powershell icon indicating copy to clipboard operation
powershell copied to clipboard
verified publisher icon pnp

[BUG] Execution fails after 2h with "Unauthorized"

Open PatrickSpies opened this issue 6 months ago • 1 comments

Reporting an Issue or Missing Feature

We´re running a script working on many list-items. Connection is established with Connect-PnPOnline -Url "$env:O365_URL" -AzureADWorkloadIdentity as we´re using workload-identity. The provided token-file contains a token valid for 6 hours.

After 2 hours any cmdlet fails with

Unexpected response from the server. The content type of the response is "". The status code is "Unauthorized".

I tried to explicitly reconnect (Disconnect-PnPOnline and Connect-PnPOnline again) after 1 hour, but the error keeps occouring 2 hours after the initial Connect-PnPOnline.

Expected behavior

As long as the provided workload-identity-token is valid, cmdlets should keep working.

Actual behavior

2 hours after initial Connect-PnPOnline any Cmdlet fails with

Unexpected response from the server. The content type of the response is "". The status code is "Unauthorized".

Steps to reproduce behavior

Connect-PnPOnline -Url "$env:O365_URL" -AzureADWorkloadIdentity

$List = Get-PnPList -Identity $env:LIST_TITLE

$Items = Get-PnPListItem -List $List.Id.Guid -Query "<<redacted>>"

$Items | ForEach-Object {

# Working with Item ($_) via different cmdlts (e.g. Set-PnPListItem, Get-PnPProperty, Set-PnPListItemPermission)
# Running without any issues for 2 hours, starts failing afterwards

}

What is the version of the Cmdlet module you are running?

v3.1.0

Which operating system/environment are you running PnP PowerShell on?

Container-image based on mcr.microsoft.com/powershell:alpine-3.20, running at AKS with workload-identity enabled.

PatrickSpies avatar Jul 21 '25 06:07 PatrickSpies

Worked around this by creating a new connection (with -ReturnConnection) for each item..


$Connection = Connect-PnPOnline -Url "$env:O365_URL" -AzureADWorkloadIdentity -ReturnConnection

$List = Get-PnPList -Connection $Connection -Identity $env:LIST_TITLE

$Items = Get-PnPListItem -Connection $Connection -List $List.Id.Guid -Query "<<redacted>>"

$Items | ForEach-Object {

    $Connection = Connect-PnPOnline -Url "$env:O365_URL" -AzureADWorkloadIdentity -ReturnConnection

    $Item = Get-PnPListItem -Connection $Connection -List $List.Id.Guid -Id $_.Id

    # Working with $Item via different cmdlets (e.g. Set-PnPListItem, Get-PnPProperty, Set-PnPListItemPermission) and passing `-Connection $Connection` to each

}

But I don't know, if this is a good idea, as we're looping about 25k items within the ForEach-Object..

PatrickSpies avatar Jul 22 '25 13:07 PatrickSpies