Connect-MgGraph auth token unusable when -UseDeviceCode #3495
Description
Describe the bug
I'm trying to use connect-mggraph with -UseDeviceCode. The auth is successful but all subsequent commands fail with DeviceCodeCredential authentication failed: Object reference not set to an instance of an object. All tested commands are successful without the -UseDeviceCode flag
Expected behavior
-UseDeviceCode should work
How to reproduce
- Connect-MgGraph -Scopes "AppRoleAssignment.ReadWrite.All", "Application.Read.All" -NoWelcome -UseDeviceCode
- Get-MgServicePrincipal -Filter "displayName eq 'some app name'"
SDK Version
2.34
Latest version known to work for scenario above?
2.34
Known Workarounds
None
Debug output
Click to expand log
```PS C:\managed_identity_permissions> Get-MgServicePrincipal -Filter "displayName eq '$DisplayNameOfApp'" -debug
DEBUG: [CmdletBeginProcessing]: - Get-MgServicePrincipal begin processing with parameterSet 'List'.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'DeviceCode', ContextScope: 'CurrentUser',
AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [Application.Read.All, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All,
DelegatedPermissionGrant.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, openid,
Policy.Read.All, Policy.ReadWrite.PermissionGrant, profile, RoleManagement.Read.All, Sites.FullControl.All,
Synchronization.ReadWrite.All, User.Read, User.ReadWrite.All, email].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq 'test1'
Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26200;
en-AU),PowerShell/5.1.26100.7462
Body:
DEBUG: [CmdletException]: Received exception with message 'AuthenticationFailedException - DeviceCodeCredential
authentication failed: Object reference not set to an instance of an object. : at
Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean
isCredentialUnavailable)
at Azure.Identity.DeviceCodeCredential.d__44.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Identity.DeviceCodeCredential.d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at
Microsoft.Kiota.Authentication.Azure.AzureIdentityAccessTokenProvider.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at
Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.PowerShell.Applications.<ServicePrincipalListServicePrincipal_Call>d__1015.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.Graph.PowerShell.Applications.<ServicePrincipalListServicePrincipal_Call>d__1015.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.PowerShell.Applications.d__1013.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Graph.PowerShell.Cmdlets.GetMgServicePrincipal_List.d__92.MoveNext()'
Confirm
DeviceCodeCredential authentication failed: Object reference not set to an instance of an object.
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
Get-MgServicePrincipal : DeviceCodeCredential authentication failed: Object reference not set to an instance of an object.
At line:1 char:1
- Get-MgServicePrincipal -Filter "displayName eq '$DisplayNameOfApp'" - ...
-
+ CategoryInfo : NotSpecified: (:) [Get-MgServicePrincipal_List], AuthenticationFailedException + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.GetMgServicePrincipal_List
</details>
### Configuration
Name Value
PSVersion 7.5.4
PSEdition Core
GitCommitId 7.5.4
OS Microsoft Windows 10.0.26200
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
### Other information
_No response_