5.0.16 - Grant-PSUAppToken not working?

PowerShell Universal
1 
Product: PowerShell Universal
Version: 5.0.16

Hi,

I have been trying to grant psu app tokens remotely by using Grant-PSUAppToken, but it either does not work correctly or I am missing something. The command does not grant new tokens to a identity but returns all existing (and revoked) tokens instead. However, the Management API /api/v1/apptoken/grant works fine.

Demo:

PS C:\> $temp_identity = Get-PSUIdentity -Name "demo_user"
PS C:\> $temp_identity

Id              : 5
Name            : demo_user
Source          : Git
RoleName        : Reader
Roles           : {Reader}
CredentialVault : Database
Password        :
LocalAccount    : True
OldPassword     :
Settings        :
Theme           :
JobColumns      :
JobStatuses     :
PasswordLastSet :

PS C:\> Grant-PSUAppToken -Identity $temp_identity -Role "Reader" -Expiry (Get-Date).AddDays(30)
PS C:\> Get-PSUappToken -Identity $temp_identity
PS C:\> $body_to_grant_token = @{
>>     Identity   = $temp_identity
>>     role       = "Reader"
>>     expiration = (Get-Date).AddDays(30).GetDateTimeFormats("o")[0]
>>     revoked    = $false
>>   } | ConvertTo-Json
PS C:\> Invoke-RestMethod -Uri "https://example.company.com/api/v1/apptoken/grant" -Body $body_to_grant_token -Headers @{Authorization = "Bearer $temp_admin_token" } -Method Post -ContentType "application/json"

id          : 0
token       : eyJhb[...]
identity    : @{id=5; name=demo_user; source=0; roleName=Reader; roles=System.Object[]; credentialVault=Database; password=; localAccount=True; oldPassword=; settings=; theme=; jobColumns=; jobStatuses=; passwordLastSet=}
revoked     : False
role        : Reader
created     : 27.11.2024 10:29:12
expiration  : 27.12.2024 11:28:41
revokedDate : 01.01.0001 00:00:00
createdBy   : @{id=1; name=xxx; source=0; roleName=Administrator; roles=System.Object[]; credentialVault=; password=; localAccount=False; oldPassword=; settings={"AppCodeByDefault":false,"ScriptListView":"Folder","EditorSettings":null}; theme=; jobColumns=System.Object[]; jobStatuses=;
              passwordLastSet=}
description :
lastUsed    :
permissions :

PS C:\> Grant-PSUAppToken -Identity $temp_identity -Role "Reader" -Expiry (Get-Date).AddDays(30)

Id          : 7
Token       : 905fd1b656731f756fd9f369c61e293aa1a5c40603a215b34aa5b92de1a78fd2
Identity    : demo_user
Revoked     : False
Role        : Reader
Created     : 27.11.2024 10:29:12
Expiration  : 27.12.2024 11:28:41
RevokedDate : 01.01.0001 00:00:00
CreatedBy   :
Description :
LastUsed    :
Permissions :

PS C:\> Get-PSUappToken -Identity $temp_identity

Id          : 7
Token       : 905fd1b656731f756fd9f369c61e293aa1a5c40603a215b34aa5b92de1a78fd2
Identity    : demo_user
Revoked     : False
Role        : Reader
Created     : 27.11.2024 10:29:12
Expiration  : 27.12.2024 11:28:41
RevokedDate : 01.01.0001 00:00:00
CreatedBy   :
Description :
LastUsed    :
Permissions :

As you can see, the first Grant-PSUAppToken does not return anything and no token was created. However, calling the API directly returns the token. Calling Grant-PSUAppToken once again after the API call and it returns the existing token, but does not create a new one. It returns the exact same thing as Get-PSUAppToken. Before the test, I connected to the PSUServer with the same admin token that is being used in the API header.

Can someone confirm or am I missing something?