Skip to content

Add support for Federated Identity Credentials in connection methods and parameters #4870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Jun 7, 2025
Merged

Add support for Federated Identity Credentials in connection methods and parameters #4870

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
94c1579
Add support for Federated Identity Credentials in connection methods …
Apr 21, 2025
78be42d
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth Apr 21, 2025
ca99b17
Update exception message
gautamdsheth May 3, 2025
364b6dc
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth May 3, 2025
34753f9
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth May 22, 2025
0303db9
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth May 26, 2025
29c6b42
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth Jun 1, 2025
a0c0561
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth Jun 4, 2025
f72f099
Merge branch 'dev' into feat/fmi-implementation
gautamdsheth Jun 7, 2025
57a7de2
Refactor authentication methods to support Federated Identity
Jun 7, 2025
58a52f3
Update Federated Identity terminology and methods for consistency
Jun 7, 2025
6f86ce2
Update PnPConnection to support Managed Identity connection method
Jun 7, 2025
1cb3977
Refactor TokenHandler to use PSInvalidOperationException for error ha…
Jun 7, 2025
7e23879
Refactor TokenHandler to use HttpRequestMessage for API calls and imp…
Jun 7, 2025
a380452
Update ConnectOnline and TokenHandler to enforce mandatory parameters…
Jun 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions documentation/Connect-PnPOnline.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,11 @@ Connect-PnPOnline -OSLogin [-ReturnConnection] [-Url] <String> [-PersistLogin] [
[-ClientId <String>] [-AzureEnvironment <AzureEnvironment>] [-TenantAdminUrl <String>] [-ForceAuthentication] [-ValidateConnection] [-MicrosoftGraphEndPoint <string>] [-AzureADLoginEndPoint <string>] [-Connection <PnPConnection>]
```

### Federated Identity
```powershell
Connect-PnPOnline [-Url <String>] [-Tenant <String>] -FederatedIdentity [-AzureEnvironment <AzureEnvironment>] [-TenantAdminUrl <String>] [-ValidateConnection] [-MicrosoftGraphEndPoint <string>] [-AzureADLoginEndPoint <string>] [-Connection <PnPConnection>]
```

## DESCRIPTION
Connects to a SharePoint site or another API and creates a context that is required for the other PnP Cmdlets.
See https://pnp.github.io/powershell/articles/connecting.html for more information on the options to connect.
Expand Down Expand Up @@ -289,6 +294,13 @@ Connect to SharePoint using Credentials (username and password) from Credential

On Windows, this entry needs to be under "Generic Credentials".

### EXAMPLE 20
Copy link
Preview

Copilot AI May 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Ensure that the documentation examples remain consistent with the updated parameter sets for Federated Identity Credentials and clearly demonstrate their usage.

Copilot uses AI. Check for mistakes.

```powershell
Connect-PnPOnline -Url "https://contoso.sharepoint.com" -ClientId 6c5c98c7-e05a-4a0f-bcfa-0cfc65aa1f28 -Tenant 'contoso.onmicrosoft.com' -FederatedIdentity
```

Connect to SharePoint/Microsoft Graph using federated identity credentials.

## PARAMETERS

### -AccessToken
Expand Down Expand Up @@ -876,6 +888,22 @@ Accept pipeline input: False
Accept wildcard characters: False
```

