Fix Graph authentication for non-interactive terminals #158
Conversation
- Remove -NonInteractive flag from PowerShell arguments to allow browser windows to open for WAM authentication - Add ExtractJwtFromOutput() to filter WARNING/ERROR lines from PowerShell output that caused 'newline in header' errors - Use interactive browser flow as device code has module bugs Fixes authentication failures with errors: 'A window handle must be configured' and 'New-line characters are not allowed in header values' Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This pull request fixes Microsoft Graph authentication issues in non-interactive terminals by removing the -NonInteractive flag from PowerShell arguments and implementing JWT token extraction to filter out PowerShell warning/error messages.
Changes:
- Removed
-NonInteractiveflag from PowerShell command arguments to enable interactive browser windows for WAM authentication - Added
ExtractJwtFromOutput()method to parse JWT tokens from PowerShell output while filtering out WARNING/ERROR/VERBOSE/DEBUG lines - Modified method signatures to thread the
useDeviceCodeparameter through the execution chain - Updated GraphApiService comment to clarify the use of interactive browser flow
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/Microsoft.Agents.A365.DevTools.Cli/Services/Internal/MicrosoftGraphTokenProvider.cs | Removed -NonInteractive flag, added JWT extraction logic, and threaded useDeviceCode parameter through execution methods |
| src/Microsoft.Agents.A365.DevTools.Cli/Services/GraphApiService.cs | Updated comment to clarify interactive browser flow usage |
| } | ||
|
|
||
| private static string BuildPowerShellArguments(string shell, string script) | ||
| private static string BuildPowerShellArguments(string shell, string script, bool useDeviceCode) |
There was a problem hiding this comment.
The useDeviceCode parameter is added to the method signature but is never used within the method body. This creates confusion about the parameter's purpose and suggests incomplete implementation. Either use the parameter or remove it from the signature if it's not needed.
| return token; | ||
| } | ||
|
|
||
| private static string? ExtractJwtFromOutput(string output) |
There was a problem hiding this comment.
The new ExtractJwtFromOutput() method lacks test coverage. This method contains important logic for filtering PowerShell output lines and extracting JWT tokens, which is critical for authentication to work correctly. Add test cases covering: (1) JWT token with WARNING prefix lines, (2) JWT token with ERROR prefix lines, (3) JWT token on single line without prefixes, (4) no valid JWT in output, and (5) multiple lines with only one valid JWT.
| foreach (var line in lines) | ||
| { | ||
| var trimmed = line.Trim(); | ||
| // Skip WARNING, ERROR, and other PowerShell output lines | ||
| if (trimmed.StartsWith("WARNING:", StringComparison.OrdinalIgnoreCase) || | ||
| trimmed.StartsWith("ERROR:", StringComparison.OrdinalIgnoreCase) || | ||
| trimmed.StartsWith("VERBOSE:", StringComparison.OrdinalIgnoreCase) || | ||
| trimmed.StartsWith("DEBUG:", StringComparison.OrdinalIgnoreCase)) | ||
| { | ||
| continue; | ||
| } | ||
|
|
||
| // Check if this line looks like a JWT token | ||
| if (IsValidJwtFormat(trimmed)) | ||
| { | ||
| return trimmed; | ||
| } | ||
| } |
There was a problem hiding this comment.
This foreach loop immediately maps its iteration variable to another variable - consider mapping the sequence explicitly using '.Select(...)'.
Fixes authentication failures with errors:
'A window handle must be configured' and
'New-line characters are not allowed in header values'