Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

'Invalid Scope' Error after running Invoke-PnPTenantTemplate #1052

Open
TylerDurham opened this issue Aug 27, 2024 · 3 comments
Open

'Invalid Scope' Error after running Invoke-PnPTenantTemplate #1052

TylerDurham opened this issue Aug 27, 2024 · 3 comments

Comments

@TylerDurham
Copy link

TylerDurham commented Aug 27, 2024

We are using PnP.PowerShell to orchestrate the creation of a Teams team and a SharePoint site. Our script

  1. Creates a Team (Successfully)
  2. Uploads a SP Template (Successfully)
  3. Creates a SharePoint site from a Template (Unsuccessfully)

We then get a dialog with the following error:

"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/ openid profile offline_access is not valid. The scope format is invalid. Scope must be in a valid URI form https://example/scope or a valid Guid <guid/scope>."

We are able to revert back to PnP.PowerShell 2.4.0 and the script runs fine, but when we use PnP.PowerShell 2.5.0 or higher, we get the above error.

Is this a bug or a change how PnP.PowerShell/PnP.Framework work in later versions? Please advise. Thanks!

P.S.: We turned on PnP tracing, and see the following:

pwsh Information: 0 : 2024-08-27 14:50:37.9100 [GetContextAsync] [0] [Debug] Authentication type: AzureADInteractive for scopes https://.sharepoint.com/.default 0ms
pwsh Information: 0 : 2024-08-27 14:50:38.3196 [PnP.Framework] [0] [Debug] GetGroupInfoAsync 0ms
pwsh Information: 0 : 2024-08-27 14:50:38.3213 [PnP.Framework] [0] [Debug] GetWebUrl 0ms
pwsh Information: 0 : 2024-08-27 14:50:38.5236 [PnP.Framework] [0] [Debug] AuthenticateRequestAsync 0ms
pwsh Information: 0 : 2024-08-27 14:50:38.5300 [GetAccessTokenAsync] [0] [Debug] Authentication type: AzureADInteractive 0ms
pwsh Information: 0 : 2024-08-27 14:50:39.2017 [GetAccessTokenAsync] [0] [Debug] Authentication type: AzureADInteractive 0ms

@anthonywhite
Copy link

@TylerDurham just spotted this, looks possibly similar to my #1080 ...any luck with workarounds? Even going back to PnP.Framework 1.14 doesn't seem to fix our problem.

@nhoj01
Copy link

nhoj01 commented Nov 20, 2024

I am experiencing a similar issue when running get-PnpSiteTemplate -Out spsite.xml -PersistBrandingFiles -PersistPublishingFiles

on the steps Extracting Template from https://company.sharepoint.com/sites. [Web Settings

a new auth window opens and gives me the same error

AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com openid profile offline_access is not valid. The scope format is invalid. Scope must be in a valid URI form https://example/scope or a valid Guid <guid/scope>.

@nhoj01
Copy link

nhoj01 commented Nov 21, 2024

I was able to bypass the error by using non-interactive auth using a cert in my azure enterprise app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants