diff --git a/CHANGELOG.md b/CHANGELOG.md index 857251e14..aa24d4064 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Added `-Bcc` option to `Send-PnPMail` [#2726](https://github.com/pnp/powershell/pull/2726) - Added `-PrimarySiteCollectionAdmin` to `Add-PnPSiteCollectionAdmin` to allow for the primary site collection admin to be set on the current site [#2750](https://github.com/pnp/powershell/pull/2750) - Added `-PrimarySiteCollectionAdmin` to `Set-PnPTenantSite` to allow for the primary site collection admin to be set on a provided site [#2750](https://github.com/pnp/powershell/pull/2750) +- Added additional fallback logic for retrieving tokens in Azure VM scenario using well-know endpoint when using Managed Identity authentication. [#2761](https://github.com/pnp/powershell/pull/2761) ### Changed diff --git a/src/Commands/Base/TokenHandling.cs b/src/Commands/Base/TokenHandling.cs index 4eacc40d7..6e306828d 100644 --- a/src/Commands/Base/TokenHandling.cs +++ b/src/Commands/Base/TokenHandling.cs @@ -130,6 +130,13 @@ internal static async Task GetManagedIdentityTokenAsync(Cmdlet cmdlet, H endPoint = Environment.GetEnvironmentVariable("MSI_ENDPOINT"); identityHeader = Environment.GetEnvironmentVariable("MSI_SECRET"); } + if (string.IsNullOrEmpty(endPoint)) + { + // additional fallback + // using well-known endpoint for Instance Metadata Service, useful in Azure VM scenario. + // https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http + endPoint = "http://169.254.169.254/metadata/identity/oauth2/token"; + } if (!string.IsNullOrEmpty(endPoint)) { var tokenRequestUrl = $"{endPoint}?resource={requiredScope}&api-version=2019-08-01";