Cli-microsoft365: Enhancement: Handle forbidden response when performing authentication

@stijnbrouwers how can I repro it? Even if I create an AAD with nothing but the User.Read permission, I can still successfully call MS Graph and retrieve root site URL.

Hi Waldek, tbh I haven't tried reproducing it yet.
I based this ticket on the findings in the related ticket #1088 .
I'll try reproducing it one of these days.
I'll keep you posted

Cool! Thank you. It would be very helpful to have repro steps for this 👍

@waldekmastykarz
I did a quick check and was able to reproduce.
However, you don't need look to long into it, you can just assign the ticket to me if you'd like (?)...

Here are the steps to reproduce:

• Create a new app registration
• Keep the permissions restricted to 'User.Read'
  
• Generate a self signed certificate
  See: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
• Edit the manifest file
  See: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
• Open a new terminal window
• Run the following commands to login with certificate
  > export OFFICE365CLI_AADAPPID="xxx"
> export OFFICE365CLI_TENANT="xxx"
> o365
o365> login --authType certificate -c /mnt/c/temp/BrouwersStijn.pfx --thumbprint xxx --password 'xxx'
• Try a command that does the call to retrieve the site url like in ticket #1088
  
• And with the --debug option we can see the forbidden http status that's being returned
  

Awesome! I appreciate your help with digging into this and helping out with working on a fix. All yours. Thank you!

@waldekmastykarz
No problem, happy to help!