-
Notifications
You must be signed in to change notification settings - Fork 329
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve support for dynamic consent #6524
Comments
Nice suggestion, I'd vote for option 2. |
Out of curiosity, why do you prefer 2? |
In scenarios where you are already logged in and want to consent to an extra scope, It looks easier to just run a command to include the extra scope instead of having to log in again. |
Good call. It feels like there are two different use cases (first-time sign in vs. adding an extra scope) and the second solution (separate command) supports both of them. Let's go with it. |
late to the party but I also like the second option 👍 |
Great idea @waldekmastykarz! I'm all for it! Option 2 seems best indeed |
Consider the following scenario: you want to use the CLI for M365 in a setup script to automate creating a new Entra app reg for the project. The user might not have CLI installed, and you don't want to bother them with it, so you use
npx
to download it on demand. To simplify the usage, you use an existing Entra app, such as Microsoft Graph CLI, so that the user doesn't need to do setup first.You can see this implemented in a script here: https://github.com/microsoft/learn-microsoft-graph-connectors-typescript/blob/main/setup.sh.
What's challenging is that the Graph CLI app by default has no permissions, so you need to use dynamic consent to grant it consent for the necessary permissions to create Entra app reges. Right now, this is a gap in the CLI, which is why in the script we're doing it manually.
Let's consider different ways in which we could simplify it, such as:
1. Extend thelogin
command with--scopes
which allows you to specify scopes that it should be included in the login flow2. Extend the
cli consent
command with--scopes
to let users specify separate scopes rather than just the serviceThoughts @pnp/cli-for-microsoft-365-maintainers? Any other solutions that we should consider?
The text was updated successfully, but these errors were encountered: