@pnp/cli-microsoft365 7.5.0-beta.d4d820f → 7.6.0-beta.443bfd8

package/dist/Auth.js

@@ -7,6 +7,8 @@ import config from './config.js';
 import request from './request.js';
 import { settingsNames } from './settingsNames.js';
 import { browserUtil } from './utils/browserUtil.js';
+import * as accessTokenUtil from './utils/accessToken.js';
+import assert from 'assert';
 export var CloudType;
 (function (CloudType) {
     CloudType[CloudType["Public"] = 0] = "Public";
@@ -15,9 +17,9 @@ export var CloudType;
     CloudType[CloudType["USGovDoD"] = 3] = "USGovDoD";
     CloudType[CloudType["China"] = 4] = "China";
 })(CloudType || (CloudType = {}));
-export class Service {
+export class Connection {
     constructor() {
-        this.connected = false;
+        this.active = false;
         this.authType = AuthType.DeviceCode;
         this.certificateType = CertificateType.Unknown;
         this.cloudType = CloudType.Public;
@@ -26,17 +28,22 @@ export class Service {
         this.tenant = config.tenant;
         this.cloudType = CloudType.Public;
     }
-    logout() {
-        this.connected = false;
+    deactivate() {
+        this.active = false;
+        this.name = undefined;
+        this.identityName = undefined;
+        this.identityId = undefined;
+        this.identityTenantId = undefined;
         this.accessTokens = {};
         this.authType = AuthType.DeviceCode;
         this.userName = undefined;
         this.password = undefined;
         this.certificateType = CertificateType.Unknown;
+        this.cloudType = CloudType.Public;
         this.certificate = undefined;
         this.thumbprint = undefined;
         this.spoUrl = undefined;
-        this.tenantId = undefined;
+        this.spoTenantId = undefined;
         this.appId = config.cliAadAppId;
         this.tenant = config.tenant;
     }
@@ -57,14 +64,26 @@ export var CertificateType;
     CertificateType[CertificateType["Binary"] = 2] = "Binary";
 })(CertificateType || (CertificateType = {}));
 export class Auth {
-    get service() {
-        return this._service;
+    // Retrieves the connections from the file store if it's not already loaded
+    async getAllConnections() {
+        if (this._allConnections === undefined) {
+            try {
+                this._allConnections = await this.getAllConnectionsFromStorage();
+            }
+            catch {
+                this._allConnections = [];
+            }
+        }
+        return this._allConnections;
+    }
+    get connection() {
+        return this._connection;
     }
     get defaultResource() {
-        return Auth.getEndpointForResource('https://graph.microsoft.com', this._service.cloudType);
+        return Auth.getEndpointForResource('https://graph.microsoft.com', this._connection.cloudType);
     }
     constructor() {
-        this._service = new Service();
+        this._connection = new Connection();
     }
     // we need to init cloud endpoints here, because we're using CloudType enum
     // as indexers, which we can't do in the static initializer
@@ -98,19 +117,19 @@ export class Auth {
     }
     async restoreAuth() {
         // check if auth has been restored previously
-        if (this._service.connected) {
+        if (this._connection.active) {
             return Promise.resolve();
         }
         try {
-            const service = await this.getServiceConnectionInfo();
-            this._service = Object.assign(this._service, service);
+            const connection = await this.getConnectionInfoFromStorage();
+            this._connection = Object.assign(this._connection, connection);
         }
         catch {
         }
     }
     async ensureAccessToken(resource, logger, debug = false, fetchNew = false) {
         const now = new Date();
-        const accessToken = this.service.accessTokens[resource];
+        const accessToken = this.connection.accessTokens[resource];
         const expiresOn = accessToken && accessToken.expiresOn ?
             // if expiresOn is serialized from the service file, it's set as a string
             // if it's coming from MSAL, it's a Date
@@ -125,7 +144,7 @@ export class Auth {
         else {
             if (debug) {
                 if (!accessToken) {
-                    await logger.logToStderr(`No token found for resource ${resource}`);
+                    await logger.logToStderr(`No token found for resource ${resource}.`);
                 }
                 else {
                     await logger.logToStderr(`Access token expired. Token: ${accessToken.accessToken}, ExpiresAt: ${accessToken.expiresOn}`);
@@ -133,21 +152,24 @@ export class Auth {
             }
         }
         let getTokenPromise;
-        // when using cert, you can't retrieve token silently, because there is
