Skip to content

Fix token refresh failure due to missing TenantID scope#76

Closed
Copilot wants to merge 2 commits into
Devfrom
copilot/fix-aadsts900144-error
Closed

Fix token refresh failure due to missing TenantID scope#76
Copilot wants to merge 2 commits into
Devfrom
copilot/fix-aadsts900144-error

Conversation

Copy link
Copy Markdown

Copilot AI commented Jan 12, 2026
edited
Loading

Authentication succeeds initially but all subsequent requests fail with AADSTS900144: The request body must contain the following parameter: "client_id" after token expiry.

Root Cause

Invoke-CIPPPreFlightCheck.ps1 uses unscoped $TenantID instead of $script:TenantID when refreshing expired tokens, passing null to the OAuth endpoint.

Changes

CIPPAPIModule/private/Invoke-CIPPPreFlightCheck.ps1

  • Line 62: TenantID = $TenantIDTenantID = $script:TenantID
# Before
$request = @{
    CIPPClientID     = $script:CIPPClientID
    CIPPClientSecret = $script:CIPPClientSecret
    CIPPAPIUrl       = $script:CIPPAPIUrl
    TenantID         = $TenantID  # ❌ Resolves to null
}

# After
$request = @{
    CIPPClientID     = $script:CIPPClientID
    CIPPClientSecret = $script:CIPPClientSecret
    CIPPAPIUrl       = $script:CIPPAPIUrl
    TenantID         = $script:TenantID  # ✅ Preserves value from Set-CIPPAPIDetails
}

Aligns with existing pattern in Connect-CIPP.ps1 which correctly uses $script:TenantId.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • docs.cipp.app
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>All requests returning 'AADSTS900144: The request body must contain the following parameter: "client_id".</issue_title>
<issue_description>### Description

Authentication / setting CIPP info works fine with the client id etc - but every request returns the above.

Environment data

PowerShell: 7.5.4
CIPP Module: 1.2.9
CIPP: 8.8.2
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@kris6673
Fix TenantID variable scope bug causing AADSTS900144 error
80b2be6 
Co-authored-by: kris6673 <31723128+kris6673@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix AADSTS900144 error in authentication requests Fix token refresh failure due to missing TenantID scope Jan 12, 2026
Copilot AI requested a review from kris6673 January 12, 2026 18:14
@kris6673
Copy link
Copy Markdown
Collaborator

kris6673 commented Jan 12, 2026

will fix in another pr

@kris6673 kris6673 closed this Jan 12, 2026
@kris6673 kris6673 deleted the copilot/fix-aadsts900144-error branch January 12, 2026 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kris6673 kris6673 Awaiting requested review from kris6673

Assignees

@kris6673 kris6673

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kris6673