Connect-MgGraph failing intermittently.

[mohshah123]

Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:

• Make sure you can reproduce this issue using the latest released version of Microsoft.Graph or Microsoft.Graph.Beta.
• Please search the existing issues to see if there has been a similar issue filed.
• For issues related to authentication and service errors, please refer to our troubleshooting guide. For service issues, please open a question at https://developer.microsoft.com/graph/support.

PS C:\WINDOWS\system32> Connect-MgGraph -ClientId 0e5860f4-ac4e-4294-9545-4e068bab6ff7 -Scopes .default -TenantId b4c546a4-7dac-46a6-a7dd-ed822a11efd3
Connect-MgGraph : The browser based authentication dialog failed to complete. Reason: A security problem was encountered.
At line:1 char:1

• Connect-MgGraph -ClientId 0e5860f4-ac4e-4294-9545-4e068bab6ff7 -Scop ...

•   + CategoryInfo          : NotSpecified: (:) [Connect-MgGraph], MsalClientException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph*
    
  

A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Execute -Mg- with ...
2. See error at ...

Expected behavior
I enter the correct credentials and provide MFA via authenticator app, then this error appears.

A clear and concise description of what you expected to happen.

Debug Output

Run the problematic command with -Debug and paste the resulting debug stream below.
⚠ ATTENTION: Be sure to remove any sensitive information that may be in the logs.

Module Version

Please run Get-Module Microsoft.Graph* after cmdlet execution and paste the output below.
If a module cannot be installed or imported, please run Get-Module -ListAvailable and paste the output.

Environment Data

Please run $PSVersionTable and paste the output below. If running the Docker container image, indicate the tag of the image used and the version of Docker engine.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.
Sometime It works after I elevate to Global Admin from azure portal.

Few more findings:

Doesn't work with well knows graph client ID, doesn't work with custom App.
Works with both are elevating to GA from azure portal.

Works with default graph app without elevation just as a normal non-privilaged user.

Connect-MgGraph -ClientId 1b730954-1685-4b74-9bfd-dac224a7b894 -Scopes .default -TenantId b4c546a4-7dac-46a6-a7dd-ed822a11efd3 # doesn't Work with well known graph client ID
Connect-MgGraph -ClientId 0e5860f4-ac4e-4294-9545-4e068bab6ff7 -Scopes .default -TenantId b4c546a4-7dac-46a6-a7dd-ed822a11efd3 # doesn't work with custom App
Connect-MgGraph -Scopes .default -TenantId b4c546a4-7dac-46a6-a7dd-ed822a11efd3 # Works

Please fix this issue :-(

[peombwa]

I'm not able to reproduce this behavior using the latest version of the SDK, v2.4.0, when using a custom app that's configured per the instructions at authentication instructions. Please try updating to the latest version of the SDK (v2.4.0) to see if the issue is still present in the latest version of the SDK. Version 1.21.0 is ~7 months old.

Secondly where is the "well known Graph client Id" sourced from? Is this a confidential or public app? Could you provide a link to there the ClientId is documented as well-known Graph client Id?

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.