'Add-PnPApp : The remote server returned an error: (401) Unauthorized

I followed this article in order to use Connect-PnPOnline using ClientID and ClientSecret:

https://www.sharepointdiary.com/2019/03/connect-pnponline-with-appid-and-appsecret.html

https://.sharepoint.com/sites/catalog/_layouts/15/appregnew.aspx enter image description here

https://.sharepoint.com/sites/catalog/_layouts/15/appinv.aspx With that I'm able to successfully connect.

enter image description here

enter image description here

After connecting, I have the following script:

    # Connect-PnPOnline -Url $SiteURL -ClientId $ClientId -ClientSecret $ClientSecret

    Write-Verbose "Add and publish your app to the App Catalog...."
    Add-PnPApp -Path $Path -Scope Tenant -Overwrite -Publish
    Write-Verbose "Successfully added and published to the App Catalog"

And I see the error:

Add-PnPApp : The remote server returned an error: (401) Unauthorized.
At C:\Scripts\ReleaseManagement\Publish-PnPAppToAppCatalog.ps1:55 char:2
+     Add-PnPApp -Path $Path -Scope Tenant -Overwrite -Publish
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (:) [Add-PnPApp], WebException
    + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.Apps.AddApp

What am I missing?

Full Script:

function Publish-PnPAppToAppCatalog {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)]
        [string] $SolutionAbbreviation,
        [Parameter(Mandatory=$True)]
        [string] $EnvironmentAbbreviation,
        [Parameter(Mandatory=$True)]
        [string] $SiteName,
        [Parameter(Mandatory=$True)]
        [string] $Path
        
    )
    
    $scriptsDirectory = Split-Path $PSScriptRoot -Parent

    . ($scriptsDirectory + '\Common\Connect-PnPOnlineForPublishApps.ps1')
    Connect-PnPOnlineForPublishApps -SolutionAbbreviation $SolutionAbbreviation `
                                    -EnvironmentAbbreviation $EnvironmentAbbreviation `
                                    -ConnectionType "tenant" `
                                    -SiteName $SiteName `                                   
                                    -Verbose   

    Write-Verbose "Add and publish your app to the App Catalog...."
    Add-PnPApp -Path $Path -Scope Tenant -Overwrite -Publish
    Write-Verbose "Successfully added and published to the App Catalog"           
   
             
}

Publish-PnPAppToAppCatalog -SolutionAbbreviation "" `
-EnvironmentAbbreviation "" `
-SiteName "" `
-Path "" `
-Verbose

function Connect-PnPOnlineForPublishApps {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)]
        [string] $SolutionAbbreviation,
        [Parameter(Mandatory=$True)]
        [string] $EnvironmentAbbreviation,
        [Parameter(Mandatory=$True)]
        [ValidateSet("tenant", "sites")]
        [string] $ConnectionType,
        [Parameter(Mandatory=$False)]
        [string] $SiteName
       

    )
    #Requires -Version 5
    $scriptsDirectory = Split-Path $PSScriptRoot -Parent

    . ($scriptsDirectory + '\Common\Add-AzAccountIfNeeded.ps1')
    Add-AzAccountIfNeeded
    
    . ($scriptsDirectory + '\Common\Install-AzKeyVaultModuleIfNeeded.ps1')
    Install-AzKeyVaultModuleIfNeeded      

    Install-Module PnP.PowerShell -RequiredVersion "1.10.0" -Scope CurrentUser -Force -AllowClobber
   
        
    #Site collection URL
    $SiteURL = "https://<tenant>.sharepoint.com"
 
    #Connect to SharePoint Online with ClientId and ClientSecret
    Connect-PnPOnline -Url $SiteURL -ClientId "<client-id>" -ClientSecret "<client-secret>"
       
    Get-PnPContext

    Set-PnPTenant -DisableCustomAppAuthentication $false

    Write-Verbose "CONNECTED.................."

UPDATE:

I updated the script as per the suggestion:

Connect-SPOService -Url $url -Credential $credential
Set-SPOTenant -DisableCustomAppAuthentication $false  

#Site collection URL
$SiteURL = "https://<tenant>.sharepoint.com"
 
#Connect to SharePoint Online with ClientId and ClientSecret
Connect-PnPOnline -Url $SiteURL -ClientId "<client-id>" -ClientSecret "<client-secret>"

I see a Forbidden error:

enter image description here

powershellsharepointsharepoint-online


Solution 1:[1]

Microsoft added a new tenant-level property called “DisableCustomAppAuthentication” to SharePoint Online and made the decision to set this property to be true by default affecting all new tenants post August 2020. The solution is to set this new property to false as follows:

Set-SPOTenant -DisableCustomAppAuthentication $false

This requires the latest version of SharePoint online management shell.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 RaytheonXie-MSFT

Related Questions

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

New-ExoPSSession: Index was out of range

PowerShell Cannot dot-source this command because it was defined in a different language mode

How do I get only directories using Get-ChildItem?

Powershell - windows hard-disk health status is giving inconsistent results

The term 'AzCopy' is not recognized as a name of a cmdlet, function, script file

check if an string exists in a list of strings, using powershell

Can Powershell Run Commands in Parallel?

How can ensure that a function only accepts a positive integer?

Powershell: Two dimension arrays

PowerShell and process exit codes

PowerShell Script to set the size of pagefile.sys

Trying to install Angular 2 Material from npm - unrecognized token in source text