXX
Account                 : Account username: service.csp@XXXXXX.onmicrosoft.com environment login.windows.net home account id: AccountId: XXXXX
IdToken                 : eyJ0eXAiOiJK<Shortened>
Scopes                  : {https://api.partnercenter.microsoft.com/user_impersonation}
User                    : 

Maybe the difference is content of the current refresh token? we're using an MFA Enabled service account to create the initial refresh token due to secure application model.

With that authenatication the Get-PartnerCustomreAgreement does work for me:

PS C:\Users\cw\LOCAL\Source\AzureSamples\Spielwiese\CSP> Get-PartnerCustomerAgreement -CustomerId $Customer.CustomerId

AgreementLink  : https://docs.microsoft.com/en-us/partner-center/agreements
DateAgreed     : 20/09/2018 00:00:00
PrimaryContact : Microsoft.Store.PartnerCenter.Models.Agreements.Contact
TemplateId     : 998b88de-aa99-4388-a42c-1b3517d49490
Type           : MicrosoftCloudAgreement
UserId         : 

[chwilfing]

OK, a little bit too early.. authenticating through this way does not allow for example to get offers..

PS C:\Users\cw\LOCAL\Source\AzureSamples\Spielwiese\CSP> $OfferList = Get-PartnerOffer
Get-PartnerOffer : countryCode is not set
At line:1 char:14
+ $OfferList = Get-PartnerOffer
+              ~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Get-PartnerOffer], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.Store.PartnerCenter.PowerShell.Commands.GetPartnerOffer

It does however get customers or invoices... Do I miss anything here?

[slavizh]

Get-PartnerOffer is working fine. You need to specify country code. The error message is clear.

Besides cloud agreement there is now customer agreement. Customer agreement will replace the cloud agreement but both will leave side by side for some time. With the above command you only get cloud agreement only, if you want to get customer agreement you have to specify it explicitly as in the example I gave.

I am using the refresh token acquired with 1.5 commands so everything is according to the guidance. New command still needs to issue tokens even if the previous token was acquired with version 1.5 commands.

[chwilfing]

Yes you're right, the error states the problem. i was only in the impression this should work as before. (in my case it did work before with 1.5 but now need to specify the country code explicitly)

[ghost]

@slavizh with respect to the Microsoft Customer Agreement you will need to use the new AgreementType parameter for that command. You can find more information about that agreement here. The module does not return that value by default because we are mirroring the behavior of the API. Finally, the Get-PartnerAgreementTemplate command was replaced with the Get-PartnerAgreementDocument ahead of the official 2.0 release. This change was made to more closely match what the SDK.

I apologize for the confusion here, there were several little last minute changes to ensure everything lined up between the module and the SDK.

[ghost]

@slavizh I have not been able to reproduce the issue you are encountering with the missing refresh token. The following is what I am running

$token = New-PartnerAccessToken -ApplicationId 'xxxx-xxxx-xxxx-xxxx' -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -ServicePrincipal -Credential $credential -Tenant  'yyyy-yyyy-yyyy-yyyy'  -UseAuthorizationCode

New-PartnerAccessToken -ApplicationId 'xxxx-xxxx-xxxx-xxxx' -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -ServicePrincipal -Credential $credential -Tenant 'yyyy-yyyy-yyyy-yyyy' -RefreshToken $token.RefreshToken

If you are still having issues with this, please open a new issue so we can track everything.

[ghost]

@chwilfing one of the things that Connect-PartnerCenter does is attempt to configure a country property based on the reseller profile. If the command is not able to get the profile it will leave that value blank, which I believe is the root cause for your issue with the Get-PartnerOffers command. I will look into that, but if this is an issue for you please open a new issue so we can track everything.

[slavizh]

@IsaiahWilliams new issue is created:
#156

May be you are testing with refresh token that was generated with 2.0 commands. I do not know why it cannot be reproduce but I can reproduce it every time. I haven't tried re-issuing new refresh token with the new cmdlet version but the new version shouldn't require this effort.

[wasife]

Hi,
I am using the below command to get the refresh token but it fails with the given error message. We are trying to change our app with the updated security model but still facing lots of issues. Any help would be highly appreciated.

$token = New-PartnerAccessToken -Consent -Credential $mycreds -Resource https://api.partnercenter.microsoft.com -TenantId $tenant_id
$refreshToken = $token.RefreshToken

Below is in the Return URI of my app:
urn:ietf:wg:oauth:2.0:oob

My PartnerCenter module is 2.0.1909.2

Any help would be highly appreciated since we are stuck in this for last couple days.