Skip to content
This repository has been archived by the owner on Jan 19, 2021. It is now read-only.

Issue: Connect-PnP with -SPOManagementShell and -ClearTokenCache results in a 403 Forbidden error on first run #2538

Open
2 of 6 tasks
proce opened this issue Feb 26, 2020 · 4 comments
Open
2 of 6 tasks

Issue: Connect-PnP with -SPOManagementShell and -ClearTokenCache results in a 403 Forbidden error on first run #2538

proce opened this issue Feb 26, 2020 · 4 comments
Labels
Needs: Triage 🔍

Comments

@proce
Copy link

proce commented Feb 26, 2020

Issue

Whenever the following is run in a new PowerShell window, it results in two login windows being show with the following error being returned after the first has login window has been submitted

Get-PnPSite : The remote server returned an error: (403) Forbidden.

Connect-PnPOnline -Url {url} -SPOManagementShell -ClearTokenCache
Get-PnPSite

The issue appears to be due to Connect-PnPOnline not waiting until the credentials have been entered and instead continues on to the Get-PnPSite command.

If we rerun the same commands in the same PowerShell window only one login window is shown and the Get-PnPSite command returns the expected result.

We have tested this across multiple machines with multiple version of PnPPowerShellOnline and the behaviour is the same

We have also tried manually removing the tokencache.dat file. This still results in the same behavior as above:

$appDataFolder = [Environment]::GetFolderPath('ApplicationData')
$configFile = [IO.Path]::Combine($appDataFolder, 'SharePointPnP.PowerShell\tokencache.dat')
Remove-Item –path $configFile -Force


Connect-PnPOnline -Url {url} -SPOManagementShell
Get-PnPSite

-SPOManagementShell: We are using this as legacy authentication has been turned off on our tenants
-ClearTokenCache: We are using this as we swap between multiple tenants for testing and we found that without this were getting 401 errors as the cached credentials were for other tenants we were previously connected too.

Expected behavior

Returns the PnPSite Object.

Actual behavior

Get-PnPSite : The remote server returned an error: (403) Forbidden.

Steps to reproduce behavior

Run the following:

Connect-PnPOnline -Url {url} -SPOManagementShell -ClearTokenCache
Get-PnPSite

Which version of the PnP-PowerShell Cmdlets are you using?

  • PnP PowerShell for SharePoint 2013
  • PnP PowerShell for SharePoint 2016
  • PnP PowerShell for SharePoint Online

What is the version of the Cmdlet module you are running?

SharePointPnPPowerShellOnline - 3.17.2001.2

How did you install the PnP-PowerShell Cmdlets?

  • MSI Installed downloaded from GitHub
  • Installed through the PowerShell Gallery with Install-Module
  • Other means
@ghost
Copy link

ghost commented Feb 26, 2020

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

@ghost ghost added the Needs: Triage 🔍 label Feb 26, 2020
@MMD84
Copy link

MMD84 commented Mar 11, 2020
edited
Loading

Exact;y the same issue here, worked well before. The command Connect-PnPOnline is not waiting until the credentials have been entered and instead continues on to the next command.
Rerun the command results in the expected behaviour, then it will wait untill the next command.

We are using -SPOManagementShell cause MFA is enabled and we need to iterate (and connect) all group#0 sites.

@proce
Copy link
Author

proce commented Mar 12, 2020

@MartijnMolegraaf
As a work around we have added the following after Connect-PnPOnline:
[void](Read-Host 'Press Enter to continue')

@MMD84
Copy link

MMD84 commented Mar 13, 2020

thx @proce , good one! Works fine as a work around (for now).

@ashleygagregory ashleygagregory mentioned this issue Jun 30, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Needs: Triage 🔍
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@proce @MMD84