-        // no account. Also cert auth instantiates clientApplication itself
+        // When using an application identity, you can't retrieve the access token silently, because there is
+        // no account. Also (for cert auth) clientApplication is instantiated later
         // after inspecting the specified cert and calculating thumbprint if one
         // wasn't specified
-        if (this.service.authType !== AuthType.Certificate) {
-            this.clientApplication = await this.getClientApplication(logger, debug);
+        if (this.connection.authType !== AuthType.Certificate &&
+            this.connection.authType !== AuthType.Secret &&
+            this.connection.authType !== AuthType.Identity) {
+            this.clientApplication = await this.getPublicClient(logger, debug);
             if (this.clientApplication) {
                 const accounts = await this.clientApplication.getTokenCache().getAllAccounts();
-                if (accounts.length > 0) {
+                // if there is an account in the cache and it's active, we can try to get the token silently
+                if (accounts.filter(a => a.localAccountId === this.connection.identityId).length > 0 && this.connection.active === true) {
                     getTokenPromise = this.ensureAccessTokenSilent.bind(this);
                 }
             }
         }
         if (!getTokenPromise) {
-            switch (this.service.authType) {
+            switch (this.connection.authType) {
                 case AuthType.DeviceCode:
                     getTokenPromise = this.ensureAccessTokenWithDeviceCode.bind(this);
                     break;
@@ -171,9 +193,9 @@ export class Auth {
         const response = await getTokenPromise(resource, logger, debug, fetchNew);
         if (!response) {
             if (debug) {
-                await logger.logToStderr(`getTokenPromise authentication result is null`);
+                await logger.logToStderr('getTokenPromise authentication result is null.');
             }
-            throw `Failed to retrieve an access token. Please try again`;
+            throw 'Failed to retrieve an access token. Please try again.';
         }
         else {
             if (debug) {
@@ -182,11 +204,15 @@ export class Auth {
                 await logger.logToStderr('');
             }
         }
-        this.service.accessTokens[resource] = {
+        this.connection.accessTokens[resource] = {
             expiresOn: response.expiresOn,
             accessToken: response.accessToken
         };
-        this.service.connected = true;
+        this.connection.active = true;
+        this.connection.identityName = accessTokenUtil.accessToken.getUserNameFromAccessToken(response.accessToken);
+        this.connection.identityId = accessTokenUtil.accessToken.getUserIdFromAccessToken(response.accessToken);
+        this.connection.identityTenantId = accessTokenUtil.accessToken.getTenantIdFromAccessToken(response.accessToken);
+        this.connection.name = this.connection.name || this.connection.identityId;
         try {
             await this.storeConnectionInfo();
         }
@@ -199,21 +225,6 @@ export class Auth {
         }
         return response.accessToken;
     }
-    async getClientApplication(logger, debug) {
-        switch (this.service.authType) {
-            case AuthType.DeviceCode:
-            case AuthType.Password:
-            case AuthType.Browser:
-                return await this.getPublicClient(logger, debug);
-            case AuthType.Certificate:
-                return await this.getConfidentialClient(logger, debug, this.service.thumbprint, this.service.password, undefined);
-            case AuthType.Identity:
-                // msal-node doesn't support managed identity so we need to do it manually
-                return undefined;
-            case AuthType.Secret:
-                return await this.getConfidentialClient(logger, debug, undefined, undefined, this.service.secret);
-        }
-    }
     async getAuthClientConfiguration(logger, debug, certificateThumbprint, certificatePrivateKey, clientSecret) {
         const msal = await import('@azure/msal-node');
         const { LogLevel } = msal;
@@ -222,7 +233,7 @@ export class Auth {
             privateKey: certificatePrivateKey
         };
         let azureCloudInstance = AzureCloudInstance.None;
-        switch (this.service.cloudType) {
+        switch (this.connection.cloudType) {
             case CloudType.Public:
                 azureCloudInstance = AzureCloudInstance.AzurePublic;
                 break;
@@ -236,11 +247,11 @@ export class Auth {
                 break;
         }
         const config = {
-            clientId: this.service.appId,
-            authority: `${Auth.getEndpointForResource('https://login.microsoftonline.com', this.service.cloudType)}/${this.service.tenant}`,
+            clientId: this.connection.appId,
+            authority: `${Auth.getEndpointForResource('https://login.microsoftonline.com', this.connection.cloudType)}/${this.connection.tenant}`,
             azureCloudOptions: {
                 azureCloudInstance,
-                tenant: this.service.tenant
+                tenant: this.connection.tenant
             }
         };
         const authConfig = cert
@@ -270,11 +281,11 @@ export class Auth {
     async getPublicClient(logger, debug) {
         const msal = await import('@azure/msal-node');
         const { PublicClientApplication } = msal;
-        if (this.service.authType === AuthType.Password &&
-            this.service.tenant === 'common') {
+        if (this.connection.authType === AuthType.Password &&
+            this.connection.tenant === 'common') {
             // common is not supported for the password flow and must be changed to
             // organizations
-            this.service.tenant = 'organizations';
+            this.connection.tenant = 'organizations';
         }
         return new PublicClientApplication(await this.getAuthClientConfiguration(logger, debug));
     }
@@ -292,7 +303,7 @@ export class Auth {
             if (!this._authServer) {
                 this._authServer = (await import('./AuthServer.js')).default;
             }
-            this._authServer.initializeServer(this.service, resource, resolve, reject, logger, debug);
+            this._authServer.initializeServer(this.connection, resource, resolve, reject, logger, debug);
         });
     }
     async ensureAccessTokenWithBrowser(resource, logger, debug) {
@@ -313,10 +324,14 @@ export class Auth {
         if (debug) {
             await logger.logToStderr(`Retrieving new access token silently`);
         }
-        const accounts = await this.clientApplication
-            .getTokenCache().getAllAccounts();
+        // Asserting identityId because it is expected to be available at this point.
+        assert(this.connection.identityId !== undefined);
+        const account = await this.clientApplication
+            .getTokenCache().getAccountByLocalId(this.connection.identityId);
+        // Asserting account because it is expected to be available at this point.
+        assert(account !== null);
         return this.clientApplication.acquireTokenSilent({
-            account: accounts[0],
+            account: account,
             scopes: [`${resource}/.default`],
             forceRefresh: fetchNew
         });
@@ -367,40 +382,40 @@ export class Auth {
             await logger.logToStderr(`Retrieving new access token using credentials...`);
         }
         return this.clientApplication.acquireTokenByUsernamePassword({
-            username: this.service.userName,
-            password: this.service.password,
+            username: this.connection.userName,
+            password: this.connection.password,
             scopes: [`${resource}/.default`]
         });
     }
-    async ensureAccessTokenWithCertificate(resource, logger, debug) {
+    async ensureAccessTokenWithCertificate(resource, logger, debug, fetchNew) {
         const nodeForge = (await import('node-forge')).default;
         const { pem, pki, asn1, pkcs12 } = nodeForge;
         if (debug) {
             await logger.logToStderr(`Retrieving new access token using certificate...`);
         }
         let cert = '';
-        const buf = Buffer.from(this.service.certificate, 'base64');
-        if (this.service.certificateType === CertificateType.Unknown || this.service.certificateType === CertificateType.Base64) {
+        const buf = Buffer.from(this.connection.certificate, 'base64');
+        if (this.connection.certificateType === CertificateType.Unknown || this.connection.certificateType === CertificateType.Base64) {
             // First time this method is called, we don't know if certificate is PEM or PFX (type is Unknown)
             // We assume it is PEM but when parsing of PEM fails, we assume it could be PFX
             // Type is persisted on service so subsequent calls only run through the correct parsing flow
             try {
                 cert = buf.toString('utf8');
                 const pemObjs = pem.decode(cert);
-                if (this.service.thumbprint === undefined) {
+                if (this.connection.thumbprint === undefined) {
                     const pemCertObj = pemObjs.find(pem => pem.type === "CERTIFICATE");
                     const pemCertStr = pem.encode(pemCertObj);
                     const pemCert = pki.certificateFromPem(pemCertStr);
-                    this.service.thumbprint = await this.calculateThumbprint(pemCert);
+                    this.connection.thumbprint = await this.calculateThumbprint(pemCert);
                 }
             }
             catch (e) {
-                this.service.certificateType = CertificateType.Binary;
+                this.connection.certificateType = CertificateType.Binary;
             }
         }
-        if (this.service.certificateType === CertificateType.Binary) {
+        if (this.connection.certificateType === CertificateType.Binary) {
             const p12Asn1 = asn1.fromDer(buf.toString('binary'), false);
-            const p12Parsed = pkcs12.pkcs12FromAsn1(p12Asn1, false, this.service.password);
+            const p12Parsed = pkcs12.pkcs12FromAsn1(p12Asn1, false, this.connection.password);
             let keyBags = p12Parsed.getBags({ bagType: pki.oids.pkcs8ShroudedKeyBag });
             const pkcs8ShroudedKeyBag = keyBags[pki.oids.pkcs8ShroudedKeyBag][0];
             if (debug) {
@@ -419,19 +434,20 @@ export class Auth {
             const privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);
             // convert a PKCS#8 ASN.1 PrivateKeyInfo to PEM
             cert = pki.privateKeyInfoToPem(privateKeyInfo);
-            if (this.service.thumbprint === undefined) {
+            if (this.connection.thumbprint === undefined) {
                 const certBags = p12Parsed.getBags({ bagType: pki.oids.certBag });
                 const certBag = (certBags[pki.oids.certBag])[0];
-                this.service.thumbprint = await this.calculateThumbprint(certBag.cert);
+                this.connection.thumbprint = await this.calculateThumbprint(certBag.cert);
             }
         }
-        this.clientApplication = await this.getConfidentialClient(logger, debug, this.service.thumbprint, cert);
+        this.clientApplication = await this.getConfidentialClient(logger, debug, this.connection.thumbprint, cert);
         return this.clientApplication.acquireTokenByClientCredential({
-            scopes: [`${resource}/.default`]
+            scopes: [`${resource}/.default`],
+            skipCache: fetchNew
         });
     }
     async ensureAccessTokenWithIdentity(resource, logger, debug) {
-        const userName = this.service.userName;
+        const userName = this.connection.userName;
         if (debug) {
             await logger.logToStderr('Will try to retrieve access token using identity...');
         }
@@ -547,10 +563,11 @@ export class Auth {
             }
         }
     }
-    async ensureAccessTokenWithSecret(resource, logger, debug) {
-        this.clientApplication = await this.getConfidentialClient(logger, debug, undefined, undefined, this.service.secret);
+    async ensureAccessTokenWithSecret(resource, logger, debug, fetchNew) {
+        this.clientApplication = await this.getConfidentialClient(logger, debug, undefined, undefined, this.connection.secret);
         return this.clientApplication.acquireTokenByClientCredential({
-            scopes: [`${resource}/.default`]
+            scopes: [`${resource}/.default`],
+            skipCache: fetchNew
         });
     }
     async calculateThumbprint(certificate) {
@@ -564,7 +581,7 @@ export class Auth {
         let resource = url;
         const pos = resource.indexOf('/', 8);
         if (pos > -1) {
-            resource = resource.substr(0, pos);
+            resource = resource.substring(0, pos);
         }
         if (resource === 'https://api.bap.microsoft.com' ||
             resource === 'https://api.powerapps.com' ||
@@ -581,29 +598,70 @@ export class Auth {
         }
         return resource;
     }
-    async getServiceConnectionInfo() {
-        const tokenStorage = this.getTokenStorage();
+    async getConnectionInfoFromStorage() {
+        const tokenStorage = this.getConnectionStorage();
         const json = await tokenStorage.get();
         return JSON.parse(json);
     }
-    storeConnectionInfo() {
-        const tokenStorage = this.getTokenStorage();
-        return tokenStorage.set(JSON.stringify(this.service));
+    async storeConnectionInfo() {
+        const connectionStorage = this.getConnectionStorage();
+        await connectionStorage.set(JSON.stringify(this.connection));
+        let allConnections = await this.getAllConnections();
+        if (this.connection.active) {
+            allConnections = allConnections.filter(c => c.identityId !== this.connection.identityId);
+            allConnections.forEach(c => c.active = false);
+            allConnections = [{ ...this.connection }, ...allConnections];
+        }
+        this._allConnections = allConnections;
+        const allConnectionsStorage = this.getAllConnectionsStorage();
+        await allConnectionsStorage.set(JSON.stringify(allConnections));
     }
     async clearConnectionInfo() {
-        const tokenStorage = this.getTokenStorage();
-        await tokenStorage.remove();
+        const connectionStorage = this.getConnectionStorage();
+        const allConnectionsStorage = this.getAllConnectionsStorage();
+        await connectionStorage.remove();
+        await allConnectionsStorage.remove();
         // we need to manually clear MSAL cache, because MSAL doesn't have support
         // for logging out when using cert-based auth
         const msalCache = this.getMsalCacheStorage();
         await msalCache.remove();
     }
-    getTokenStorage() {
+    async removeConnectionInfo(connection, logger, debug) {
+        const allConnections = await this.getAllConnections();
+        const isCurrentConnection = this.connection.name === connection.name;
+        this._allConnections = allConnections.filter(c => c.name !== connection.name);
+        // Asserting identityId because it is optional, but required at this point.
+        assert(connection.identityId !== undefined);
+        // When using an application identity, there is no account in the MSAL TokenCache
+        if (this.connection.authType !== AuthType.Certificate &&
+            this.connection.authType !== AuthType.Secret &&
+            this.connection.authType !== AuthType.Identity) {
+            this.clientApplication = await this.getPublicClient(logger, debug);
+            if (this.clientApplication) {
+                const tokenCache = this.clientApplication.getTokenCache();
+                const account = await tokenCache.getAccountByLocalId(connection.identityId);
+                if (account !== null) {
+                    await tokenCache.removeAccount(account);
+                }
+            }
+        }
+        const connectionStorage = this.getConnectionStorage();
+        const allConnectionsStorage = this.getAllConnectionsStorage();
+        await allConnectionsStorage.set(JSON.stringify(this._allConnections));
+        if (isCurrentConnection) {
+            await connectionStorage.remove();
+            this.connection.deactivate();
+        }
+    }
+    getConnectionStorage() {
         return new FileTokenStorage(FileTokenStorage.connectionInfoFilePath());
     }
     getMsalCacheStorage() {
         return new FileTokenStorage(FileTokenStorage.msalCacheFilePath());
     }
+    getAllConnectionsStorage() {
+        return new FileTokenStorage(FileTokenStorage.allConnectionsFilePath());
+    }
     static getEndpointForResource(resource, cloudType) {
         if (Auth.cloudEndpoints[cloudType] &&
             Auth.cloudEndpoints[cloudType][resource]) {
@@ -613,6 +671,52 @@ export class Auth {
             return resource;
         }
     }
+    async getAllConnectionsFromStorage() {
+        const connectionStorage = this.getAllConnectionsStorage();
+        const json = await connectionStorage.get();
+        return JSON.parse(json);
+    }
+    async switchToConnection(connection) {
+        this.connection.deactivate();
+        this._connection = Object.assign(this._connection, connection);
+        this._connection.active = true;
+        await this.storeConnectionInfo();
+    }
+    async updateConnection(connection, newName) {
+        const allConnections = await this.getAllConnections();
+        const existingConnection = allConnections.find(c => c.name === newName);
+        const oldName = connection.name;
+        if (existingConnection) {
+            throw new CommandError(`The connection name '${newName}' is already in use`);
+        }
+        connection.name = newName;
+        if (this.connection.name === oldName) {
+            this._connection.name = newName;
+        }
+        await this.storeConnectionInfo();
+    }
+    async getConnection(name) {
+        const allConnections = await this.getAllConnections();
+        const connection = allConnections.find(i => i.name === name);
+        if (!connection) {
+            throw new CommandError(`The connection '${name}' cannot be found`);
+        }
+        return connection;
+    }
+    getConnectionDetails(connection) {
+        // Asserting name and identityId because they are optional, but required at this point.    
+        assert(connection.identityName !== undefined);
+        assert(connection.name !== undefined);
+        const details = {
+            connectionName: connection.name,
+            connectedAs: connection.identityName,
+            authType: AuthType[connection.authType],
+            appId: connection.appId,
+            appTenant: connection.tenant,
+            cloudType: CloudType[connection.cloudType]
+        };
+        return details;
+    }
 }
 Auth.cloudEndpoints = [];
 Auth.initialize();

package/dist/AuthServer.js

@@ -7,8 +7,8 @@ export class AuthServer {
         this.debug = false;
         this.resource = "";
         this.generatedServerUrl = "";
-        this.initializeServer = (service, resource, resolve, reject, logger, debug = false) => {
-            this.service = service;
+        this.initializeServer = (connection, resource, resolve, reject, logger, debug = false) => {
+            this.connection = connection;
             this.resolve = resolve;
             this.reject = reject;
             this.logger = logger;
@@ -20,7 +20,7 @@ export class AuthServer {
             const requestState = Math.random().toString(16).substr(2, 20);
             const address = this.httpServer.address();
             this.generatedServerUrl = `http://localhost:${address.port}`;
-            const url = `${Auth.getEndpointForResource('https://login.microsoftonline.com', this.service.cloudType)}/${this.service.tenant}/oauth2/authorize?response_type=code&client_id=${this.service.appId}&redirect_uri=${this.generatedServerUrl}&state=${requestState}&resource=${this.resource}&prompt=select_account`;
+            const url = `${Auth.getEndpointForResource('https://login.microsoftonline.com', this.connection.cloudType)}/${this.connection.tenant}/oauth2/authorize?response_type=code&client_id=${this.connection.appId}&redirect_uri=${this.generatedServerUrl}&state=${requestState}&resource=${this.resource}&prompt=select_account`;
             if (this.debug) {
                 this.logger.logToStderr('Redirect URL:');
                 this.logger.logToStderr(url);

package/dist/Command.js

@@ -180,7 +180,7 @@ class Command {
             throw new CommandError(error);
         }
         this.initAction(args, logger);
-        if (!auth.service.connected) {
+        if (!auth.connection.active) {
             throw new CommandError('Log in to Microsoft 365 first');
         }
         try {
@@ -313,6 +313,9 @@ class Command {
         this.verbose = this.debug || args.options.verbose || process.env.CLIMICROSOFT365_VERBOSE === '1';
         request.debug = this.debug;
         request.logger = logger;
+        if (this.debug && auth.connection.identityName !== undefined) {
+            logger.logToStderr(`Executing command as '${auth.connection.identityName}', appId: ${auth.connection.appId}, tenantId: ${auth.connection.identityTenantId}`);
+        }
         telemetry.trackEvent(this.getUsedCommandName(), this.getTelemetryProperties(args));
     }
     getUnknownOptions(options) {
@@ -350,10 +353,10 @@ class Command {
         });
     }
     loadValuesFromAccessToken(args) {
-        if (!auth.service.accessTokens[auth.defaultResource]) {
+        if (!auth.connection.accessTokens[auth.defaultResource]) {
             return;
         }
-        const token = auth.service.accessTokens[auth.defaultResource].accessToken;
+        const token = auth.connection.accessTokens[auth.defaultResource].accessToken;
         const optionNames = Object.getOwnPropertyNames(args.options);
         optionNames.forEach(option => {
             const value = args.options[option];
@@ -362,7 +365,7 @@ class Command {
             }
             const lowerCaseValue = value.toLowerCase().trim();
             if (lowerCaseValue === '@meid' || lowerCaseValue === '@meusername') {
-                const isAppOnlyAccessToken = accessToken.isAppOnlyAccessToken(auth.service.accessTokens[auth.defaultResource].accessToken);
+                const isAppOnlyAccessToken = accessToken.isAppOnlyAccessToken(auth.connection.accessTokens[auth.defaultResource].accessToken);
                 if (isAppOnlyAccessToken) {
                     throw `It's not possible to use ${value} with application permissions`;
                 }
@@ -379,7 +382,7 @@ class Command {
         if (cli.currentCommandName &&
             cli.currentCommandName.indexOf(deprecated) === 0) {
             const chalk = (await import('chalk')).default;
-            await logger.logToStderr(chalk.yellow(`Command '${deprecated}' is deprecated. Please use '${recommended}' instead`));
+            await logger.logToStderr(chalk.yellow(`Command '${deprecated}' is deprecated. Please use '${recommended}' instead.`));
         }
     }
     async warn(logger, warning) {

package/dist/auth/FileTokenStorage.js

@@ -6,7 +6,10 @@ export class FileTokenStorage {
         return path.join(os.homedir(), '.cli-m365-msal.json');
     }
     static connectionInfoFilePath() {
-        return path.join(os.homedir(), '.cli-m365-tokens.json');
+        return path.join(os.homedir(), '.cli-m365-connection.json');
+    }
+    static allConnectionsFilePath() {
+        return path.join(os.homedir(), '.cli-m365-all-connections.json');
     }
     constructor(filePath) {
         this.filePath = filePath;

package/dist/cli/cli.js

@@ -98,7 +98,7 @@ async function execute(rawArgs) {
         if (parsedArgs.output !== 'none') {
             printHelp(await getHelpMode(parsedArgs));
         }
-        return Promise.resolve();
+        return;
     }
     delete cli.optionsFromArgs.options._;
     delete cli.optionsFromArgs.options['--'];

package/dist/m365/base/AppCommand.js

@@ -39,7 +39,7 @@ class AppCommand extends Command {
         }
         if (!this.m365rcJson.apps ||
             this.m365rcJson.apps.length === 0) {
-            throw new CommandError(`No Azure AD apps found in ${m365rcJsonPath}`);
+            throw new CommandError(`No Entra apps found in ${m365rcJsonPath}`);
         }
         if (args.options.appId) {
             if (!this.m365rcJson.apps.some(app => app.appId === args.options.appId)) {
@@ -54,7 +54,7 @@ class AppCommand extends Command {
         }
         if (this.m365rcJson.apps.length > 1) {
             const resultAsKeyValuePair = formatting.convertArrayToHashTable('appIdIndex', this.m365rcJson.apps);
-            const result = await cli.handleMultipleResultsFound(`Multiple Azure AD apps found in ${m365rcJsonPath}.`, resultAsKeyValuePair);
+            const result = await cli.handleMultipleResultsFound(`Multiple Entra apps found in ${m365rcJsonPath}.`, resultAsKeyValuePair);
             this.appId = this.m365rcJson.apps[result.appIdIndex].appId;
             await super.action(logger, args);
         }

package/dist/m365/base/PowerAppsCommand.js

@@ -6,11 +6,11 @@ export default class PowerAppsCommand extends Command {
     }
     initAction(args, logger) {
         super.initAction(args, logger);
-        if (!auth.service.connected) {
+        if (!auth.connection.active) {
             // we fail no login in the base command command class
             return;
         }
-        if (auth.service.cloudType !== CloudType.Public) {
+        if (auth.connection.cloudType !== CloudType.Public) {
             throw new CommandError(`Power Apps commands only support the public cloud at the moment. We'll add support for other clouds in the future. Sorry for the inconvenience.`);
         }
     }

package/dist/m365/base/PowerAutomateCommand.js

@@ -6,11 +6,11 @@ export default class PowerAutomateCommand extends Command {
     }
     initAction(args, logger) {
         super.initAction(args, logger);
-        if (!auth.service.connected) {
+        if (!auth.connection.active) {
             // we fail no login in the base command command class
             return;
         }
-        if (auth.service.cloudType !== CloudType.Public) {
+        if (auth.connection.cloudType !== CloudType.Public) {
             throw new CommandError(`Power Automate commands only support the public cloud at the moment. We'll add support for other clouds in the future. Sorry for the inconvenience.`);
         }
     }

package/dist/m365/base/PowerPlatformCommand.js

@@ -6,11 +6,11 @@ export default class PowerPlatformCommand extends Command {
     }
     initAction(args, logger) {
         super.initAction(args, logger);
-        if (!auth.service.connected) {
+        if (!auth.connection.active) {
             // we fail no login in the base command command class
             return;
         }
-        if (auth.service.cloudType !== CloudType.Public) {
+        if (auth.connection.cloudType !== CloudType.Public) {
             throw new CommandError(`Power Platform commands only support the public cloud at the moment. We'll add support for other clouds in the future. Sorry for the inconvenience.`);
         }
     }