Merge pull request #268 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 27e432ead559 · 2025-05-27T12:41:05.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecAddTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecAddTenant.ps1
@@ -5,7 +5,7 @@ Function Invoke-ExecAddTenant {
     .FUNCTIONALITY
         Entrypoint,AnyTenant
     .ROLE
-        CIPP.AppSettings.ReadWrite.
+        CIPP.AppSettings.ReadWrite
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCombinedSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCombinedSetup.ps1
@@ -5,7 +5,7 @@ Function Invoke-ExecCombinedSetup {
     .FUNCTIONALITY
         Entrypoint,AnyTenant
     .ROLE
-        CIPP.AppSettings.ReadWrite.
+        CIPP.AppSettings.ReadWrite
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1
@@ -5,7 +5,7 @@ Function Invoke-ExecCreateSAMApp {
     .FUNCTIONALITY
         Entrypoint,AnyTenant
     .ROLE
-        CIPP.AppSettings.ReadWrite.
+        CIPP.AppSettings.ReadWrite
     #>
     [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')]
     [CmdletBinding()]
@@ -84,10 +84,19 @@ Function Invoke-ExecCreateSAMApp {
                 Write-Information ($Secret | ConvertTo-Json -Depth 5)
                 Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
             } else {
+
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $TenantId -AsPlainText -Force)
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Appid.appId -AsPlainText -Force)
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $AppPassword -AsPlainText -Force)
             }
+            $ConfigTable = Get-CippTable -tablename 'Config'
+            #update the ConfigTable with the latest appId, for caching compare.
+            $NewConfig = @{
+                PartitionKey  = 'AppCache'
+                RowKey        = 'AppCache'
+                ApplicationId = $AppId.appId
+            }
+            Add-CIPPAzDataTableEntity @ConfigTable -Entity $NewConfig -Force | Out-Null
             $Results = @{'message' = "Succesfully $state the application registration. The application ID is $($AppId.appid). You may continue to the next step."; severity = 'success' }
         }
 
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1
@@ -5,7 +5,7 @@ Function Invoke-ExecUpdateRefreshToken {
     .FUNCTIONALITY
         Entrypoint,AnyTenant
     .ROLE
-        CIPP.AppSettings.ReadWrite.
+        CIPP.AppSettings.ReadWrite
     #>
     [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')]
     [CmdletBinding()]
@@ -29,7 +29,7 @@ Function Invoke-ExecUpdateRefreshToken {
             }
             Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
         } else {
-            if ($env:ApplicationId -eq $Request.body.tenantId) {
+            if ($env:TenantID -eq $Request.body.tenantId) {
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $Request.body.refreshtoken -AsPlainText -Force)
             } else {
                 $name = $Request.body.tenantId -replace '-', '_'
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1
@@ -6,7 +6,16 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
     if (!$scope) { $scope = 'https://graph.microsoft.com/.default' }
 
     if (!$env:SetFromProfile) { $CIPPAuth = Get-CIPPAuthentication; Write-Host 'Could not get Refreshtoken from environment variable. Reloading token.' }
-    #If the $env:<$tenantid> is set, use that instead of the refreshtoken for all tenants.
+    $ConfigTable = Get-CippTable -tablename 'Config'
+    $Filter = "PartitionKey eq 'AppCache' and RowKey eq 'AppCache'"
+    $AppCache = Get-CIPPAzDataTableEntity @ConfigTable -Filter $Filter
+    #force auth update is appId is not the same as the one in the environment variable.
+    Write-Host "My appId pre-launch is $($env:ApplicationID) and the one in the cache is $($AppCache.ApplicationId)"
+    if ($AppCache.ApplicationId -and $env:ApplicationID -ne $AppCache.ApplicationId) {
+        Write-Host "Setting environment variable ApplicationID to $($AppCache.ApplicationId)"
+        $CIPPAuth = Get-CIPPAuthentication
+    }
+    Write-Host "My appId post-launch is $($env:ApplicationID) and the one in the cache is $($AppCache.ApplicationId)"
     $refreshToken = $env:RefreshToken
     if (!$tenantid) { $tenantid = $env:TenantID }
     #Get list of tenants that have 'directTenant' set to true
