Invalid JWT access token

Question

Hello everyone,

I'm trying to run a PowerShell script in an Azure Automation runbook to connect to Microsoft Graph, but I'm encountering an issue with the connection. Specifically, I keep getting the error: invalid JWT access token.

Can anyone tell me what i am doing wrong?

It works in PowerShell:

Define App Registration details

$tenantId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

$clientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

$clientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Client secret value

Define the resource for Azure Management API

$scope = "https://graph.microsoft.com/.default"

$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"

Get authentication token using client credentials flow

$body = @{

grant_type    = "client_credentials"

client_id     = $clientId

client_secret = $clientSecret

scope         = $scope

}

$response = Invoke-RestMethod -Method Post -Uri $tokenUrl -ContentType "application/x-www-form-urlencoded" -Body $body

$accessToken = $response.access_token

Validate token retrieval

if (-not $accessToken) {

    Write-Host "Failed to obtain access token" -ForegroundColor Red

    exit

}



Write-Host "Access Token obtained successfully" -ForegroundColor Green

# Convert the access token to a SecureString

$secureAccessToken = ConvertTo-SecureString $accessToken -AsPlainText -Force

Connect to Microsoft Graph using the SecureString access token

Connect-MgGraph -AccessToken $secureAccessToken

Answer 1

Hello Flipping ,

I understand you're encountering the "Invalid JWT access token" error when attempting to connect to Microsoft Graph within your Azure Automation runbook.

This is a known issue that arises when using version 2.26.1 of the Microsoft.Graph.Authentication module with PowerShell 7.2.

I have one Azure Automation account where Microsoft Graph modules installed with 2.26.1 version:

When I ran your script in PowerShell 7.2 runbook, I too got same error as below:

To resolve this, you need to revert back its previous version 2.25.0 as a workaround.

In my case, I deleted the existing 2.26.1 Microsoft Graph modules as below:

Now, I ran below PowerShell script in Azure Cloud Shell to install 2.25.0 version Microsoft Graph modules:

# Import Microsoft.Graph.Authentication module

$moduleName = 'Microsoft.Graph.Authentication'

$moduleVersion = '2.25.0'

New-AzAutomationModule -AutomationAccountName 'AutAccName' -ResourceGroupName 'rgName' -Name $moduleName -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/$moduleName/$moduleVersion" -RuntimeVersion '7.2'

# Import Microsoft.Graph.Users module

$moduleName = 'Microsoft.Graph.Users'

$moduleVersion = '2.25.0'

New-AzAutomationModule -AutomationAccountName 'AutAccName' -ResourceGroupName 'rgName' -Name $moduleName -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/$moduleName/$moduleVersion" -RuntimeVersion '7.2'

Response:

Make sure to wait for few minutes until the modules status turns "Available" as below:

When I ran the PowerShell script again after reverting back to 2.25.0 version, I got the response successfully as below:

# Define App Registration details

$tenantId = "tenantId"

$clientId = "appId"

$clientSecret = "secret" # Client secret value

# Define the resource for Azure Management API

$scope = "https://graph.microsoft.com/.default"

$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"

# Get authentication token using client credentials flow

$body = @{

    grant_type    = "client_credentials"

    client_id     = $clientId

    client_secret = $clientSecret

    scope         = $scope

}

try {

    $response = Invoke-RestMethod -Method Post -Uri $tokenUrl -ContentType "application/x-www-form-urlencoded" -Body $body

    $accessToken = $response.access_token

    # Validate token retrieval

    if (-not $accessToken) {

        Write-Host "Failed to obtain access token" -ForegroundColor Red

        exit

    }

    Write-Host "Access Token obtained successfully" -ForegroundColor Green

    # Convert the access token to a SecureString

    $secureAccessToken = ConvertTo-SecureString $accessToken -AsPlainText -Force

    # Connect to Microsoft Graph using the SecureString access token

    Connect-MgGraph -AccessToken $secureAccessToken

    Write-Host "Connected to Microsoft Graph successfully" -ForegroundColor Green

}

catch {

    Write-Host "Error: $_" -ForegroundColor Red

}

Import-Module Microsoft.Graph.Users

Get-MgUser -Top 10 | Select-Object DisplayName, Id

Response:

To know more regarding this known issue, you can refer this GitHub issue.

Hope this helps!

---

If this answer was helpful, please click "Accept the answer" and mark Yes, as this can be beneficial to other community members.

If you have any other questions or still running into more issues, let me know in the "comments" and I would be happy to help you.

Answer 2

Hello Flipping,

I faced the same issue after updating the Microsoft.Graph.Application and Microsoft.Graph.Authentication modules to version 2.26.1. Manually downgrading these modules to version 2.22.0 resolved the issue, allowing me to use the ‘Connect-MgGraph’ command again.

Answer 3

I encountered the same issue while running an automaton runbook, I used the PowerShell script to downgrade to 2.25.0 version Microsoft Graph modules: and it worked perfectly.

thanks for sharing.

Answer 4

Please excuse my upcoming emotional outburst, but ...

Really? I mean ... REALLY???

We have version 2.32.0 of the Microsoft.Graph module now, and this is still not fixed?

And there is no mechanism to block non-working versions from updating? No warning? No rollback option in Azure Automation after how many years of its existence?

I now have to actually delete all modules and use a script to get 2.25 in again???

This is just embarrassing!

Answer 5

I can confirm that I also encountered the error with version 2.32.0.

Manually installing version 2.25.0 with Runtime 7.2 worked for me as well.