I'm trying to give my Azure Static Web App the ability to read and write to a specific SharePoint subsite. I've already set up the necessary API permissions by granting "Sites.Selected" and installed the required PowerShell modules—Microsoft.Online.SharePoint.PowerShell, Microsoft.Graph, and PnP.PowerShell. My main problem is connecting to the site to execute the command `Grant-PnPAzureADAppSitePermission -AppId $clientId -DisplayName "blah" -Site $siteUrl -Permissions Write`.
First, I'm having trouble with `Connect-SPOService`—it keeps giving me an error stating that my credentials are invalid, even though I've confirmed that I'm using the right username and password.
Next, when I try `Connect-MgGraph`, I run into an issue where the parameter set can't be resolved. And lastly, `Connect-PnPOnline` with my client ID and secret is also resulting in the same error encounter.
What is the correct way to connect so that I can proceed with granting site permissions?
2 Answers
Make sure you've entered your values correctly in the script. You should define your `$siteUrl`, `$appId`, and `$appDisplayName`. Additionally, instead of using `Connect-SPOService`, try using `Connect-PnPOnline -Url $siteUrl -Interactive`. This command supports modern authentication which your current setup may be lacking.
Absolutely, not having the SharePoint admin rights could definitely be what's holding you back from connecting. You'll need to ensure your account has the correct permissions to make these changes.
It sounds like you'll need to use a certificate for the authentication, as the secret method you're attempting is outdated. Certificates are the way to go with Azure's Entra method, which is more secure. Trying to use a certificate should solve your connectivity issues.
Thanks for the tip! Does Azure have a built-in tool for generating certificates, or do I need to create one myself? I'm guessing a self-created cert might not be acceptable.
I made a self-signed certificate and uploaded it successfully to Azure, and it seems to be working fine on my end! I used the command to connect with the certificate and there were no errors, just a login prompt. However, now I'm facing an issue with the reply address not being registered. Any ideas?
I think that could be the issue. It looks like I'm not listed as a SharePoint admin on my account. When I try to access the admin center, it tells me I lack the necessary permissions. Does that align with what you're saying?