Share via

Azure Function Powershell: Microsoft.Graph.PowerShell.AuthenticationException

Dev 9 86 Reputation points
2024-01-05T13:51:36.5433333+00:00

Sorry about the long error message. We have a long running Azure Function App, written in PS, checking certificate expirations monthly. Today I was going to write a new Function, and naively changed requirements.psd1 from 

@{     

# For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'.      

# To use the Az module in your function app, please uncomment the line below.     

'Az' = '5.*'     

'Microsoft.Graph.Authentication' = '1.x.x'     

'PnP.PowerShell' = '1.x.x'     

}

where I don't remember the version numbers, to

@{     
	'Microsoft.Graph.Authentication' = '2.*'
	'PnP.PowerShell' = '2.3.0'
}

which trying

Connect-MgGraph -Identity

results as shown in error message. I have tried downgrading versions, and restarted app, but judging from the error message it seems like the 2.11.1 version "hangs".

I have found a perhaps relevant error

https://stackoverflow.com/questions/77744901/not-able-to-load-the-microsoft-bcl-asyncinterfaces-assembly-in-powershell

Can anyone weigh in on which versions are compatible for use in Azure Function App?

host.json file

{
  "version": "2.0",
  "managedDependency": {
    "Enabled": true
  },
  "extensionBundle": {
    "id": "Microsoft.Azure.Functions.ExtensionBundle",
    "version": "[2.*, 3.0.0)"
  }
}

Error message

2024-01-05T12:59:53Z   [Error]   ERROR: Invalid JWT access token.  
Exception             :      Type           : Microsoft.Graph.PowerShell.AuthenticationException     TargetSite     :          Name          : DecodeToObject         DeclaringType : Microsoft.Graph.PowerShell.Authentication.Core.Utilities.JwtHelpers, Microsoft.Graph.Authentication.Core, Version=2.11.1.0, Culture=neutral, PublicKeyToken=XXXXXX        MemberType    : Method         Module        : Microsoft.Graph.Authentication.Core.dll     StackTrace     :     at Microsoft.Graph.PowerShell.Authentication.Core.Utilities.JwtHelpers.DecodeToObject[T](String jwtString)    at Microsoft.Graph.PowerShell.Authentication.Core.Utilities.JwtHelpers.DecodeJWT(String jwToken, IAccount account, IAuthContext& authContext)    at Microsoft.Graph.PowerShell.Authentication.Core.Utilities.AuthenticationHelpers.SignInAsync(IAuthContext authContext, CancellationToken cancellationToken)    at Microsoft.Graph.PowerShell.Authentication.Core.Utilities.AuthenticationHelpers.AuthenticateAsync(IAuthContext authContext, CancellationToken cancellationToken)    at Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph.ProcessRecordAsync()    at Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph.ProcessRecordAsync()     

Message        : Invalid JWT access token.     InnerException :          Type       : System.IO.FileNotFoundException         Message    : Could not load file or assembly 'Microsoft.Bcl.AsyncInterfaces, Version=6.0.0.0, Culture=neutral, 

PublicKeyToken=cc7b13ffcd2ddd51'. The system cannot find the file specified.         FileName   : Microsoft.Bcl.AsyncInterfaces, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51         TargetSite :              Name          : GetAsyncEnumerableInterface             DeclaringType : System.Text.Json.Serialization.IAsyncEnumerableConverterFactory, System.Text.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51             MemberType    : Method             Module        : System.Text.Json.dll         StackTrace :     at System.Text.Json.Serialization.IAsyncEnumerableConverterFactory.GetAsyncEnumerableInterface(Type type)    at System.Text.Json.Serialization.IAsyncEnumerableConverterFactory.CanConvert(Type typeToConvert)    at System.Text.Json.JsonSerializerOptions.GetConverterInternal(Type typeToConvert)    at System.Text.Json.JsonSerializerOptions.DetermineConverter(Type parentClassType, Type runtimePropertyType, MemberInfo memberInfo)    at System.Text.Json.Serialization.Metadata.JsonTypeInfo.GetConverter(Type type, Type parentClassType, MemberInfo memberInfo, Type& runtimeType, JsonSerializerOptions options)    at System.Text.Json.Serialization.Metadata.JsonTypeInfo..ctor(Type type, JsonSerializerOptions options)    at System.Text.Json.JsonSerializerOptions.<InitializeForReflectionSerializer>g__CreateJsonTypeInfo|112_0(Type type, JsonSerializerOptions options)    at 
System.Text.Json.JsonSerializerOptions.GetClassFromContextOrCreate(Type type)    at System.Text.Json.JsonSerializerOptions.GetOrAddClass(Type type)    at System.Text.Json.JsonSerializer.GetTypeInfo(JsonSerializerOptions options, Type runtimeType)    at System.Text.Json.JsonSerializer.Deserialize[TValue](String json, JsonSerializerOptions options)    at 

Microsoft.Graph.PowerShell.Authentication.Core.Utilities.JwtHelpers.DecodeToObject[T](String jwtString)         Source     : System.Text.Json         HResult    : -2147024894     

Source         : Microsoft.Graph.Authentication.Core     HResult        : -2146233088 

CategoryInfo          : NotSpecified: (:) [Connect-MgGraph], AuthenticationException 

FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph 

InvocationInfo        :      MyCommand        : Connect-MgGraph     ScriptLineNumber : 21     

OffsetInLine     : 1     HistoryId        : 1     ScriptName       : 

C:\home\site\wwwroot\AEnterpriseAppSAMLExpirationMonthly\run.ps1     Line             : Connect-MgGraph -Identity                             

PositionMessage  : At C:\home\site\wwwroot\AEnterpriseAppSAMLExpirationMonthly\run.ps1:21 char:1                        + Connect-MgGraph -Identity                        + ~~~~~~~~~~~~~~~~~~~~~~~~~     					PSScriptRoot     : C:\home\site\wwwroot\AEnterpriseAppSAMLExpirationMonthly     PSCommandPath    : C:\home\site\wwwroot\AEnterpriseAppSAMLExpirationMonthly\run.ps1     InvocationName   : Connect-MgGraph     CommandOrigin    : Internal ScriptStackTrace      : at <ScriptBlock>, C:\home\site\wwwroot\AEnterpriseAppSAMLExpirationMonthly\run.ps1: line 21 PipelineIterationInfo :

EDIT:

Setting profile.ps1 like this:

Import-Module Microsoft.Graph.Authentication -RequiredVersion '2.0.0'

and requirements.psd1 like this 

@{
    'Microsoft.Graph.Authentication' = '2.0.0'
}

results in the same error, multiple versions tested after restarting. Something broke today, and I don't understand what or why.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,909 questions
Windows for business Windows Server User experience PowerShell
Microsoft Security Microsoft Graph
Accepted answer
  1. MuthuKumaranMurugaachari-MSFT 22,441 Reputation points Moderator
    2024-01-09T15:28:19.4+00:00

    Quickly reviewing this error in the repo: https://github.com/microsoftgraph/msgraph-sdk-powershell/issues?q=%22Invalid+JWT+access+token%22, there are few instances this occurs related to dependency conflict or a bug in SDK. I suggest you open an issue in the repo and experts from SDK can assist you further.

    Update for the community:

    Dev 9 resolved the issue by creating a new function app with latest extension bundle version [3.*, 4.0.0) and package version Microsoft.Graph.Authentication 2.9.1.

    Thanks for sharing it with the community which will greatly help others with similar issues. As per Microsoft Q&A community policy: "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.