microsoft
Get-PartnerCustomer : (invalid_grant) When using Service Principal
We have been using the API via user-based auth without issues, but now we're trying to fully automate our process. In doing so we added an app secret to the AAD Partner Center app we have registered in AAD. After that I tested the authentication using the command below. Connect-PartnerCenter works fine.
However, trying to get any information off the portal returns back
Get-PartnerCustomer : (invalid_grant)
According to the documentation linked below. When requesting a token from AAD (using the AppID/Secret/Tenant) a grant_type is sent in the body to login.microsft.com. What I don't know is if the grant_type sent by the module is incorrect or if there is something else messed up with permissions in the app registration in AAD
https://learn.microsoft.com/en-us/partner-center/developer/partner-center-authentication#rest-request
AAD registered app permissions
Steps to reproduce
What steps can reproduce the defect?
$appId = "REDACTED"
$secret = ConvertTo-SecureString "REDACTED" -AsPlainText -Force
$tenantId = 'REDACTED'
$credential = New-Object System.Management.Automation.PSCredential($appId, $secret)
Connect-PartnerCenter -Credential $credential -Tenant $tenantId -ServicePrincipal
$PartnerCustomers = Get-PartnerCustomer
Get-PartnerCustomer : (invalid_grant)
Environment
PartnerCenter Module v3.0.10
I am having the Same Issue
$PartnerCustomers = Get-PartnerCustomer Get-PartnerCustomer: (invalid_grant)
Same issue
I ended up finding the issue. Forgot to post back here.
Service principal Auth only works for some actions on the partner portal API. Others require user OAuth.
See the first bullerlt point on the link below: https://learn.microsoft.com/en-us/partner-center/developer/partner-center-authentication