Good afternoon.
I'm working through connecting to Exchange Online using a service principal and client secret according to the documentation here:
https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#setup-app-only-authentication
In powershell, here's a snippet:
$secureAccessToken = ConvertTo-SecureString -String $accessToken -AsPlainText -Force
$AppCredential = New-Object System.Management.Automation.PSCredential($upn,$secureAccessToken)
Connect-ExchangeOnline -Credential $AppCredential #errors out, PW too long.
I'm retrieving the access token from the "https://login.microsoftonline.com/
At the Connect-ExchangeOnline command, I get the following error:
"AADSTS50052: The password entered exceeds the maximum length of '256'. Please reach out to your admin to reset the password.
Trace ID: 579891dd-c39d-4af5-81e9-f4a20b960c01
Correlation ID: 7162244d-bbca-4094-8c9c-854826de7c3b
Timestamp: 2020-07-15 21:01:08Z. "
Am I doing something wrong, or is this a bug?
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
We are facing the same issue when trying to connect. Can someone please help.
Hi @frenchap and @ananimesh, thank you for your feedback and help us to improve docs.microsoft.com.
How are you getting the OAuth access token? Are you using the Active Directory Authentication Library (ADAL) PowerShell? (step 1)
That's correct:
I'm issuing a post to this endpoint using powershell as below
https://login.microsoftonline.com/$($customerId)/oauth2/v2.0/token
Using this article as guidance
$Url = "https://login.microsoftonline.com/$($customerId)/oauth2/v2.0/token"
$headers = @{
'Content-Type' = 'application/x-www-form-urlencoded'
}
$Body = @{
client_id = $client_id
client_secret = $client_secret
scope = "https://outlook.office365.com/.default"
grant_type = "client_credentials"
}
$result = Invoke-RestMethod -Method 'Post' -Uri $Url -Body $Body -Headers $headers
Thank you so much @frenchap!
For your inquiry I need to kindly suggest opening a support ticket directly from your tenant's administration, they will be able to help you as here we are limited to documentation issues and improvements.
Support URL: https://docs.microsoft.com/microsoft-365/admin/contact-support-for-business-products.
We will be very happy if you can share the outcome or resolution with us. We will certainly update this documentation with that valuable information.
Also, if you can please try to create the OAuth access token with this module:
https://www.powershellgallery.com/packages/PSServicePrincipal/1.0.11
https://github.com/dgoldman-msft/PSServicePrincipal/blob/master/README.md
You can also leave some feedback here:
https://techcommunity.microsoft.com/t5/exchange-team-blog/modern-auth-and-unattended-scripts-in-exchange-online-powershell/ba-p/1497387
@dariomws Thank you very much for the contribution and sharing this explanation. @frenchap Hope this comment is helpful for you. Considering the nature of the issue, as advised, please open a service ticket in your tenant and follow with them for the resolution. We proceed here to close it.
We will be very happy if you can share the outcome or resolution with us if you see documentation update is required. We will certainly update this documentation with that valuable information. Thanks again, for taking out some time to open the issue. Appreciate and encourage you to do the same in future also
I'm not sure why this and its related issues have been closed without resolution. This is clearly a documentation flaw. The section on "[connecting] using an existing service principal and client-secret" should be removed until the module supports it.
Also, if you can please try to create the OAuth access token with this module:
https://www.powershellgallery.com/packages/PSServicePrincipal/1.0.11
https://github.com/dgoldman-msft/PSServicePrincipal/blob/master/README.mdYou can also leave some feedback here:
https://techcommunity.microsoft.com/t5/exchange-team-blog/modern-auth-and-unattended-scripts-in-exchange-online-powershell/ba-p/1497387
@dariomws, I don't see anywhere in the PSServicePrincipal library a function for creating the access token. Can you elaborate?
@dariomws Thank you very much for the contribution and sharing this explanation. @frenchap Hope this comment is helpful for you. Considering the nature of the issue, as advised, please open a service ticket in your tenant and follow with them for the resolution. We proceed here to close it.
We will be very happy if you can share the outcome or resolution with us if you see documentation update is required. We will certainly update this documentation with that valuable information. Thanks again, for taking out some time to open the issue. Appreciate and encourage you to do the same in future also
@yogkumgit, I don't understand why I need to open a ticket with my tenant; this is an issue with either Microsoft's public documentation for Connect-ExchangeOnline, or a bug in the module. Please advise; can I connect to Exchange Online using a service principal and client secret, or not?
Yeah I'm curious the same. Can we get official steps on how to properly get the access token and if it's properly working with the Exchange Online Management Module?
I'm trying to get official information from the PM. Please be patient, once I have some information I'll put a comment here.
Thanks!
Connect using an existing service principal and client-secret is not supported yet. I'm removing this section from the article, my apologies for any inconvenience.
Connect using an existing service principal and client-secret is not supported yet. I'm removing this section from the article, my apologies for any inconvenience.
@dariomws Thanks for the due diligence. Looking forward to that capability.
Most helpful comment
@yogkumgit, I don't understand why I need to open a ticket with my tenant; this is an issue with either Microsoft's public documentation for Connect-ExchangeOnline, or a bug in the module. Please advise; can I connect to Exchange Online using a service principal and client secret, or not?