Home > front end >  Get-MsalToken Error : Parameter set cannot be resolved using the specified named parameters
Get-MsalToken Error : Parameter set cannot be resolved using the specified named parameters

Time:01-18

I'm getting the error below when executing this script attempting to generate a TAP in Azure AD:

$tenantId = "**********"
$clientID = "**********"
$ClientSecret = ConvertTo-SecureString "**********" -AsPlainText -Force
$Scope = "https://**************"
$redirectUri = "https://***************"
$TokenResponse = Get-MsalToken -ClientId $clientID -clientsecret $clientsecret -TenantId $tenantId -Interactive -RedirectUri $redirectUri -Scopes $Scope

It errors as follows: Get-MsalToken : Parameter set cannot be resolved using the specified named parameters. At line:1 char:18 $TokenResponse = get-msaltoken @connectiondetails ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CategoryInfo : InvalidArgument: (:) [Get-MsalToken], ParameterBindingException FullyQualifiedErrorId : AmbiguousParameterSet,Get-MsalToken

I cannot figure out what is wrong. Any input to assist will be greatly appreciated!

I attempted running the script without the -clientsecret paramater and I get this error:

Get-MsalToken : A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 478c441b-12e4-4968-a485-066872501300 Correlation ID: 55cf72cb-7c3c-4f4e-a26c-cfe746bb5985 Timestamp: 2023-01-15 22:04:27Z At line:1 char:18

  • ... nResponse = Get-MsalToken -ClientId $clientID -TenantId $tenantId -I ...
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : AuthenticationError: (Microsoft.Ident...arameterBuilder:AcquireTokenInteractiveParameterBuilder) [Write-Error], MsalServiceException
    • FullyQualifiedErrorId : GetMsalTokenFailureAuthenticationError,Get-MsalToken

CodePudding user response:

I tried to reproduce the same in my environment and got the same error as below:

enter image description here

When I ran the script without Client-Secret, I got the below error:

enter image description here

I agree with mklement0, -Interactive with -ClientSecret is not feasible to use in one script while generating the token via Get-MsalToken.

I excluded -Interactive from the script and access token generated successfully like below:

$tenantId = "TenantID"
$clientID = "ClientID"
$ClientSecret = ConvertTo-SecureString "ClientSecret" -AsPlainText -Force
$Scope = "Scope"
$redirectUri = "RedirectURI"
$TokenResponse = Get-MsalToken -ClientId $clientID -clientsecret $clientsecret -TenantId $tenantId -RedirectUri $redirectUri -Scopes $Scope

enter image description here

For more in detail, please refer below links:

PowerShell Gallery | Get-MsalToken.ps1

Microsoft Graph Access Token Acquisition with PowerShell by Nicola Suter

Page link:https//www.codepudding.com/frontend/675560.html

Prev:Exporting multi-valued attributes to new lines on a CSV
Next:How to make the loop continue even after a part of it breaks in python
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding