I wanted to address a missing piece of information that might help anyone encountering a similar issue 😊 First off, I want to express my gratitude for your post as it led me to discover what I believe is the most effective method for connecting pipelines to the Microsoft 365 ecosystem. I realize I should've expressed my gratitude in my previous comment rather than in the GitHub issue (but it was really late in day 💤).
In my case, I utilized the Sites.FullControl.All permissions for both Graph and SharePoint APIs, along with AppCatalog.ReadWrite.All for testing purposes (global app catalog). And Get-PnPWeb functions smoothly with your approach and my configuration. However, I consistently encountered a "(401) Unauthorized" error as soon as the code reached the Add-PnPApp section (the only different line from your example). Interestingly, a previous app registration with identical permissions (but using a pfx+password) was functioning correctly. This led me to suspect that the issue lies with the access token generated from WIF versus certificate authentication or that some Microsoft endpoints does not support this kind of auth (very feasible for me - and could be different across tenants), though I'm not entirely certain.
A friend of mine once told me that things we write sound "harder" compared to if we said them, and I think she is right. I really hope you didn't feel scolded by my answer. Was not my intention.
It bothers me a lot that the deployment doesn't work for you. I just updated my script to deploy an app to the tenant-level app catalog and documented each step: Deploy SPFx app using pipeline's Workload Identity federation. And.. it works 🤷♀️One think that comes to my mind is that maybe you have to wait? (see the last section of the post referenced).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I wanted to address a missing piece of information that might help anyone encountering a similar issue 😊 First off, I want to express my gratitude for your post as it led me to discover what I believe is the most effective method for connecting pipelines to the Microsoft 365 ecosystem. I realize I should've expressed my gratitude in my previous comment rather than in the GitHub issue (but it was really late in day 💤).
In my case, I utilized the Sites.FullControl.All permissions for both Graph and SharePoint APIs, along with AppCatalog.ReadWrite.All for testing purposes (global app catalog). And Get-PnPWeb functions smoothly with your approach and my configuration. However, I consistently encountered a "(401) Unauthorized" error as soon as the code reached the Add-PnPApp section (the only different line from your example). Interestingly, a previous app registration with identical permissions (but using a pfx+password) was functioning correctly. This led me to suspect that the issue lies with the access token generated from WIF versus certificate authentication or that some Microsoft endpoints does not support this kind of auth (very feasible for me - and could be different across tenants), though I'm not entirely certain.
A friend of mine once told me that things we write sound "harder" compared to if we said them, and I think she is right. I really hope you didn't feel scolded by my answer. Was not my intention.
It bothers me a lot that the deployment doesn't work for you. I just updated my script to deploy an app to the tenant-level app catalog and documented each step: Deploy SPFx app using pipeline's Workload Identity federation. And.. it works 🤷♀️One think that comes to my mind is that maybe you have to wait? (see the last section of the post referenced).