Cli-microsoft365: Bug report: o365 login using a certficate not working and how to pass the TenantId and AppClientid?
Trying to connect the o365 using a certificate.
https://pnp.github.io/office365-cli/user-guide/connecting-office-365/#log-in-using-a-certificate
Followed the below steps:
a) Create a self signed certificate and Personal Information Exchange (.pfx) file
b) Created an Azure AD App, Uploaded the same certficate(.cer file)
C) Granted the "SharePoint API permission"
d) Created the two variables OFFICE365CLI_AADAPPID and OFFICE365CLI_TENANT variables
I have verified the certificate key is available in the Azure AD app.
When executing the below command, got the below error. How to pass the tenantid and the clientid to this command?
AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: '', Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and
query for 'https://graph.microsoft.com/beta/applications/' to see configured keys]
o365 login --authType certificate --certificateFile ".\protected.pfx" --thumbprint ""
Expected result
O365 login should work with a certificate as per documentation.
Actual result
AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: '', Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and
query for 'https://graph.microsoft.com/beta/applications/' to see configured keys]
Environment
o365 version: 2.9.0
ashokswain27
All 11 comments
Is your certificated password-protected? If so, are you also specifying the password using the --password option?
waldekmastykarz
on 28 Apr 2020
@ashokswain27 , have you specified the thumbprint. By looking at the issue description it seems like you are passing an empty thumbprint which will fail the login.
You can find your thumbprint in the Azure AD app going on certificates and secrets
VelinGeorgiev
on 28 Apr 2020
Yes, I have specified the thumbprint. Certificate is password-protected.
ashokswain27
on 3 May 2020
How do I pass the OFFICE365CLI_AADAPPID and OFFICE365CLI_TENANT variables into the command?
I am assuming the PowerShell command is ot reading the local variables while executing the below command
o365 login --authType certificate --certificateFile ".\protected.pfx" --thumbprint ""
ashokswain27
on 3 May 2020
These are environment variables that should be set on your machine and which will then be picked up by the CLI.
waldekmastykarz
on 3 May 2020
@ashokswain27 are you also specifying the certificate password?
waldekmastykarz
on 3 May 2020
Got it working now by specifying environment variables on my local dev machine. Is there any generic way to pass these variable explicitly in CI/CD pipeline in yml ? Otherwise, I have to set it up in the Azure VM under which the CI/CD pipeline is running.
ashokswain27
on 4 May 2020
If you execute CLI in bash you can do it like ENV1=value1 ENV2=value2 o365 command. Not sure if you can inline it the same way in PowerShell.
waldekmastykarz
on 4 May 2020
Awesome! in bash command : it is working fine. Thank you!
ashokswain27
on 4 May 2020
Thank you @ashokswain27 ! Please let us know if you have any questions.
Great collaboration on this one. Thank you @waldekmastykarz !
VelinGeorgiev
on 4 May 2020
No, I am good. Closing the issue!
ashokswain27
on 4 May 2020
Related issues
aakashbhardwaj619
路
3Comments
joshua-probst
路
3Comments
VelinGeorgiev
路
3Comments
StfBauer
路
3Comments
andrewconnell
路
3Comments
Most helpful comment
No, I am good. Closing the issue!