Microsoft Graph Cannot Process Argument Transformation on Parameter ClientSecret

Cannot Process Argument Transformation on Parameter ClientSecret

$params = @{
    ClientId = '87c980ca-a1dd-4748-98db-8007af2bdc70'
    TenantId = 'c032627b-6715-4e39-9990-bcf48ee5e0c5'
    ClientSecret = 'v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg'
 }
$myAccessToken = Get-MsalToken @params

In some cases, when trying to get the AccessToken with MSAL PowerShell. We got the following error:

Get-MsalToken : Cannot process argument transformation on parameter ‘ClientSecret’. Cannot convert the
“v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg” value of type “System.String” to type “System.Security.SecureString”.
At line:1 char:32
+ $myAccessToken = Get-MsalToken @params
+ ~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-MsalToken], ParameterBindingArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MsalToken

The issue occurs because the ClientSecret parameter is a SecureString instead of String as we put in the above script. You can see it when check with Get-Help.

PS C:\> Get-Help Get-MsalToken -Parameter ClientSecret

-ClientSecret <SecureString>
    Secure secret of the client requesting the token.

    Required?                    true
    Position?                    named
    Default value
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

To fix it, we put the string of the secret into a variable then convert it to secure string as follows:

$ClientSecret = 'v~58Q~sf0AcfemVucNGGC1yxETFejdzxgZd4taqg'
$params = @{
    ClientId = '87c980ca-a1dd-4748-98db-8007af2bdc70'
    TenantId = 'c032627b-6715-4e39-9990-bcf48ee5e0c5'
    ClientSecret = ($ClientSecret | ConvertTo-SecureString -AsPlainText -Force)
}

$myAccessToken = Get-MsalToken @params

This time, the error should be gone then the AccessToken can be show as expected.

PS C:\> $myAccessToken

AccessToken                  : eyJ0eXAiOiJKV1...-dtLMQ
IsExtendedLifeTimeToken      : False
UniqueId                     :
ExpiresOn                    : 8/24/2023 10:05:01 AM +00:00
ExtendedExpiresOn            : 8/24/2023 10:05:01 AM +00:00
TenantId                     :
Account                      :
IdToken                      :
Scopes                       : {https://graph.microsoft.com/.default}
CorrelationId                : 4c8ed834-fee3-4abe-a29d-b0df6bffe5b2
TokenType                    : Bearer
SpaAuthCode                  :
ClaimsPrincipal              :
AuthenticationResultMetadata : Microsoft.Identity.Client.AuthenticationResultMetadata
User

Not a reader? Watch this related video tutorial:

5/5 - (1 vote)