Merge pull request #2437 from gautamdsheth/bugfix/1180

Fix #1180 - issue with PnP Management shell access in non-commercial clouds
pnp · Oct 10, 2022 · e70bce5 · e70bce5
2 parents 0cfe193 + 8855e05
commit e70bce5
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -74,7 +74,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Fixed `Set-PnPTenant` cmdlet not working when `-Force` parameter is specified. [#2373](https://github.com/pnp/powershell/pull/2373)
 - Fixed `Add-PnPTeamsTab` cmdlet not working with certain types when using dynamic parameters. [#2405](https://github.com/pnp/powershell/pull/2405)
 - Fixed `Get-PnPVivaConnectionsDashboardACE` missing the `isVisible` property under `CardButtonActions` causing using `Update-PnPVivaConnectionsDashboardACE` to hide card buttons [#2433](https://github.com/pnp/powershell/pull/2433
-- Fixed issue with `Set-PnPTeamsChannel -IsFavoriteByDefault` throwing a `Nullable object must have a value` under certain circumstances [#2425](https://github.com/pnp/powershell/pull/2425)
+- Fixed issue with `Set-PnPTeamsChannel -IsFavoriteByDefault` throwing a `Nullable object must have a value` under certain circumstances [#2425](https://github.com/pnp/powershell/pull/2425]
+- Fixed `Register-PnPManagementShellAccess` for non-commercial cloud environment. Users must enter the tenant name if the environment is a non-commercial cloud environment. [#2437](https://github.com/pnp/powershell/pull/2437)
 - Fixed issue with writing warning or error messages in Azure automation or screens with small width. [#2438](https://github.com/pnp/powershell/pull/2438)
 
 ### Contributors

diff --git a/src/Commands/AzureAD/RegisterManagementShellAccess.cs b/src/Commands/AzureAD/RegisterManagementShellAccess.cs
@@ -31,20 +31,25 @@ public class RegisterManagementShellAccess : PSCmdlet
         public SwitchParameter ShowConsentUrl;
 
         [Parameter(Mandatory = false, ParameterSetName = ParameterSet_SHOWURL)]
+        [Parameter(Mandatory = false, ParameterSetName = ParameterSet_REGISTER)]
         public string TenantName;
 
         protected override void ProcessRecord()
         {
             source = new CancellationTokenSource();
             var messageWriter = new CmdletMessageWriter(this);
-            CancellationToken cancellationToken = source.Token;
 
             var endPoint = string.Empty;
             using (var authManager = new AuthenticationManager())
             {
                 endPoint = authManager.GetAzureADLoginEndPoint(AzureEnvironment);
             }
 
+            if (AzureEnvironment != AzureEnvironment.Production && string.IsNullOrEmpty(TenantName))
+            {
+                WriteWarning("Please specify the Tenant name for non-commercial clouds, otherwise this operation will fail.");
+            }
+
             Task.Factory.StartNew(() =>
             {
                 if (ParameterSetName == ParameterSet_REGISTER)
@@ -55,11 +60,11 @@ protected override void ProcessRecord()
                      },
                     successMessageHtml: $"You successfully consented the PnP Management Shell Application for use by PnP PowerShell. Feel free to close this window.",
                     failureMessageHtml: $"You did not consent for the PnP Management Shell Application for use by PnP PowerShell. Feel free to close this browser window.",
-                    azureEnvironment: AzureEnvironment))
+                    azureEnvironment: AzureEnvironment, tenantId: TenantName))
                     {
                         try
                         {
-                            authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, cancellationToken, Microsoft.Identity.Client.Prompt.Consent).GetAwaiter().GetResult();
+                            authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, source.Token, Microsoft.Identity.Client.Prompt.Consent).GetAwaiter().GetResult();
                         }
                         catch (Microsoft.Identity.Client.MsalException)
                         {
@@ -71,7 +76,7 @@ protected override void ProcessRecord()
                 {
                     if (!string.IsNullOrEmpty(TenantName))
                     {
-                        messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\nhttps://login.microsoftonline.com/{TenantName}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}");
+                        messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\n{endPoint}/{TenantName}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}");
                     }
                     else
                     {
@@ -87,7 +92,7 @@ protected override void ProcessRecord()
                             var accessToken = string.Empty;
                             try
                             {
-                                accessToken = authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, cancellationToken).GetAwaiter().GetResult();
+                                accessToken = authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, source.Token).GetAwaiter().GetResult();
                             }
                             catch (Microsoft.Identity.Client.MsalException)
                             {
@@ -123,7 +128,7 @@ protected override void ProcessRecord()
                                     }
                                 }
                             }
-                            messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\nhttps://login.microsoftonline.com/{tenantId}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}");
+                            messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\n{endPoint}/{tenantId}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}");
                             if (tenantId == "{M365-Tenant-Id}")
                             {
                                 messageWriter.WriteMessage($"To get M365-Tenant-Id value, use the Get-PnPTenantId cmdlet:\nhttps://pnp.github.io/powershell/cmdlets/Get-PnPTenantId.html");
@@ -132,7 +137,7 @@ protected override void ProcessRecord()
                     }
                 }
                 messageWriter.Finished = true;
-            }, cancellationToken);
+            }, source.Token);
             messageWriter.Start();
         }
 
@@ -146,4 +151,4 @@ private string GetGraphEndPoint()
             return PnP.Framework.AuthenticationManager.GetGraphEndPoint(AzureEnvironment);
         }
     }
-}
+}