added appid detection to prevent cache hit

KelvinTegelaar · KelvinTegelaar · commit d3e781a7d56d · 2025-05-27T11:47:00.000+02:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1
@@ -84,6 +84,14 @@ Function Invoke-ExecCreateSAMApp {
                 Write-Information ($Secret | ConvertTo-Json -Depth 5)
                 Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
             } else {
+                $ConfigTable = Get-CippTable -tablename 'Config'
+                #update the ConfigTable with the latest appId, for caching compare.
+                $NewConfig = @{
+                    PartitionKey  = 'AppCache'
+                    RowKey        = 'AppCache'
+                    ApplicationId = $AppId.appId
+                }
+                Set-CIPPAzDataTableEntity @ConfigTable -Entity $NewConfig -Force | Out-Null
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $TenantId -AsPlainText -Force)
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Appid.appId -AsPlainText -Force)
                 Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $AppPassword -AsPlainText -Force)
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1
@@ -6,6 +6,15 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
     if (!$scope) { $scope = 'https://graph.microsoft.com/.default' }
 
     if (!$env:SetFromProfile) { $CIPPAuth = Get-CIPPAuthentication; Write-Host 'Could not get Refreshtoken from environment variable. Reloading token.' }
+    $ConfigTable = Get-CippTable -tablename 'Config'
+    $Filter = "PartitionKey eq 'AppCache' and RowKey eq 'AppCache'"
+    $AppCache = Get-CIPPAzDataTableEntity @ConfigTable -Filter $Filter
+    #force auth update is appId is not the same as the one in the environment variable.
+    if ($AppCache.ApplicationId -and $env:ApplicationID -ne $AppCache.ApplicationId) {
+        Write-Host "Setting environment variable ApplicationID to $($AppCache.ApplicationId)"
+        $CIPPAuth = Get-CIPPAuthentication
+    }
+
     #If the $env:<$tenantid> is set, use that instead of the refreshtoken for all tenants.
     $refreshToken = $env:RefreshToken
     if (!$tenantid) { $tenantid = $env:TenantID }
