Forum Discussion
Connect-PnPMicrosoftGraph - Azure AD OAuth 2.0 Access Token has expired
Hi,
The Warning message is managed by the implementation in Core, and could be that we have a bug related to timezones (I will double-check it, just in case). However, most likely the exception you see is not necessarily related to the token lifetime, but to a lack of proper permissions for the user or to a known bug of the New-PnPUnifiedGroup cmdlet. We are already aware of that bug and it has already been fixed in the DEV branch of Core. The fix will be included in the next monthly release of Core.
About the tokens lifetime, by default an access token released by Azure AD lasts in 1 hour and a refresh token lasts in 14 days. However, you can use the refresh token to create a new access token (and a new refresh token, too) for up to 90 days. Then you will have to re-authenticate.
Nevertheless, an access/refresh token can expire suddenly, for example if the user changes her/his password, and because of some other happenings. Thus, we cannot rely on them and sometime we could have to re-authenticate.
We're thinking about refactoring a little bit the Connect-PnPMicrosoftGraph cmdlet, eventually merging it with Connect-PnPOnline, in order to support refresh tokens (which are not supported right now) and providing re-authentication capabilities, but we are still "working on it". Stay tuned ...
Thanks,
Paolo
Paolo Pialorsi, Do you know when support for refresh tokens is in the planning?
MicrosoftWe are using
Connect-PnPMicrosoftGraph -Scopes "Group.ReadWrite.All","User.Read.All"
to provisioning sites with SharePoint Administrator but we receive following error.
Requestign global Admin credentials.
we can't use Global Admin. Could you give us some clue about error? Paolo Pialorsi
Thanks
- Did you find out what permissions are needed?
- Ada Galilea Granados
Global Admin :-(
Thanks! That is what I suspected.
