Learning and Sharing
  • Home
  • Blog
  • Linux
  • macOS
  • Virtualization
    • VMware
    • VirtualBox
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server
  • Series
    • Symantec
    • Intune
    • Microsoft Azure
    • Powershell
    • VirtualBox
    • VMware
    • PowerShell Learning
    • Microsoft Graph
  • More
    • Auto Installation
    • AEC Installation
  • Contact
No Result
View All Result
  • Home
  • Blog
  • Linux
  • macOS
  • Virtualization
    • VMware
    • VirtualBox
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server
  • Series
    • Symantec
    • Intune
    • Microsoft Azure
    • Powershell
    • VirtualBox
    • VMware
    • PowerShell Learning
    • Microsoft Graph
  • More
    • Auto Installation
    • AEC Installation
  • Contact
No Result
View All Result
No Result
View All Result

Connect-MgGraph : Cannot Bind Parameter AccessToken MSAL PowerShell

September 14, 2023
in Blog, Microsoft Graph, Powershell
0
ADVERTISEMENT

Table of Contents

Cannot Bind Parameter AccessToken

$ClientSecret = 'v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg'
$params = @{
    ClientId = '87c980ca-a1dd-4748-98db-8007af2bdc70'
    TenantId = 'c032627b-6715-4e39-9990-bcf48ee5e0c5'
    ClientSecret = $ClientSecret | ConvertTo-SecureString -AsPlainText -Force
    AzureCloudInstance = '1'
}

$MsalToken = (Get-MsalToken @params).AccessToken
Connect-Graph -AccessToken $MsalToken

In some cases, when we trying to connect to Microsoft Graph PowerShell. We got the following error.

Connect-MgGraph : Cannot bind parameter ‘AccessToken’. Cannot convert the “…” value of type “System.String” to type “System.Security.SecureString”.
At line:1 char:28
+ Connect-Graph -AccessToken $MsalToken.AccessToken
+                            ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Connect-MgGraph], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Graph.PowerShell.Authentication.Cmdlets.Connect
   MgGraph

We’ve check the installed version of Microsoft Graph PowerShell module. It shows we have install the v2 of the Microsoft Graph PowerShell SDK.

PS C:\> Get-InstalledModule Microsoft.Graph | ft -AutoSize

Version Name            Repository Description
------- ----            ---------- -----------
2.3.0   Microsoft.Graph PSGallery  Microsoft Graph PowerShell module

We did a try on a computer has been installed the v1 of Graph PowerShell module. And as you can see, the script works without any error.

PS C:\> Get-InstalledModule Microsoft.Graph

Version Name            Repository Description
------- ----            ---------- -----------
1.28.0  Microsoft.Graph PSGallery  Microsoft Graph PowerShell module
Import-Module MSAL.PS -Force
$ClientSecret = 'v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg'
$params = @ {
    ClientId = '87c980ca-a1dd-4748-98db-8007af2bdc70'
    TenantId = 'c032627b-6715-4e39-9990-bcf48ee5e0c5'
    ClientSecret = $ClientSecret | ConvertTo-SecureString -AsPlainText -Force
    AzureCloudInstance = '1'
}
$MsalToken = Get-MsalToken @params
Connect-Graph -AccessToken $MsalToken.AccessToken
PS C:\> Connect-Graph -AccessToken $MsalToken.AccessToken
Welcome To Microsoft Graph!
PS C:\>

Solution

When we check the AccessToken of the Connect-MgGraph command. We found that, in the v2 of the SDK the AccessToken must be a SecureString instead of String on the v1.

PS C:\> Get-Help Connect-Graph -Parameter AccessToken   #This ran on v2

-AccessToken <securestring>   
    Required?                    true
    Position?                    1
    Accept pipeline input?       false
    Parameter set name           AccessTokenParameterSet

PS C:\> Get-Help Connect-Graph -Parameter AccessToken   #This ran on v1

-AccessToken <string>       
    Required?                    false
    Position?                    1
    Accept pipeline input?       false
    Parameter set name           AccessTokenParameterSet

This is a change in behavior between v1.0 and v2.0 of the Microsoft Graph PowerShell module. If you want your scripts works on the v2. You must convert the AccessToken to a SecureString as below:

$ClientSecret = 'v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg'
$params = @{
    ClientId = '87c980ca-a1dd-4748-98db-8007af2bdc70'
    TenantId = 'c032627b-6715-4e39-9990-bcf48ee5e0c5'
    ClientSecret = $ClientSecret | ConvertTo-SecureString -AsPlainText -Force
    AzureCloudInstance = '1'
}

$MsalToken = (Get-MsalToken @params).AccessToken
$token = ($MsalToken | ConvertTo-SecureString -AsPlainText -Force)

Connect-Graph -AccessToken $token

As you can see, this time, we’re able to connect to Microsoft PowerShell API. When we check the session context, we can see the AuthType is UserProvidedAccessToken.

