cli-microsoft365: The received access token has been obtained from wrong audience or resource for the command - m365 flow export
Description
When running the commans m365 flow export --id $flowId --environment $environment --packageDisplayName $_.properties.displayName --path "$exportPath.zip", I am getting an error as The received access token has been obtained from wrong audience or resource.
However the command m365 flow export --id $flowId --environment $environment --format json --path "$exportPath.json" works perfectly for me.
I am Logging in to Microsoft 365 using the device code - m365 login
Also, getting same results when I tried using username and password.
Steps to reproduce
m365 flow export --id $flowId --environment $environment --packageDisplayName $_.properties.displayName --path "$exportPath.zip"
Expected result
Success with a zip exported
Actual result
node.exe : Error: The received access token has been obtained from wrong audience or resource ‘https://service.powerapps.com’. It should exactly match (including forward slash) with one of the allowed audiences ‘https://service.powerapps.com/',‘https://management.core.windows.net/’,‘https://management.azure.com/’,‘https://service.flow.microsoft.com/’,'https://web.powerapp s.com’,‘https://apps.powerapps.com’,‘https://api.bap.microsoft.com/’. At C:\Users\rohit.mahesh.waghela\AppData\Roaming\npm\m365.ps1:15 char:3 & “node$exe” "$basedir/node_modules/@pnp/cli-microsoft365/dist/ind … CategoryInfo : NotSpecified: (Error: The rece…icrosoft.com/'.:String) [], RemoteException FullyQualifiedErrorId : NativeCommandError
Environment
windows 10 m365 version: v3.12.0-beta.9a77715 node.js : v10.19.0
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 18 (12 by maintainers)
OK, so I could be onto something. It seems like there have been some changes in Power Platform’s API and in order for you to be able to manage Power Platform programmatically, you need to register your AAD app with Power Platform: https://docs.microsoft.com/en-us/power-platform/admin/powerplatform-api-create-service-principal#registering-an-admin-management-application
Once you’ve done this, you can programmatically export flows (among other things).
Fixing the issue requires:
PowerApps Service/Userhttps://api.bap.microsoft.com...I don’t know why it works on some tenants and not on others, but it could be a part of a change that’s slowly being rolled out globally and which hasn’t arrived to all tenants yet.
Thank you all so much for your assistance.
Sure @garrytrinder . I would like to create a new issue. Let me create a new issue. Also will share a new issue link here as well for the reference.
The mentioned steps make sense; I am not aware of those changes being rolled out, but could totally be part of some initiative we do not have insights in.
@pnp/cli-for-microsoft-365-maintainers could you please double check if the steps I mentioned above indeed work as expected? We could then start work on fixing the CLI
I have not tried the the steps you have mentioned. Will try that.
Hi @Rohitwghela - We had tried executing the command by replicating your exact environment and we are unable to reproduce the issue from our end.
Only difference is the beta version and the execution was had done from WSL and that should not be an issue I suppose. The user which I had executed is NOT an admin either.
When we execute it, we are able to export the flow to a ZIP with the same command which you are using.
To understand it further, do you mind executing your command with a
--debugparam and let us know the result please. So your command may be something like below.m365 flow export --id $flowId --environment $environment --packageDisplayName $_.properties.displayName --path "$exportPath.zip" --debugOnce you execute, can you paste the result over here please?