Non-interactive authentication does not work when used from a PowerShell script #113
Description
The following script fails:
Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Users.User
Connect-Graph -TenantId [REDACTED] -ClientId [REDACTED] -CertificateName [REDACTED] -CertificateThumbprint [REDACTED]
Get-MgUserConnect-Graph succeeds, but Get-MgUser reports the following error: Authentication needed, call Connect-Graph.
Exactly the same commands executed interactively on a PowerShell console run successfully, so this does not look like a configuration/environment issue. In order to repro:
- Save this code into a test.ps1 file.
- IMPORTANT: In a brand new PowerShell session, invoke test.ps1 like this:
.\test.ps1or this:& .\test.ps1. (If you run theConnect-GraphandGet-MgUsercommands by invoking these commands one by one in a PowerShell console, or dot-sourcing the same script (. .\test.ps1), these commands succeed and the issue does not repro.)
As a workaround, inserting the following line immediately after Connect-Graph invocation fixes the problem:
$global:GraphAuthConfigId = $GraphAuthConfigIdWhile debugging this, we noticed that Get-MgUser cannot find the GraphAuthConfigId variable, even though it is definitely initialized by Connect-Graph. We can even print it out from the script scope, and the content looks correct. I suspect the variable is created in a way that makes it invisible in the Get-MgUser function scope, and this is why copying it into the global scope helps. Perhaps this should be fixed in the code that creates the variable.