PS C:\> Connect-Graph -AccessToken $token
Welcome To Microsoft Graph!

PS C:\> Get-MgContext

ClientId               : 87c980ca-a1dd-4748-98db-8007af2bdc70
TenantId               : c032627b-6715-4e39-9990-bcf48ee5e0c5
Scopes                 : {User.ReadWrite.All}
AuthType               : UserProvidedAccessToken
TokenCredentialType    : UserProvidedAccessToken

Maintain compatibility with v1.0

If you want your scripts to maintain compatibility with v1.0, you can convert the access token value conditionally:

  1. Check the AccessToken parameter property.
  2. If match SecureString then convert the AccessToken to SecureString.
  3. Else connect to Graph as v1.
$ClientSecret = 'v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg'
$params = @{
    ClientId = '87c980ca-a1dd-4748-98db-8007af2bdc70'
    TenantId = 'c032627b-6715-4e39-9990-bcf48ee5e0c5'
    ClientSecret = $ClientSecret | ConvertTo-SecureString -AsPlainText -Force
    AzureCloudInstance = '1'
}

$MsalToken = (Get-MsalToken @params).AccessToken

$targetParameter = (Get-Command Connect-MgGraph).Parameters['AccessToken']

if ($targetParameter.ParameterType -eq [securestring]){
  Connect-MgGraph -AccessToken ( $MsalToken | ConvertTo-SecureString -AsPlainText -Force )
} else {
    Connect-MgGraph -AccessToken $MsalToken
}

Not a reader? Watch this related video tutorial:

5/5 - (1 vote)
Previous Post

Microsoft Graph Cannot Process Argument Transformation on Parameter ClientSecret

Next Post

Microsoft Graph Access Token Lifetimes and Long-Running PowerShell Scripts

Related Posts

Running Hyper-V and VMware Workstation on The Same Machine

August 15, 2024

How to Uninstall All Autodesk Products At Once Silently

July 29, 2024
Ftr5

How to Uninstall the Autodesk Genuine Service on Windows

July 29, 2024
Ftr19

How to Fix Windows Cannot Read the ProductKey From the Unattend Answer File in VirtualBox

July 26, 2024
Ftr25

How to Update Windows Terminal in Windows 10/11

July 26, 2024

How to Disable The Beep Sound in WSL Terminal on Windows

July 26, 2024

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • How To Turn On uBlock Origin Extension in Chrome (2025)
  • Images Hidden Due To Mature Content Settings In CivitAI
  • Azure OpenAI vs Azure AI Hub, How to Choose the Right One for Your Needs

Categories

Stay in Touch

Discord Server

Join the Discord server with the site members for all questions and discussions.

Telegram Community

Jump in Telegram server. Ask questions and discuss everything with the site members.

Youtube Channel

Watch more videos, learning and sharing with Leo ❤❤❤. Sharing to be better.

Newsletter

Join the movement and receive our weekly Tech related newsletter. It’s Free.

General

Microsoft Windows

Microsoft Office

VMware

VirtualBox

Technology

PowerShell

Microsoft 365

Microsoft Teams

Email Servers

Copyright 2025 © All rights Reserved. Design by Leo with ❤

No Result
View All Result
  • Home
  • Linux
  • Intune
  • macOS
  • VMware
  • VirtualBox
  • Powershell
  • Windows 10
  • Windows 11
  • Microsoft 365
  • Microsoft Azure
  • Microsoft Office
  • Active Directory

No Result
View All Result
  • Home
  • Linux
  • Intune
  • macOS
  • VMware
  • VirtualBox
  • Powershell
  • Windows 10
  • Windows 11
  • Microsoft 365
  • Microsoft Azure
  • Microsoft Office
  • Active Directory