You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider the following scenario: you want to use the CLI for M365 in a setup script to automate creating a new Entra app reg for the project. The user might not have CLI installed, and you don't want to bother them with it, so you use npx to download it on demand. To simplify the usage, you use an existing Entra app, such as Microsoft Graph CLI, so that the user doesn't need to do setup first.
What's challenging is that the Graph CLI app by default has no permissions, so you need to use dynamic consent to grant it consent for the necessary permissions to create Entra app reges. Right now, this is a gap in the CLI, which is why in the script we're doing it manually.
Let's consider different ways in which we could simplify it, such as:
1. Extend the login command with --scopes which allows you to specify scopes that it should be included in the login flow
2. Extend the cli consent command with --scopes to let users specify separate scopes rather than just the service
Thoughts @pnp/cli-for-microsoft-365-maintainers? Any other solutions that we should consider?
The text was updated successfully, but these errors were encountered:
In scenarios where you are already logged in and want to consent to an extra scope, It looks easier to just run a command to include the extra scope instead of having to log in again.
In scenarios where you are already logged in and want to consent to an extra scope, It looks easier to just run a command to include the extra scope instead of having to log in again.
Good call. It feels like there are two different use cases (first-time sign in vs. adding an extra scope) and the second solution (separate command) supports both of them. Let's go with it.
Consider the following scenario: you want to use the CLI for M365 in a setup script to automate creating a new Entra app reg for the project. The user might not have CLI installed, and you don't want to bother them with it, so you use
npx
to download it on demand. To simplify the usage, you use an existing Entra app, such as Microsoft Graph CLI, so that the user doesn't need to do setup first.You can see this implemented in a script here: https://github.com/microsoft/learn-microsoft-graph-connectors-typescript/blob/main/setup.sh.
What's challenging is that the Graph CLI app by default has no permissions, so you need to use dynamic consent to grant it consent for the necessary permissions to create Entra app reges. Right now, this is a gap in the CLI, which is why in the script we're doing it manually.
Let's consider different ways in which we could simplify it, such as:
1. Extend thelogin
command with--scopes
which allows you to specify scopes that it should be included in the login flow2. Extend the
cli consent
command with--scopes
to let users specify separate scopes rather than just the serviceThoughts @pnp/cli-for-microsoft-365-maintainers? Any other solutions that we should consider?
The text was updated successfully, but these errors were encountered: