@pnp/cli-microsoft365 5.3.0-beta.4033f50 → 5.3.0-beta.421b58b

package/dist/Auth.js

@@ -540,6 +540,11 @@ class Auth {
             // we need to use https://management.azure.com/ instead
             resource = 'https://management.azure.com/';
         }
+        if (resource === 'https://api.powerbi.com') {
+            // api.powerbi.com is not a valid resource
+            // we need to use https://analysis.windows.net/powerbi/api instead
+            resource = 'https://analysis.windows.net/powerbi/api';
+        }
         return resource;
     }
     getServiceConnectionInfo() {

package/dist/m365/aad/commands/app/app-add.js

@@ -1,4 +1,13 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const fs = require("fs");
 const uuid_1 = require("uuid");
@@ -31,6 +40,9 @@ class AadAppAddCommand extends GraphCommand_1.default {
         telemetryProps.scopeName = typeof args.options.scopeName !== 'undefined';
         telemetryProps.uri = typeof args.options.uri !== 'undefined';
         telemetryProps.withSecret = args.options.withSecret;
+        telemetryProps.certificateFile = typeof args.options.certificateFile !== 'undefined';
+        telemetryProps.certificateBase64Encoded = typeof args.options.certificateBase64Encoded !== 'undefined';
+        telemetryProps.certificateDisplayName = typeof args.options.certificateDisplayName !== 'undefined';
         return telemetryProps;
     }
     commandAction(logger, args, cb) {
@@ -66,43 +78,55 @@ class AadAppAddCommand extends GraphCommand_1.default {
         }, (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
     }
     createAppRegistration(args, apis, logger) {
-        const applicationInfo = {
-            displayName: args.options.name,
-            signInAudience: args.options.multitenant ? 'AzureADMultipleOrgs' : 'AzureADMyOrg'
-        };
-        if (!applicationInfo.displayName && this.manifest) {
-            applicationInfo.displayName = this.manifest.name;
-        }
-        this.appName = applicationInfo.displayName;
-        if (apis.length > 0) {
-            applicationInfo.requiredResourceAccess = apis;
-        }
-        if (args.options.redirectUris) {
-            applicationInfo[args.options.platform] = {
-                redirectUris: args.options.redirectUris.split(',').map(u => u.trim())
+        return __awaiter(this, void 0, void 0, function* () {
+            const applicationInfo = {
+                displayName: args.options.name,
+                signInAudience: args.options.multitenant ? 'AzureADMultipleOrgs' : 'AzureADMyOrg'
             };
-        }
-        if (args.options.implicitFlow) {
-            if (!applicationInfo.web) {
-                applicationInfo.web = {};
+            if (!applicationInfo.displayName && this.manifest) {
+                applicationInfo.displayName = this.manifest.name;
+            }
+            this.appName = applicationInfo.displayName;
+            if (apis.length > 0) {
+                applicationInfo.requiredResourceAccess = apis;
+            }
+            if (args.options.redirectUris) {
+                applicationInfo[args.options.platform] = {
+                    redirectUris: args.options.redirectUris.split(',').map(u => u.trim())
+                };
+            }
+            if (args.options.implicitFlow) {
+                if (!applicationInfo.web) {
+                    applicationInfo.web = {};
+                }
+                applicationInfo.web.implicitGrantSettings = {
+                    enableAccessTokenIssuance: true,
+                    enableIdTokenIssuance: true
+                };
             }
-            applicationInfo.web.implicitGrantSettings = {
-                enableAccessTokenIssuance: true,
-                enableIdTokenIssuance: true
+            if (args.options.certificateFile || args.options.certificateBase64Encoded) {
+                const certificateBase64Encoded = this.getCertificateBase64Encoded(args, logger);
+                const newKeyCredential = {
+                    type: "AsymmetricX509Cert",
+                    usage: "Verify",
+                    displayName: args.options.certificateDisplayName,
+                    key: certificateBase64Encoded
+                };
+                applicationInfo.keyCredentials = [newKeyCredential];
+            }
+            if (this.verbose) {
+                logger.logToStderr(`Creating Azure AD app registration...`);
+            }
+            const createApplicationRequestOptions = {
+                url: `${this.resource}/v1.0/myorganization/applications`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json',
+                data: applicationInfo
             };
-        }
-        if (this.verbose) {
-            logger.logToStderr(`Creating Azure AD app registration...`);
-        }
-        const createApplicationRequestOptions = {
-            url: `${this.resource}/v1.0/myorganization/applications`,
-            headers: {
-                accept: 'application/json;odata.metadata=none'
-            },
-            responseType: 'json',
-            data: applicationInfo
-        };
-        return request_1.default.post(createApplicationRequestOptions);
+            return request_1.default.post(createApplicationRequestOptions);
+        });
     }
     updateAppFromManifest(args, appInfo) {
         if (!args.options.manifest) {
@@ -437,6 +461,20 @@ class AadAppAddCommand extends GraphCommand_1.default {
             value: password.secretText
         }));
     }
+    getCertificateBase64Encoded(args, logger) {
+        if (args.options.certificateBase64Encoded) {
+            return args.options.certificateBase64Encoded;
+        }
+        if (this.debug) {
+            logger.logToStderr(`Reading existing ${args.options.certificateFile}...`);
+        }
+        try {
+            return fs.readFileSync(args.options.certificateFile, { encoding: 'base64' });
+        }
+        catch (e) {
+            throw new Error(`Error reading certificate file: ${e}. Please add the certificate using base64 option '--certificateBase64Encoded'.`);
+        }
+    }
     saveAppInfo(args, appInfo, logger) {
         if (!args.options.save) {
             return Promise.resolve(appInfo);
@@ -519,6 +557,15 @@ class AadAppAddCommand extends GraphCommand_1.default {
             {
                 option: '--scopeAdminConsentDescription [scopeAdminConsentDescription]'
             },
+            {
+                option: '--certificateFile [certificateFile]'
+            },
+            {
+                option: '--certificateBase64Encoded [certificateBase64Encoded]'
+            },
+            {
+                option: '--certificateDisplayName [certificateDisplayName]'
+            },
             {
                 option: '--manifest [manifest]'
             },
@@ -540,6 +587,15 @@ class AadAppAddCommand extends GraphCommand_1.default {
         if (args.options.redirectUris && !args.options.platform) {
             return `When you specify redirectUris you also need to specify platform`;
         }
+        if (args.options.certificateFile && args.options.certificateBase64Encoded) {
+            return 'Specify either certificateFile or certificateBase64Encoded but not both';
+        }
+        if (args.options.certificateDisplayName && !args.options.certificateFile && !args.options.certificateBase64Encoded) {
+            return 'When you specify certificateDisplayName you also need to specify certificateFile or certificateBase64Encoded';
+        }
+        if (args.options.certificateFile && !fs.existsSync(args.options.certificateFile)) {
+            return 'Certificate file not found';
+        }
         if (args.options.scopeName) {
             if (!args.options.uri) {
                 return `When you specify scopeName you also need to specify uri`;

package/dist/m365/aad/commands/app/app-set.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const fs = require("fs");
 const request_1 = require("../../../../request");
 const GraphCommand_1 = require("../../../base/GraphCommand");
 const commands_1 = require("../../commands");
@@ -19,6 +20,9 @@ class AadAppSetCommand extends GraphCommand_1.default {
         telemetryProps.redirectUris = typeof args.options.redirectUris !== 'undefined';
         telemetryProps.redirectUrisToRemove = typeof args.options.redirectUrisToRemove !== 'undefined';
         telemetryProps.uri = typeof args.options.uri !== 'undefined';
+        telemetryProps.certificateFile = typeof args.options.certificateFile !== 'undefined';
+        telemetryProps.certificateBase64Encoded = typeof args.options.certificateBase64Encoded !== 'undefined';
+        telemetryProps.certificateDisplayName = typeof args.options.certificateDisplayName !== 'undefined';
         return telemetryProps;
     }
     commandAction(logger, args, cb) {
@@ -26,6 +30,7 @@ class AadAppSetCommand extends GraphCommand_1.default {
             .getAppObjectId(args, logger)
             .then(objectId => this.configureUri(args, objectId, logger))
             .then(objectId => this.configureRedirectUris(args, objectId, logger))
+            .then(objectId => this.configureCertificate(args, objectId, logger))
             .then(_ => cb(), (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
     }
     getAppObjectId(args, logger) {
@@ -156,6 +161,80 @@ class AadAppSetCommand extends GraphCommand_1.default {
         })
             .then(_ => Promise.resolve(objectId));
     }
+    configureCertificate(args, objectId, logger) {
+        if (!args.options.certificateFile && !args.options.certificateBase64Encoded) {
+            return Promise.resolve();
+        }
+        if (this.verbose) {
+            logger.logToStderr(`Setting certificate for Azure AD app...`);
+        }
+        const certificateBase64Encoded = this.getCertificateBase64Encoded(args, logger);
+        return this
+            .getCurrentKeyCredentialsList(args, objectId, certificateBase64Encoded, logger)
+            .then(currentKeyCredentials => {
+            if (this.verbose) {
+                logger.logToStderr(`Adding new keyCredential to list`);
+            }
+            // The KeyCredential graph type defines the 'key' property as 'NullableOption<number>'
+            // while it is a base64 encoded string. This is why a cast to any is used here.
+            const keyCredentials = currentKeyCredentials.filter(existingCredential => existingCredential.key !== certificateBase64Encoded);
+            const newKeyCredential = {
+                type: "AsymmetricX509Cert",
+                usage: "Verify",
+                displayName: args.options.certificateDisplayName,
+                key: certificateBase64Encoded
+            };
+            keyCredentials.push(newKeyCredential);
+            return Promise.resolve(keyCredentials);
+        })
+            .then(keyCredentials => this.updateKeyCredentials(objectId, keyCredentials, logger));
+    }
+    getCertificateBase64Encoded(args, logger) {
+        if (args.options.certificateBase64Encoded) {
+            return args.options.certificateBase64Encoded;
+        }
+        if (this.debug) {
+            logger.logToStderr(`Reading existing ${args.options.certificateFile}...`);
+        }
+        try {
+            return fs.readFileSync(args.options.certificateFile, { encoding: 'base64' });
+        }
+        catch (e) {
+            throw new Error(`Error reading certificate file: ${e}. Please add the certificate using base64 option '--certificateBase64Encoded'.`);
+        }
+    }
+    // We first retrieve existing certificates because we need to specify the full list of certificates when updating the app.
+    getCurrentKeyCredentialsList(args, objectId, certificateBase64Encoded, logger) {
+        if (this.verbose) {
+            logger.logToStderr(`Retrieving current keyCredentials list for app`);
+        }
+        const getAppRequestOptions = {
+            url: `${this.resource}/v1.0/myorganization/applications/${objectId}?$select=keyCredentials`,
+            headers: {
+                'content-type': 'application/json;odata.metadata=none'
+            },
+            responseType: 'json'
+        };
+        return request_1.default.get(getAppRequestOptions).then((application) => {
+            return Promise.resolve(application.keyCredentials || []);
+        });
+    }
+    updateKeyCredentials(objectId, keyCredentials, logger) {
+        if (this.verbose) {
+            logger.logToStderr(`Updating keyCredentials in AAD app`);
+        }
+        const requestOptions = {
+            url: `${this.resource}/v1.0/myorganization/applications/${objectId}`,
+            headers: {
+                'content-type': 'application/json;odata.metadata=none'
+            },
+            responseType: 'json',
+            data: {
+                keyCredentials: keyCredentials
+            }
+        };
+        return request_1.default.patch(requestOptions);
+    }
     options() {
         const options = [
             { option: '--appId [appId]' },
@@ -163,6 +242,9 @@ class AadAppSetCommand extends GraphCommand_1.default {
             { option: '-n, --name [name]' },
             { option: '-u, --uri [uri]' },
             { option: '-r, --redirectUris [redirectUris]' },
+            { option: '--certificateFile [certificateFile]' },
+            { option: '--certificateBase64Encoded [certificateBase64Encoded]' },
+            { option: '--certificateDisplayName [certificateDisplayName]' },
             {
                 option: '--platform [platform]',
                 autocomplete: AadAppSetCommand.aadApplicationPlatform
@@ -183,6 +265,15 @@ class AadAppSetCommand extends GraphCommand_1.default {
             (args.options.objectId && args.options.name)) {
             return 'Specify either appId, objectId or name but not both';
         }
+        if (args.options.certificateFile && args.options.certificateBase64Encoded) {
+            return 'Specify either certificateFile or certificateBase64Encoded but not both';
+        }
+        if (args.options.certificateDisplayName && !args.options.certificateFile && !args.options.certificateBase64Encoded) {
+            return 'When you specify certificateDisplayName you also need to specify certificateFile or certificateBase64Encoded';
+        }
+        if (args.options.certificateFile && !fs.existsSync(args.options.certificateFile)) {
+            return 'Certificate file not found';
+        }
         if (args.options.redirectUris && !args.options.platform) {
             return `When you specify redirectUris you also need to specify platform`;
         }

package/dist/m365/base/PowerBICommand.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const Command_1 = require("../../Command");
+class PowerBICommand extends Command_1.default {
+    get resource() {
+        return 'https://api.powerbi.com';
+    }
+}
+exports.default = PowerBICommand;
+//# sourceMappingURL=PowerBICommand.js.map

package/dist/m365/planner/commands/task/task-reference-add.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = require("../../../../request");
+const utils_1 = require("../../../../utils");
+const GraphCommand_1 = require("../../../base/GraphCommand");
+const commands_1 = require("../../commands");
+class PlannerTaskReferenceAddCommand extends GraphCommand_1.default {
+    get name() {
+        return commands_1.default.TASK_REFERENCE_ADD;
+    }
+    get description() {
+        return 'Adds a new reference to a Planner task';
+    }
+    commandAction(logger, args, cb) {
+        this
+            .getTaskDetailsEtag(args.options.taskId)
+            .then(etag => {
+            const requestOptionsTaskDetails = {
+                url: `${this.resource}/v1.0/planner/tasks/${encodeURIComponent(args.options.taskId)}/details`,
+                headers: {
+                    'accept': 'application/json;odata.metadata=none',
+                    'If-Match': etag,
+                    'Prefer': 'return=representation'
+                },
+                responseType: 'json',
+                data: {
+                    references: {
+                        [utils_1.formatting.openTypesEncoder(args.options.url)]: Object.assign(Object.assign({ '@odata.type': 'microsoft.graph.plannerExternalReference', previewPriority: ' !' }, (args.options.alias && { alias: args.options.alias })), (args.options.type && { type: args.options.type }))
+                    }
+                }
+            };
+            return request_1.default.patch(requestOptionsTaskDetails);
+        })
+            .then((res) => {
+            logger.log(res.references);
+            cb();
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    getTaskDetailsEtag(taskId) {
+        const requestOptions = {
+            url: `${this.resource}/v1.0/planner/tasks/${encodeURIComponent(taskId)}/details`,
+            headers: {
+                accept: 'application/json'
+            },
+            responseType: 'json'
+        };
+        return request_1.default
+            .get(requestOptions)
+            .then((response) => {
+            const etag = response ? response['@odata.etag'] : undefined;
+            if (!etag) {
+                return Promise.reject(`Error fetching task details`);
+            }
+            return Promise.resolve(etag);
+        });
+    }
+    options() {
+        const options = [
+            { option: '-i, --taskId <taskId>' },
+            { option: '-u, --url <url>' },
+            { option: '--alias [alias]' },
+            { option: '--type [type]' }
+        ];
+        const parentOptions = super.options();
+        return options.concat(parentOptions);
+    }
+    validate(args) {
+        if (args.options.type && ['powerpoint', 'word', 'excel', 'other'].indexOf(args.options.type.toLocaleLowerCase()) === -1) {
+            return `${args.options.type} is not a valid type value. Allowed values PowerPoint|Word|Excel|Other`;
+        }
+        return true;
+    }
+}
+module.exports = new PlannerTaskReferenceAddCommand();
+//# sourceMappingURL=task-reference-add.js.map

package/dist/m365/planner/commands/task/task-reference-list.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = require("../../../../request");
+const GraphCommand_1 = require("../../../base/GraphCommand");
+const commands_1 = require("../../commands");
+const utils_1 = require("../../../../utils");
+const Auth_1 = require("../../../../Auth");
+class PlannerTaskReferenceListCommand extends GraphCommand_1.default {
+    get name() {
+        return commands_1.default.TASK_REFERENCE_LIST;
+    }
+    get description() {
+        return 'Retrieve the references of the specified planner task';
+    }
+    commandAction(logger, args, cb) {
+        if (utils_1.accessToken.isAppOnlyAccessToken(Auth_1.default.service.accessTokens[this.resource].accessToken)) {
+            this.handleError('This command does not support application permissions.', logger, cb);
+            return;
+        }
+        const requestOptions = {
+            url: `${this.resource}/v1.0/planner/tasks/${encodeURIComponent(args.options.taskId)}/details?$select=references`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .get(requestOptions)
+            .then((res) => {
+            logger.log(res.references);
+            cb();
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    options() {
+        const options = [
+            {
+                option: '-i, --taskId <taskId>'
+            }
+        ];
+        const parentOptions = super.options();
+        return options.concat(parentOptions);
+    }
+}
+module.exports = new PlannerTaskReferenceListCommand();
+//# sourceMappingURL=task-reference-list.js.map

package/dist/m365/planner/commands.js

@@ -8,13 +8,15 @@ exports.default = {
     BUCKET_REMOVE: `${prefix} bucket remove`,
     BUCKET_GET: `${prefix} bucket get`,
     PLAN_ADD: `${prefix} plan add`,
-    PLAN_GET: `${prefix} plan get`,
     PLAN_DETAILS_GET: `${prefix} plan details get`,
+    PLAN_GET: `${prefix} plan get`,
     PLAN_LIST: `${prefix} plan list`,
     TASK_ADD: `${prefix} task add`,
     TASK_DETAILS_GET: `${prefix} task details get`,
     TASK_GET: `${prefix} task get`,
     TASK_LIST: `${prefix} task list`,
+    TASK_REFERENCE_ADD: `${prefix} task reference add`,
+    TASK_REFERENCE_LIST: `${prefix} task reference list`,
     TASK_SET: `${prefix} task set`
 };
 //# sourceMappingURL=commands.js.map

package/dist/m365/pp/commands/gateway/gateway-list.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = require("../../../../request");
+const PowerBICommand_1 = require("../../../base/PowerBICommand");
+const commands_1 = require("../../commands");
+class PpGatewayListCommand extends PowerBICommand_1.default {
+    get name() {
+        return commands_1.default.GATEWAY_LIST;
+    }
+    get description() {
+        return 'Returns a list of gateways for which the user is an admin';
+    }
+    defaultProperties() {
+        return ['id', 'name'];
+    }
+    commandAction(logger, args, cb) {
+        if (this.verbose) {
+            logger.logToStderr(`Retrieving list of gateways for which the user is an admin...`);
+        }
+        const requestOptions = {
+            url: `${this.resource}/v1.0/myorg/gateways`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .get(requestOptions)
+            .then((res) => {
+            logger.log(res.value);
+            cb();
+        }, (rawRes) => this.handleRejectedODataJsonPromise(rawRes, logger, cb));
+    }
+}
+module.exports = new PpGatewayListCommand();
+//# sourceMappingURL=gateway-list.js.map

package/dist/m365/pp/commands.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const prefix = 'pp';
 exports.default = {
     ENVIRONMENT_LIST: `${prefix} environment list`,
+    GATEWAY_LIST: `${prefix} gateway list`,
     MANAGEMENTAPP_ADD: `${prefix} managementapp add`,
     MANAGEMENTAPP_LIST: `${prefix} managementapp list`
 };

package/dist/m365/teams/commands/channel/channel-member-add.js

@@ -153,8 +153,11 @@ class TeamsChannelMemberAddCommand extends GraphCommand_1.default {
             if (!channelItem) {
                 return Promise.reject(`The specified channel '${args.options.channelName}' does not exist in the Microsoft Teams team with ID '${teamId}'`);
             }
+            if (channelItem.membershipType !== "private") {
+                return Promise.reject(`The specified channel is not a private channel`);
+            }
             return Promise.resolve(channelItem.id);
-        }, err => { return Promise.reject(err); });
+        });
     }
     getUserId(args) {
         if (args.options.userId) {

package/dist/m365/teams/commands/channel/channel-member-remove.js

@@ -135,6 +135,9 @@ class TeamsChannelMemberRemoveCommand extends GraphCommand_1.default {
             if (!channelItem) {
                 return Promise.reject(`The specified channel does not exist in the Microsoft Teams team`);
             }
+            if (channelItem.membershipType !== "private") {
+                return Promise.reject(`The specified channel is not a private channel`);
+            }
             return Promise.resolve(channelItem.id);
         });
     }

package/dist/m365/teams/commands/channel/channel-member-set.js

@@ -103,6 +103,9 @@ class TeamsChannelMemberSetCommand extends GraphCommand_1.default {
             if (!channelItem) {
                 return Promise.reject(`The specified channel does not exist in the Microsoft Teams team`);
             }
+            if (channelItem.membershipType !== "private") {
+                return Promise.reject(`The specified channel is not a private channel`);
+            }
             return Promise.resolve(channelItem.id);
         });
     }

package/dist/utils/formatting.js

@@ -30,8 +30,9 @@ exports.formatting = {
         return JSON.parse(s.replace(/^\uFEFF/, ''));
     },
     filterObject(obj, propertiesToInclude) {
-        return Object.keys(obj)
-            .filter(key => propertiesToInclude.includes(key))
+        const objKeys = Object.keys(obj);
+        return propertiesToInclude
+            .filter(prop => objKeys.includes(prop))
             .reduce((filtered, key) => {
             filtered[key] = obj[key];
             return filtered;
@@ -64,6 +65,14 @@ exports.formatting = {
     },
     splitAndTrim(s) {
         return s.split(',').map(c => c.trim());
+    },
+    openTypesEncoder(value) {
+        return value
+            .replace(/\%/g, '%25')
+            .replace(/\./g, '%2E')
+            .replace(/:/g, '%3A')
+            .replace(/@/g, '%40')
+            .replace(/#/g, '%23');
     }
 };
 //# sourceMappingURL=formatting.js.map

package/docs/docs/cmd/aad/app/app-add.md

@@ -49,6 +49,15 @@ m365 aad app add [options]
 `--scopeAdminConsentDescription [scopeAdminConsentDescription]`
 : Scope admin consent description
 
+`--certificateFile [certificateFile]`
+: Path to the file with certificate public key. Specify either `certificateFile` or `certificateBase64Encoded`
+
+`--certificateBase64Encoded [certificateBase64Encoded]`
+: Base64-encoded string with certificate public key. Specify either `certificateFile` or `certificateBase64Encoded`
+
+`--certificateDisplayName [certificateDisplayName]`
+: Display name for the certificate. If not given, the displayName will be set to the certificate subject. When specified, also specify either `certificateFile` or `certificateBase64Encoded`
+
 `--manifest [manifest]`
 : Azure AD app manifest as retrieved from the Azure Portal to create the app registration from
 
@@ -152,3 +161,9 @@ Create new Azure AD app registration with the specified name. Store information
 ```sh
 m365 aad app add --name 'My AAD app' --save
 ```
+
+Create new Azure AD app registration with a certificate
+
+```sh
+m365 aad app add --name 'My AAD app' --certificateDisplayName "Some certificate name" --certificateFile c:\temp\some-certificate.cer
+```

package/docs/docs/cmd/aad/app/app-set.md

@@ -31,6 +31,15 @@ m365 aad app set [options]
 `--redirectUrisToRemove [redirectUrisToRemove]`
 : Comma-separated list of existing redirect URIs to remove. Specify, when you want to replace existing redirect URIs with another
 
+`--certificateFile [certificateFile]`
+: Path to the file with certificate public key. Specify either `certificateFile` or `certificateBase64Encoded`
+
+`--certificateBase64Encoded [certificateBase64Encoded]`
+: Base64-encoded string with certificate public key. Specify either `certificateFile` or `certificateBase64Encoded`
+
+`--certificateDisplayName [certificateDisplayName]`
+: Display name for the certificate. If not given, the displayName will be set to the certificate subject. When specified, also specify either `certificateFile` or `certificateBase64Encoded`
+
 --8<-- "docs/cmd/_global.md"
 
 ## Remarks
@@ -39,6 +48,8 @@ For best performance use the `objectId` option to reference the Azure AD applica
 
 If the command finds multiple Azure AD application registrations with the specified app name, it will prompt you to disambiguate which app it should use, listing the discovered object IDs.
 
+When a certificate is specified it will be added to the list of certificates of the app without changing existing certificates.
+
 ## Examples
 
 Update the app URI of the Azure AD application registration specified by its object ID
@@ -70,3 +81,9 @@ Replace one redirect URI with another for SPA authentication
 ```sh
 m365 aad app set --objectId 95cfe30d-ed44-4f9d-b73d-c66560f72e83 --redirectUris https://contoso.com/auth --platform spa --redirectUrisToRemove https://contoso.com/old-auth
 ```
+
+Add a certificate to the app
+
+```sh
+m365 aad app set --certificateDisplayName "Some certificate name" --certificateFile c:\temp\some-certificate.cer
+```

package/docs/docs/cmd/aad/approleassignment/approleassignment-remove.md

@@ -1,4 +1,4 @@
-# aad approleassignment add
+# aad approleassignment remove
 
 Deletes an app role assignment for the specified Azure AD Application Registration
 

package/docs/docs/cmd/planner/task/task-reference-add.md

@@ -0,0 +1,45 @@
+# planner task reference add
+
+Adds a new reference to a Planner task.
+
+## Usage
+
+```sh
+m365 planner task reference add [options]
+```
+
+## Options
+
+`-i, --taskId <taskId>`
+: ID of the task.
+
+`-u, --url <url>`
+: URL location of the reference.
+
+`--alias [alias]`
+: A name alias to describe the reference.
+
+`--type [type]`
+: Used to describe the type of the reference. Types include: `PowerPoint`, `Word`, `Excel`, `Other`.
+
+--8<-- "docs/cmd/_global.md"
+
+## Examples
+
+Add a new reference with the url _https://www.microsoft.com_ to a Planner task with the id _2Vf8JHgsBUiIf-nuvBtv-ZgAAYw2_
+
+```sh
+m365 planner task reference add --taskId "2Vf8JHgsBUiIf-nuvBtv-ZgAAYw2" --url "https://www.microsoft.com"
+```
+
+Add a new reference with the url _https://www.microsoft.com_ and with the alias _Parker_ to a Planner task with the id _2Vf8JHgsBUiIf-nuvBtv-ZgAAYw2_
+
+```sh
+m365 planner task reference add --taskId "2Vf8JHgsBUiIf-nuvBtv-ZgAAYw2" --url "https://www.microsoft.com" --alias "Parker"
+```
+
+Add a new reference with the url _https://www.microsoft.com_ and with the type Excel to a Planner task with the id _2Vf8JHgsBUiIf-nuvBtv-ZgAAYw2_
+
+```sh
+m365 planner task reference add --taskId "2Vf8JHgsBUiIf-nuvBtv-ZgAAYw2" --url "https://www.microsoft.com" --type "Excel"
+```

package/docs/docs/cmd/planner/task/task-reference-list.md

@@ -0,0 +1,24 @@
+# planner task reference list
+
+Retrieve the references associated to a Planner task.
+
+## Usage
+
+```sh
+m365 planner task reference list [options]
+```
+
+## Options
+
+`-i, --taskId <taskId>`
+: ID of the task to retrieve references from
+
+--8<-- "docs/cmd/_global.md"
+
+## Examples
+
+Retrieve the references of the specified planner task
+
+```sh
+m365 planner task reference list --taskId uBk5fK_MHkeyuPYlCo4OFpcAM
+```

package/docs/docs/cmd/pp/gateway/gateway-list.md

@@ -0,0 +1,21 @@
+# pp gateway list
+
+Returns a list of gateways for which the user is an admin
+
+## Usage
+
+```sh
+m365 pp gateway list [options]
+```
+
+## Options
+
+--8<-- "docs/cmd/_global.md"
+
+## Examples
+
+List gateways for which the user is an admin
+
+```sh
+m365 pp gateway list
+```

package/docs/docs/cmd/spo/userprofile/userprofile-get.md

@@ -1,4 +1,4 @@
-# spo userprofile set
+# spo userprofile get
 
 Get SharePoint user profile properties for the specified user
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnp/cli-microsoft365",
-  "version": "5.3.0-beta.4033f50",
+  "version": "5.3.0-beta.421b58b",
   "description": "Manage Microsoft 365 and SharePoint Framework projects on any platform",
   "license": "MIT",
   "main": "./dist/api.js",
@@ -131,6 +131,7 @@
     "Lingstuyl, Martin <martin@i4-you.com>",
     "Maillot, Michaël <battosaimykle@gmail.com>",
     "Mastykarz, Waldek <waldek@mastykarz.nl>",
+    "Mathijs Verbeeck <mathijs.verbeeck@vanroey.be",
     "McDonnell, Kevin <kevin@mcd79.com>",
     "Menon, Arjun <arjun.umenon@gmail.com>",
     "Moujahid, Abderahman <rags_place@hotmail.com>",