Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation incorrect #1330

Open
SiebeDev opened this issue Feb 1, 2025 · 2 comments
Open

Documentation incorrect #1330

SiebeDev opened this issue Feb 1, 2025 · 2 comments
Labels
documentation Improvements or additions to documentation ToTriage

Comments

@SiebeDev
Copy link

SiebeDev commented Feb 1, 2025

Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:

  • Make sure you can reproduce this issue using the latest released version of Microsoft.Graph.Entra or Microsoft.Graph.Entra.Beta.
  • Please search the existing issues to see if there has been a similar issue filed.

Describe the bug

A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

  1. Execute -Entra with Connect-Entra -Scopes 'Group.ReadWrite.All','Group.Create' -DeviceCode
  2. See error at AADSTS650053: The application 'Microsoft Graph Command Line Tools' asked for scope 'Group.Create' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

Expected behavior

A clear and concise description of what you expected to happen.
No error

Debug Output

Run the problematic command with -Debug and paste the resulting debug stream below.
⚠ ATTENTION: Be sure to remove any sensitive information that may be in the logs.

Module Version

Please run Get-Module Microsoft.Graph.Entra* after cmdlet execution and paste the output below.
If a module cannot be installed or imported, please run Get-Module -ListAvailable and paste the output.

Environment Data

Please run $PSVersionTable and paste the output below. If running the Docker container image, indicate the tag of the image used and the version of Docker engine.

Screenshots
c> If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

https://learn.microsoft.com/en-us/powershell/module/microsoft.entra/new-entragroup?view=entra-powershell#example-1-create-a-group
documentation states 'group.create' while this is a application permission, which is not relevant when using the commandline
should omit this scope.
@SteveMutungi254
Copy link
Contributor

Hi @SiebeDev,

Thanks for raising this issue.

The issue is that Group.Create is an application permission, so it fails when using interactive authentication (delegated access).

We'll update the documentation to clarify this for application-specific scenarios.

Quick question: Do you have any suggestions on how we should present permission details for both delegated and application authentication?

@SteveMutungi254 SteveMutungi254 added documentation Improvements or additions to documentation and removed ToTriage labels Feb 3, 2025
@SteveMutungi254
Copy link
Contributor

Polite reminder, @SiebeDev. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation ToTriage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SiebeDev @SteveMutungi254