Microsoft.Graph.Application version 2.0.0 AccessToken

[Ericvf]

Describe the bug
Since version 2.0.0 of the Microsoft.Graph.Application powershell module we are not able to connect using an accesstoken.

To Reproduce

  Write-Host "##[debug] Installing module Microsoft.Graph.Applications"
  Install-Module -Name Microsoft.Graph.Applications -RequiredVersion 2.0.0 -Scope CurrentUser -Force 

  Write-Host "##[debug] Installing module MSAL.PS"
  Install-Module -Name MSAL.PS -Scope CurrentUser -Force
  
  Write-Host "##[debug] Get Msal Token"
  $MsalToken = Get-MsalToken -TenantId $($env:tenantId) -ClientId $($env:servicePrincipalId) -ClientSecret ($($env:servicePrincipalKey) | ConvertTo-SecureString -AsPlainText -Force)

  Write-Host "##[debug] Connecting to Microsoft Graph"
  Connect-MgGraph -AccessToken "$($MsalToken.AccessToken)"

Expected behavior
After runing this powershell script we expect to connect to Microsoft Graph. Instead we get an error saying:
Cannot bind parameter 'AccessToken'. Cannot convert the "****************" value of type "System.String" to type "System.Security.SecureString"

Module Version
2.0.0

Additional context
When we downgrade the module to version 1.28 it works again

[herromega]

fyi, 2.0.0 version also affects/breaks automation (app auth) via Get-WindowsAutoPilotInfo.
Modify of the script to require 1.28.0 makes it work again.

[Ericvf]

https://devblogs.microsoft.com/microsoft365dev/microsoft-graph-powershell-v2-is-now-in-public-preview-half-the-size-and-will-speed-up-your-automations/

We found out there is a new way to connect without using an AccessToken directly. This is the adapted script:

      Write-Host "##[debug] Installing module Microsoft.Graph.Applications"
      Install-Module -Name Microsoft.Graph.Applications -Scope CurrentUser -Force 

      Write-Host "##[debug] Connecting to Microsoft Graph"
      $clientSecret = ConvertTo-SecureString -String $($env:servicePrincipalKey) -AsPlainText -Force
      $ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $($env:servicePrincipalId), $clientSecret
      Connect-MgGraph -TenantId $($env:tenantId) -ClientSecretCredential $ClientSecretCredential

[yllekz]

What is the actual fix for the error in the issue? A workaround isn't sufficient. The cmdlet still supports tokens and changed the type to securestring, so why does it still error out?

Edit: I got it working, you need to wrap the value of -AccessToken like so: ($MyToken | ConvertTo-SecureString -AsPlainText -Force)

[Ericvf]

I'd advice to use the ClientSecretCredential as suggested

[fajterini]

What is the actual fix for the error in the issue? A workaround isn't sufficient. The cmdlet still supports tokens and changed the type to securestring, so why does it still error out?

Edit: I got it working, you need to wrap the value of -AccessToken like so: ($MyToken | ConnectTo-SecureString -AsPlainText -Force)

Thanks, converting Access token to secure string solved my issue. :)
But please fix your typo ConnectTo-SecureString ->> ($MyToken | ConvertTo-SecureString -AsPlainText )

• Also -Force parameter is default with powershel 7 so it's not needed.

[yllekz]

Thanks. Typo fixed. -Force is needed for 5.1 however, which is what my implementation uses.