pnpframework icon indicating copy to clipboard operation
pnpframework copied to clipboard
verified publisher icon pnp

'Invalid Scope' Error after running Invoke-PnPTenantTemplate

Open TylerDurham opened this issue 1 year ago • 6 comments

We are using PnP.PowerShell to orchestrate the creation of a Teams team and a SharePoint site. Our script

  1. Creates a Team (Successfully)
  2. Uploads a SP Template (Successfully)
  3. Creates a SharePoint site from a Template (Unsuccessfully)

We then get a dialog with the following error:

"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/ openid profile offline_access is not valid. The scope format is invalid. Scope must be in a valid URI form https://example/scope or a valid Guid <guid/scope>."

We are able to revert back to PnP.PowerShell 2.4.0 and the script runs fine, but when we use PnP.PowerShell 2.5.0 or higher, we get the above error.

Is this a bug or a change how PnP.PowerShell/PnP.Framework work in later versions? Please advise. Thanks!

P.S.: We turned on PnP tracing, and see the following:

pwsh Information: 0 : 2024-08-27 14:50:37.9100 [GetContextAsync] [0] [Debug] Authentication type: AzureADInteractive for scopes https://<REDACTED>.sharepoint.com/.default 0ms pwsh Information: 0 : 2024-08-27 14:50:38.3196 [PnP.Framework] [0] [Debug] GetGroupInfoAsync 0ms pwsh Information: 0 : 2024-08-27 14:50:38.3213 [PnP.Framework] [0] [Debug] GetWebUrl 0ms pwsh Information: 0 : 2024-08-27 14:50:38.5236 [PnP.Framework] [0] [Debug] AuthenticateRequestAsync 0ms pwsh Information: 0 : 2024-08-27 14:50:38.5300 [GetAccessTokenAsync] [0] [Debug] Authentication type: AzureADInteractive 0ms pwsh Information: 0 : 2024-08-27 14:50:39.2017 [GetAccessTokenAsync] [0] [Debug] Authentication type: AzureADInteractive 0ms

TylerDurham avatar Aug 27 '24 20:08 TylerDurham

@TylerDurham just spotted this, looks possibly similar to my #1080 ...any luck with workarounds? Even going back to PnP.Framework 1.14 doesn't seem to fix our problem.

anthonywhite avatar Oct 30 '24 15:10 anthonywhite

I am experiencing a similar issue when running get-PnpSiteTemplate -Out spsite.xml -PersistBrandingFiles -PersistPublishingFiles

on the steps Extracting Template from https://company.sharepoint.com/sites. [Web Settings

a new auth window opens and gives me the same error

AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com openid profile offline_access is not valid. The scope format is invalid. Scope must be in a valid URI form https://example/scope or a valid Guid <guid/scope>.

nhoj01 avatar Nov 20 '24 17:11 nhoj01

I was able to bypass the error by using non-interactive auth using a cert in my azure enterprise app.

nhoj01 avatar Nov 21 '24 18:11 nhoj01

Any news on this issue? I can't use a certificate to bypass this.

Dangerous-Mind avatar Dec 27 '24 15:12 Dangerous-Mind

I also have encountered this issue using Get-PnPSiteTemplate.

popeadam avatar Mar 13 '25 09:03 popeadam

I did'nt need the WebSettings so I got my template by excluding WebSettings

Get-PnPSiteTemplate -Out 'output.xml' -ExcludeHandlers WebSettings

SimplitizeClaus avatar Apr 07 '25 08:04 SimplitizeClaus