Azure AD OIDC - Resource identifier is not provided

PowerShell Universal
1 
Product: PowerShell Universal
Version: 2.5.0 (2021-11-03)

@adam, I upgraded to the nightly version to fix a Connect-PnPOnline issue. Unfortunately, the 2.5.0 version may have introduced a bug in the OIDC setup that is causing a problem with Azure AD authentication. I did not realize it until my existing tokens expired.

Here is the configuration:

"OIDC": {
  "Enabled": "true",
  "CallbackPath": "/auth/signin-oidc",
  "ClientID": "secret",
  "ClientSecret": "secret",
  "Resource": "https://graph.microsoft.com",
  "Authority": "https://login.microsoftonline.com/tenant",
  "ResponseType": "id_token token",
  "SaveTokens": "true",
  "UseTokenLifetime": true,
  "Scope": "openid profile offline_access",
  "GetUserInfo": false
}

It is unable to authenticate and in the Azure AD sign-in logs we are seeing this error:

Failure reason
Resource identifier is not provided.
2

Ah, I see the issue. Thanks for trying the nightly. This will be fixed in tonight’s build. We werent specifying the Resource on the OIDC option configuration even if it was specified in appsettings.json or authentication.ps1.

Did you have a chance to see if the PNP module worked?

3

I was able to test PNP and it is working. I was able to merge our OneDrive provisioning script into PSU from a custom scheduled task!

4

Great! That’s good news.