DEV Community

Kinga
Kinga

Posted on

Add-PnPApp: Unable to connect to the SharePoint Online Admin Center

#sharepoint #sharepointframework #pnppowershell

Following our code freeze, I enjoyed a long moment of blissful ignorance =)

But last Wednesday, I was abruptly confronted by harsh reality... My deployment pipeline failed (?!)

Unable to connect to the SharePoint Online Admin Center

It's not you, it's M..?

Of course I assumed I broke something. Perhaps I removed permissions that my pipeline is using?

But... I tested deployment in my development environment with Sites.FullControl.All for Microsoft Graph and Office 365 SharePoint Online APIs. Yes, Sites.FullControl.All. I still got an error.

And what does "admin center" have to do with deploying an app to a site-level app catalog? My guess would be... nothing (?)

And then I came across the [BUG] In Add-PnPApp overwrite is not working throws error The current user does not have the permission to access the App Catalog and realized that I'm not the only one. Moreover, it seems the command was not working 3 months ago, then got fixed a week later (đź’Ş) and 3 weeks ago another issue appeared, with the PnP PowerShell trying to access the Admin Center. It's been malfunctioning ever since.

I think I've had enough

Did you know that PnP PowerShell is basically a wrapper for a set of SharePoint REST and Graph APIs? The code for the Add-PnPAPp is here

All I had to do is to write my own PowerShell functions that would make the SharePoint REST API requests.

You will find them here: Gist

The SPFx-DeployApps.ps1 file is called from the pipeline, from the AzurePowerShell@5 task:

task: AzurePowerShell@5
          name: deploySPFxSolution
          inputs:
            azureSubscription: ${{parameters.serviceConnection}}
            azurePowerShellVersion: LatestVersion
            ScriptType: FilePath
            ScriptPath: $(scriptsDir)/SPFx-DeployApps.ps1
            ScriptArguments: >
              -tenantName '$(Az_TenantName)'
              -siteName '$(SPO_SiteName)'
              -folderPath '$(artifactsLocation)'
Enter fullscreen mode Exit fullscreen mode

It calls functions defined in SPFX-deploysolutions.ps1 to upload and deploy the app.

Authentication

I'm not providing client ids, secrets, or certificates, because I'm using ServiceConnection with Workload Identity Federation.

The Service Principal used as the Pipeline Identity has Sites.Selected API Permissions on the target SharePoint site, with fullControl granted to the site to be able to "Manage Web" (=add an app).
You may use the Grant-APIPermissions-ServicePrincipal.ps1 to grant all the required permissions.

Top comments (0)