Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solution Checker Doesn't work for GCCH - AADSTS65002 Microsoft First Party Application must be Preauthorized. #1030

Open
ryanperrymba opened this issue Sep 9, 2024 · 2 comments
Open

Solution Checker Doesn't work for GCCH - AADSTS65002 Microsoft First Party Application must be Preauthorized. #1030

ryanperrymba opened this issue Sep 9, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@ryanperrymba
Copy link

ryanperrymba commented Sep 9, 2024
edited
Loading

Describe the bug
Pac Solution Checker returns Consent AADSTS65002 error in GCCH.

Error: AADSTS65002: Consent between first party application '9cee029c-6210-4654-90bb-17e6e9d36617' and first party resource 'c9299480-c13a-49db-a7ae-cdfe54fe0313' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API. Trace ID: 48ff82b8-c5f6-4e6c-ba2a-14638d3a5e00 Correlation ID: 01d01e9b-ea3b-475f-9f53-b14606529b6d Timestamp: 2024-09-09 19:12:32Z

To Reproduce

#Authenticate using GCCH
pac auth create --name PMagDef --cloud UsGovHigh

#Run Sln Checker - also GCCH - Noting --cloud vs --geo differences.
pac solution check --path SomePackage.zip --geo USGovernmentL4
##OR## 
pac solution check --path SomePackage.zip --customEndpoint "high.api.advisor.powerapps.us"

**Expected behavior**
Solution Checker should run.

Desktop (please complete the following information):

  • Have also run pac install latest to verify up to date. On 1.34.4+gbc332

Additional context

  • Have tried this in two separate GCCH tenants, and cannot find any documentation clarifying how to preauthorize the app ID.
  • Possibly due to MSFT's own internal app IDs being changed or not authorized for GCCH? https://learn.microsoft.com/en-us/answers/questions/962674/401-aadsts65002-when-trying-to-authenticate-with-a
  • Note the --geo options do not match between Pac Auth Create and Pac Solution Check. CREATE includes --cloud UsGovernmentHigh, whereas Pac Solution Check uses --geo 'UsGovernmentHigh'
  • I've also tried this using --customendpoint
  • Have not tested to see if this works with a dedicated service principal.

Who is the 'API Owner' ?

  • Power Platform Solution Checker Service IE MSFT?
  • PAC Team - IE MSFT?
  • Target Environment - IE Client, but given this is the solution checker, not a specific Tenant / Env, this seems unlikely. Solution Import/Export work fine. But if so, how do we authorize it?

See also: #542
May not be exact same issue, but addressing will likely resolve Craig Lunds's issue too.
@ryanperrymba ryanperrymba added the bug Something isn't working label Sep 9, 2024
@ryanperrymba
Copy link
Author

Update: Creating my own app registration and giving it the PowerApps-Advisor permission works.

See: https://learn.microsoft.com/en-us/power-apps/maker/data-platform/common-issues-resolutions-solution-checker#solution-checker-fails-due-to-disabled-first-party-application-in-microsoft-entra-id

@ryanperrymba
Copy link
Author

Blog Write-Up for anyone else who runs into this:
Pac Solution Check Error AADSTS65002

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ryanperrymba