Set refresh token as environment variable after update

JohnDuprey · JohnDuprey · commit 2b5360eab15d · 2026-01-25T00:58:43.000-05:00
After updating the refresh token, immediately set it as an environment variable to make it available for subsequent operations. This applies to both the main tenant and additional tenants, ensuring the new token is accessible without delay.
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1
@@ -21,27 +21,35 @@ function Invoke-ExecUpdateRefreshToken {
 
             if ($env:TenantID -eq $Request.body.tenantId) {
                 $Secret | Add-Member -MemberType NoteProperty -Name 'RefreshToken' -Value $Request.body.refreshtoken -Force
+                # Set environment variable to make it immediately available
+                Set-Item -Path env:RefreshToken -Value $Request.body.refreshtoken -Force
             } else {
                 Write-Host "$($env:TenantID) does not match $($Request.body.tenantId)"
                 $name = $Request.body.tenantId -replace '-', '_'
                 $secret | Add-Member -MemberType NoteProperty -Name $name -Value $Request.body.refreshtoken -Force
+                # Set environment variable to make it immediately available
+                Set-Item -Path env:$name -Value $Request.body.refreshtoken -Force
             }
             Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
         } else {
             if ($env:TenantID -eq $Request.body.tenantId) {
                 Set-CippKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $Request.body.refreshtoken -AsPlainText -Force)
+                # Set environment variable to make it immediately available
+                Set-Item -Path env:RefreshToken -Value $Request.body.refreshtoken -Force
+                $InstanceId = Start-UpdatePermissionsOrchestrator #start the CPV refresh immediately while wizard still runs.
             } else {
                 Write-Host "$($env:TenantID) does not match $($Request.body.tenantId) - we're adding a new secret for the tenant."
                 $name = $Request.body.tenantId
                 try {
                     Set-CippKeyVaultSecret -VaultName $kv -Name $name -SecretValue (ConvertTo-SecureString -String $Request.body.refreshtoken -AsPlainText -Force)
+                    # Set environment variable to make it immediately available
+                    Set-Item -Path env:$name -Value $Request.body.refreshtoken -Force
                 } catch {
                     Write-Host "Failed to set secret $name in KeyVault. $($_.Exception.Message)"
                     throw $_
                 }
             }
         }
-        $InstanceId = Start-UpdatePermissionsOrchestrator #start the CPV refresh immediately while wizard still runs.
 
         if ($request.body.tenantId -eq $env:TenantID) {
             $TenantName = 'your partner tenant'