### -FederatedIdentity

Connects using Federated Identity. For more information on this, you can visit [this link](https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-rest).

```yaml
Type: SwitchParameter
Parameter Sets: Federated Identity
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```

## RELATED LINKS

[Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)
21 changes: 21 additions & 0 deletions src/Commands/Base/ConnectOnline.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ public class ConnectOnline : BasePSCmdlet
private const string ParameterSet_ENVIRONMENTVARIABLE = "Environment Variable";
private const string ParameterSet_AZUREAD_WORKLOAD_IDENTITY = "Azure AD Workload Identity";
private const string ParameterSet_OSLOGIN = "OS login";
private const string ParameterSet_FEDERATEDIDENTITY = "Federated Identity";

[Parameter(Mandatory = false, ParameterSetName = ParameterSet_CREDENTIALS, ValueFromPipeline = true)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_ACSAPPONLY, ValueFromPipeline = true)]
Expand All @@ -52,6 +53,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYAZURERESOURCEID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_AZUREAD_WORKLOAD_IDENTITY)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_OSLOGIN, ValueFromPipeline = true)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
public SwitchParameter ReturnConnection;

[Parameter(Mandatory = false, ParameterSetName = ParameterSet_CREDENTIALS, ValueFromPipeline = true)]
Expand All @@ -68,6 +70,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYAZURERESOURCEID, ValueFromPipeline = true)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_AZUREAD_WORKLOAD_IDENTITY, ValueFromPipeline = true)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_OSLOGIN, ValueFromPipeline = true)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_FEDERATEDIDENTITY, ValueFromPipeline = true)]
public SwitchParameter ValidateConnection;

[Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_CREDENTIALS, ValueFromPipeline = true)]
Expand All @@ -84,6 +87,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_ENVIRONMENTVARIABLE, ValueFromPipeline = true)]
[Parameter(Mandatory = false, Position = 0, ParameterSetName = ParameterSet_AZUREAD_WORKLOAD_IDENTITY, ValueFromPipeline = true)]
[Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_OSLOGIN, ValueFromPipeline = true)]
[Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_FEDERATEDIDENTITY, ValueFromPipeline = true)]
public string Url;

[Parameter(Mandatory = false, ParameterSetName = ParameterSet_CREDENTIALS)]
Expand Down Expand Up @@ -140,6 +144,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_INTERACTIVE)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_DEVICELOGIN)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_OSLOGIN)]
[Parameter(Mandatory = true, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
[Alias("ApplicationId")]
public string ClientId;

Expand All @@ -153,6 +158,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_DEVICELOGIN)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_ENVIRONMENTVARIABLE)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_OSLOGIN)]
[Parameter(Mandatory = true, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
public string Tenant;

[Parameter(Mandatory = false, ParameterSetName = ParameterSet_APPONLYAADCERTIFICATE)]
Expand Down Expand Up @@ -184,6 +190,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYCLIENTID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYPRINCIPALID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYAZURERESOURCEID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
public Framework.AzureEnvironment AzureEnvironment = Framework.AzureEnvironment.Production;

// [Parameter(Mandatory = true, ParameterSetName = ParameterSet_APPONLYCLIENTIDCLIENTSECRETAADDOMAIN)]
Expand All @@ -204,6 +211,9 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = true, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYAZURERESOURCEID)]
public SwitchParameter ManagedIdentity;

[Parameter(Mandatory = true, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
public SwitchParameter FederatedIdentity;

[Parameter(Mandatory = true, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYPRINCIPALID)]
[Alias("UserAssignedManagedIdentityPrincipalId")]
public string UserAssignedManagedIdentityObjectId;
Expand Down Expand Up @@ -244,6 +254,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYPRINCIPALID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYAZURERESOURCEID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_OSLOGIN)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
public string MicrosoftGraphEndPoint;

[Parameter(Mandatory = false, ParameterSetName = ParameterSet_CREDENTIALS)]
Expand All @@ -259,6 +270,7 @@ public class ConnectOnline : BasePSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYPRINCIPALID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_USERASSIGNEDMANAGEDIDENTITYBYAZURERESOURCEID)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_OSLOGIN)]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_FEDERATEDIDENTITY)]
public string AzureADLoginEndPoint;

[Parameter(Mandatory = true, ParameterSetName = ParameterSet_AZUREAD_WORKLOAD_IDENTITY)]
Expand Down Expand Up @@ -376,6 +388,9 @@ protected void Connect(ref CancellationToken cancellationToken)
case ParameterSet_OSLOGIN:
newConnection = ConnectWithOSLogin();
break;
case ParameterSet_FEDERATEDIDENTITY:
newConnection = ConnectFederatedIdentity();
break;
}

// Ensure a connection instance has been created by now
Expand Down Expand Up @@ -916,6 +931,12 @@ private PnPConnection ConnectWithOSLogin()
return PnPConnection.CreateWithInteractiveLogin(new Uri(Url.ToLower()), ClientId, TenantAdminUrl, AzureEnvironment, cancellationTokenSource, ForceAuthentication, Tenant, true, PersistLogin, Host);
}

private PnPConnection ConnectFederatedIdentity()
{
LogDebug("Connecting using Federated Identity Credentials");

return PnPConnection.CreateWithFederatedIdentity(Url, TenantAdminUrl, ClientId, Tenant);
}
#endregion

#region Helper methods
Expand Down
Loading
Loading