Invoke-MGGraphRequest fails after first call as of v2.21.0 with USGov Environment

[AdamUCF]

Describe the bug

When attempting to use Invoke-MGGraphRequest against the USGov environment, the first call succeeds however subsequent calls fail. The first attempt correctly goes to graph.microsoft.us however subsequent calls are sent to graph.microsoft.com which results in an authentication failure. This appears to be caused by 815b63f

Expected behavior

Subsequent Invoke-MGGraphRequest calls continue functioning after the initial call.

How to reproduce

Import-Module Microsoft.Graph.Authentication -MinimumVersion 2.21.0
Connect-MgGraph -Environment "USGov" -Scopes "Directory.AccessAsUser.All"
Works: Invoke-MgGraphRequest -Uri "v1.0/organization"
Fails: Invoke-MgGraphRequest -Uri "v1.0/me"
Fails: Invoke-MgGraphRequest -Uri "v1.0/organization"

SDK Version

2.21.0 and later

Latest version known to work for scenario above?

2.21

Known Workarounds

Use version 2.20.0 or earlier of module Microsoft.Graph.Authentication

Debug output

PS C:> Invoke-MgGraphRequest -Uri "v1.0/organization" -Debug
VERBOSE: GET https://graph.microsoft.com/v1.0/organization with 0-byte payload

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): a
DEBUG: GET /v1.0/organization HTTP/1.1
HTTP: graph.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22631; en-US) PowerShell/7.4.5 Invoke-MgGraphRequest

VERBOSE: received 17413-byte response of content type application/json
DEBUG: GET https://graph.microsoft.us/v1.0/organization
HTTP/2.0 200 OK
Cache-Control: no-cache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: fbfc3588-61a7-48d6-bf58-352c72839120
client-request-id: 42c76821-de22-44f3-8496-0b5bdc35ea53
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"USGov Texas","Slice":"E","Ring":"4","ScaleUnit":"001","RoleInstance":"SN5NEPF00001F93"}}
odata-version: 4.0
Date: Mon, 09 Sep 2024 19:14:04 GMT
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
Content-Encoding: gzip

{"@odata.context":"https://graph.microsoft.us/v1.0/$metadata#organization","value":"redacted"}

Name Value

---

@odata.context https://graph.microsoft.us/v1.0/$metadata#organization
value {redacted}

PS C:> Invoke-MgGraphRequest -Uri "v1.0/me" -Debug
VERBOSE: GET https://graph.microsoft.com/v1.0/me with 0-byte payload

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): a
DEBUG: GET /v1.0/me HTTP/1.1
HTTP: graph.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22631; en-US) PowerShell/7.4.5 Invoke-MgGraphRequest

Invoke-MgGraphRequest: Unable to perform redirect as Location Header is not set in response
PS C:> Invoke-MgGraphRequest -Uri "v1.0/organization" -Debug
VERBOSE: GET https://graph.microsoft.com/v1.0/organization with 0-byte payload

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): a
DEBUG: GET /v1.0/organization HTTP/1.1
HTTP: graph.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22631; en-US) PowerShell/7.4.5 Invoke-MgGraphRequest

Invoke-MgGraphRequest: Unable to perform redirect as Location Header is not set in response

Configuration

PSVersion 7.4.5
PSEdition Core
GitCommitId 7.4.5
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

Other information

No response

[jonade]

Can confirm this is an issue in 2.22.0 when connecting using -Environment USGovDoD and then making multiple calls in Invoke-MgGraphRequest. The first request is made to https://dod-graph.microsoft.us and then second call is made to the Commercial endpoint at https://graph.microsoft.com and results in an error: