npm - @pnp/cli-microsoft365 - Versions diffs - 9.0.0-beta.0d94b15 → 9.0.0-beta.1516729 - Mend

@pnp/cli-microsoft365 9.0.0-beta.0d94b15 → 9.0.0-beta.1516729

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/dist/Auth.js CHANGED Viewed

@@ -4,7 +4,6 @@ import { CommandError } from './Command.js';
 import { FileTokenStorage } from './auth/FileTokenStorage.js';
 import { msalCachePlugin } from './auth/msalCachePlugin.js';
 import { cli } from './cli/cli.js';
-import config from './config.js';
 import request from './request.js';
 import { settingsNames } from './settingsNames.js';
 import * as accessTokenUtil from './utils/accessToken.js';
@@ -22,10 +21,10 @@ export class Connection {
         this.active = false;
         this.authType = AuthType.DeviceCode;
         this.certificateType = CertificateType.Unknown;
+        // ID of the tenant where the Microsoft Entra app is registered; common if multi-tenant
+        this.tenant = 'common';
         this.cloudType = CloudType.Public;
         this.accessTokens = {};
-        this.appId = config.cliEntraAppId;
-        this.tenant = config.tenant;
         this.cloudType = CloudType.Public;
     }
     deactivate() {
@@ -44,18 +43,18 @@ export class Connection {
         this.thumbprint = undefined;
         this.spoUrl = undefined;
         this.spoTenantId = undefined;
-        this.appId = config.cliEntraAppId;
-        this.tenant = config.tenant;
+        this.appId = cli.getClientId();
+        this.tenant = cli.getTenant();
     }
 }
 export var AuthType;
 (function (AuthType) {
-    AuthType[AuthType["DeviceCode"] = 0] = "DeviceCode";
-    AuthType[AuthType["Password"] = 1] = "Password";
-    AuthType[AuthType["Certificate"] = 2] = "Certificate";
-    AuthType[AuthType["Identity"] = 3] = "Identity";
-    AuthType[AuthType["Browser"] = 4] = "Browser";
-    AuthType[AuthType["Secret"] = 5] = "Secret";
+    AuthType["DeviceCode"] = "deviceCode";
+    AuthType["Password"] = "password";
+    AuthType["Certificate"] = "certificate";
+    AuthType["Identity"] = "identity";
+    AuthType["Browser"] = "browser";
+    AuthType["Secret"] = "secret";
 })(AuthType || (AuthType = {}));
 export var CertificateType;
 (function (CertificateType) {
@@ -702,7 +701,7 @@ export class Auth {
         const details = {
             connectionName: connection.name,
             connectedAs: connection.identityName,
-            authType: AuthType[connection.authType],
+            authType: connection.authType,
             appId: connection.appId,
             appTenant: connection.tenant,
             cloudType: CloudType[connection.cloudType]

package/dist/Command.js CHANGED Viewed

@@ -111,9 +111,7 @@ class Command {
                 prompted = true;
                 await cli.error('🌶️  Provide values for the following parameters:');
             }
-            const answer = optionInfo.autocomplete !== undefined
-                ? await prompt.forSelection({ message: `${optionInfo.name}: `, choices: optionInfo.autocomplete.map((choice) => { return { name: choice, value: choice }; }) })
-                : await prompt.forInput({ message: `${optionInfo.name}: ` });
+            const answer = await cli.promptForValue(optionInfo);
             args.options[optionInfo.name] = answer;
         }
         if (prompted) {

package/dist/cli/cli.js CHANGED Viewed

@@ -59,6 +59,12 @@ function getSettingWithDefaultValue(settingName, defaultValue) {
         return configuredValue;
     }
 }
+function getClientId() {
+    return cli.getSettingWithDefaultValue(settingsNames.clientId, process.env.CLIMICROSOFT365_ENTRAAPPID || process.env.CLIMICROSOFT365_AADAPPID);
+}
+function getTenant() {
+    return cli.getSettingWithDefaultValue(settingsNames.tenantId, process.env.CLIMICROSOFT365_TENANT || 'common');
+}
 async function execute(rawArgs) {
     const start = process.hrtime.bigint();
     // for completion commands we also need information about commands' options
@@ -137,14 +143,38 @@ async function execute(rawArgs) {
     }
     let finalArgs = cli.optionsFromArgs.options;
     if (cli.commandToExecute?.command.schema) {
-        const startValidation = process.hrtime.bigint();
-        const result = cli.commandToExecute.command.getSchemaToParse().safeParse(cli.optionsFromArgs.options);
-        const endValidation = process.hrtime.bigint();
-        timings.validation.push(Number(endValidation - startValidation));
-        if (!result.success) {
-            return cli.closeWithError(result.error, cli.optionsFromArgs, true);
+        while (true) {
+            const startValidation = process.hrtime.bigint();
+            const result = cli.commandToExecute.command.getSchemaToParse().safeParse(cli.optionsFromArgs.options);
+            const endValidation = process.hrtime.bigint();
+            timings.validation.push(Number(endValidation - startValidation));
+            if (result.success) {
+                finalArgs = result.data;
+                break;
+            }
+            else {
+                const hasNonRequiredErrors = result.error.errors.some(e => e.code !== 'invalid_type' || e.received !== 'undefined');
+                const shouldPrompt = cli.getSettingWithDefaultValue(settingsNames.prompt, true);
+                if (hasNonRequiredErrors === false &&
+                    shouldPrompt) {
+                    await cli.error('🌶️  Provide values for the following parameters:');
+                    for (const error of result.error.errors) {
+                        const optionInfo = cli.commandToExecute.options.find(o => o.name === error.path.join('.'));
+                        const answer = await cli.promptForValue(optionInfo);
+                        cli.optionsFromArgs.options[error.path.join('.')] = answer;
+                    }
+                }
+                else {
+                    result.error.errors.forEach(e => {
+                        if (e.code === 'invalid_type' &&
+                            e.received === 'undefined') {
+                            e.message = `Required option not specified`;
+                        }
+                    });
+                    return cli.closeWithError(result.error, cli.optionsFromArgs, true);
+                }
+            }
         }
-        finalArgs = result.data;
     }
     else {
         const startValidation = process.hrtime.bigint();
@@ -753,7 +783,7 @@ async function closeWithError(error, args, showHelpIfEnabled = false) {
     }
     let errorMessage = error instanceof CommandError ? error.message : error;
     if (error instanceof ZodError) {
-        errorMessage = error.errors.map(e => `${e.path}: ${e.message}`).join(os.EOL);
+        errorMessage = error.errors.map(e => `${e.path.join('.')}: ${e.message}`).join(os.EOL);
     }
     if ((!args.options.output || args.options.output === 'json') &&
         !cli.getSettingWithDefaultValue(settingsNames.printErrorsAsPlainText, true)) {
@@ -793,6 +823,16 @@ async function error(message, ...optionalParams) {
         console.error(message, ...optionalParams);
     }
 }
+async function promptForValue(optionInfo) {
+    return optionInfo.autocomplete !== undefined
+        ? await prompt.forSelection({
+            message: `${optionInfo.name}: `,
+            choices: optionInfo.autocomplete.map((choice) => {
+                return { name: choice, value: choice };
+            })
+        })
+        : await prompt.forInput({ message: `${optionInfo.name}: ` });
+}
 async function promptForSelection(config) {
     const answer = await prompt.forSelection(config);
     await cli.error('');
@@ -803,6 +843,11 @@ async function promptForConfirmation(config) {
     await cli.error('');
     return answer;
 }
+async function promptForInput(config) {
+    const answer = await prompt.forInput(config);
+    await cli.error('');
+    return answer;
+}
 async function handleMultipleResultsFound(message, values) {
     const prompt = cli.getSettingWithDefaultValue(settingsNames.prompt, true);
     if (!prompt) {
@@ -837,7 +882,9 @@ export const cli = {
     closeWithError,
     commands,
     commandToExecute,
+    getClientId,
     getConfig,
+    getTenant,
     currentCommandName,
     error,
     execute,
@@ -856,7 +903,9 @@ export const cli = {
     optionsFromArgs,
     printAvailableCommands,
     promptForConfirmation,
+    promptForInput,
     promptForSelection,
+    promptForValue,
     shouldTrimOutput,
     yargsConfiguration
 };

package/dist/config.js CHANGED Viewed

@@ -1,10 +1,65 @@
-import { app } from "./utils/app.js";
-const cliEntraAppId = '31359c7f-bd7e-475c-86db-fdb8c937548e';
+import { app } from './utils/app.js';
 export default {
+    allScopes: [
+        'https://graph.windows.net/Directory.AccessAsUser.All',
+        'https://management.azure.com/user_impersonation',
+        'https://admin.services.crm.dynamics.com/user_impersonation',
+        'https://graph.microsoft.com/AppCatalog.ReadWrite.All',
+        'https://graph.microsoft.com/AuditLog.Read.All',
+        'https://graph.microsoft.com/Bookings.Read.All',
+        'https://graph.microsoft.com/Calendars.Read',
+        'https://graph.microsoft.com/ChannelMember.ReadWrite.All',
+        'https://graph.microsoft.com/ChannelMessage.Read.All',
+        'https://graph.microsoft.com/ChannelMessage.ReadWrite',
+        'https://graph.microsoft.com/ChannelMessage.Send',
+        'https://graph.microsoft.com/ChannelSettings.ReadWrite.All',
+        'https://graph.microsoft.com/Chat.ReadWrite',
+        'https://graph.microsoft.com/Directory.AccessAsUser.All',
+        'https://graph.microsoft.com/Directory.ReadWrite.All',
+        'https://graph.microsoft.com/ExternalConnection.ReadWrite.All',
+        'https://graph.microsoft.com/ExternalItem.ReadWrite.All',
+        'https://graph.microsoft.com/Group.ReadWrite.All',
+        'https://graph.microsoft.com/IdentityProvider.ReadWrite.All',
+        'https://graph.microsoft.com/InformationProtectionPolicy.Read',
+        'https://graph.microsoft.com/Mail.Read.Shared',
+        'https://graph.microsoft.com/Mail.ReadWrite',
+        'https://graph.microsoft.com/Mail.Send',
+        'https://graph.microsoft.com/Notes.ReadWrite.All',
+        'https://graph.microsoft.com/OnlineMeetingArtifact.Read.All',
+        'https://graph.microsoft.com/OnlineMeetings.ReadWrite',
+        'https://graph.microsoft.com/OnlineMeetingTranscript.Read.All',
+        'https://graph.microsoft.com/PeopleSettings.ReadWrite.All',
+        'https://graph.microsoft.com/Place.Read.All',
+        'https://graph.microsoft.com/Policy.Read.All',
+        'https://graph.microsoft.com/RecordsManagement.ReadWrite.All',
+        'https://graph.microsoft.com/Reports.Read.All',
+        'https://graph.microsoft.com/RoleAssignmentSchedule.ReadWrite.Directory',
+        'https://graph.microsoft.com/RoleEligibilitySchedule.Read.Directory',
+        'https://graph.microsoft.com/SecurityEvents.Read.All',
+        'https://graph.microsoft.com/ServiceHealth.Read.All',
+        'https://graph.microsoft.com/ServiceMessage.Read.All',
+        'https://graph.microsoft.com/ServiceMessageViewpoint.Write',
+        'https://graph.microsoft.com/Sites.Read.All',
+        'https://graph.microsoft.com/Tasks.ReadWrite',
+        'https://graph.microsoft.com/Team.Create',
+        'https://graph.microsoft.com/TeamMember.ReadWrite.All',
+        'https://graph.microsoft.com/TeamsAppInstallation.ReadWriteForUser',
+        'https://graph.microsoft.com/TeamSettings.ReadWrite.All',
+        'https://graph.microsoft.com/TeamsTab.ReadWrite.All',
+        'https://graph.microsoft.com/User.Invite.All',
+        'https://manage.office.com/ActivityFeed.Read',
+        'https://manage.office.com/ServiceHealth.Read',
+        'https://analysis.windows.net/powerbi/api/Dataset.Read.All',
+        'https://api.powerapps.com//User',
+        'https://microsoft.sharepoint-df.com/AllSites.FullControl',
+        'https://microsoft.sharepoint-df.com/TermStore.ReadWrite.All',
+        'https://microsoft.sharepoint-df.com/User.ReadWrite.All'
+    ],
     applicationName: `CLI for Microsoft 365 v${app.packageJson().version}`,
     delimiter: 'm365\$',
-    cliEntraAppId: process.env.CLIMICROSOFT365_ENTRAAPPID || cliEntraAppId,
-    tenant: process.env.CLIMICROSOFT365_TENANT || 'common',
-    configstoreName: 'cli-m365-config'
+    configstoreName: 'cli-m365-config',
+    minimalScopes: [
+        'https://graph.microsoft.com/User.Read'
+    ]
 };
 //# sourceMappingURL=config.js.map

package/dist/m365/app/commands/permission/permission-add.js CHANGED Viewed

@@ -33,12 +33,12 @@ class AppPermissionAddCommand extends AppCommand {
             const appObject = await this.getAppObject();
             const servicePrincipals = await odata.getAllItems(`${this.resource}/v1.0/myorganization/servicePrincipals?$select=appId,appRoles,id,oauth2PermissionScopes,servicePrincipalNames`);
             const appPermissions = [];
-            if (args.options.delegatedPermissions) {
-                const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermissions, ScopeType.Scope, appPermissions, logger);
+            if (args.options.delegatedPermission) {
+                const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermission, ScopeType.Scope, appPermissions, logger);
                 this.addPermissionsToResourceArray(delegatedPermissions, appObject.requiredResourceAccess);
             }
-            if (args.options.applicationPermissions) {
-                const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermissions, ScopeType.Role, appPermissions, logger);
+            if (args.options.applicationPermission) {
+                const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermission, ScopeType.Role, appPermissions, logger);
                 this.addPermissionsToResourceArray(applicationPermissions, appObject.requiredResourceAccess);
             }
             const addPermissionsRequestOptions = {
@@ -198,17 +198,17 @@ _AppPermissionAddCommand_instances = new WeakSet(), _AppPermissionAddCommand_ini
     this.telemetry.push((args) => {
         Object.assign(this.telemetryProperties, {
             appId: typeof args.options.appId !== 'undefined',
-            applicationPermissions: typeof args.options.applicationPermissions !== 'undefined',
-            delegatedPermissions: typeof args.options.delegatedPermissions !== 'undefined',
+            applicationPermission: typeof args.options.applicationPermission !== 'undefined',
+            delegatedPermission: typeof args.options.delegatedPermission !== 'undefined',
             grantAdminConsent: !!args.options.grantAdminConsent
         });
     });
 }, _AppPermissionAddCommand_initOptions = function _AppPermissionAddCommand_initOptions() {
-    this.options.unshift({ option: '--appId [appId]' }, { option: '--applicationPermissions [applicationPermissions]' }, { option: '--delegatedPermissions [delegatedPermissions]' }, { option: '--grantAdminConsent' });
+    this.options.unshift({ option: '--appId [appId]' }, { option: '--applicationPermission [applicationPermission]' }, { option: '--delegatedPermission [delegatedPermission]' }, { option: '--grantAdminConsent' });
 }, _AppPermissionAddCommand_initOptionSets = function _AppPermissionAddCommand_initOptionSets() {
     this.optionSets.push({
-        options: ['applicationPermissions', 'delegatedPermissions'],
-        runsWhen: (args) => args.options.delegatedPermissions === undefined && args.options.applicationPermissions === undefined
+        options: ['applicationPermission', 'delegatedPermission'],
+        runsWhen: (args) => args.options.delegatedPermission === undefined && args.options.applicationPermission === undefined
     });
 };
 export default new AppPermissionAddCommand();

package/dist/m365/base/SpoCommand.js CHANGED Viewed

@@ -94,7 +94,7 @@ export default class SpoCommand extends Command {
         catch (error) {
             throw new CommandError(error);
         }
-        if (auth.connection.active && AuthType[auth.connection.authType] === AuthType[AuthType.Secret]) {
+        if (auth.connection.active && auth.connection.authType === AuthType.Secret) {
             throw new CommandError(`SharePoint does not support authentication using client ID and secret. Please use a different login type to use SharePoint commands.`);
         }
         await super.action(logger, args);

package/dist/m365/cli/commands/cli-consent.js CHANGED Viewed

@@ -4,7 +4,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _CliConsentCommand_instances, _CliConsentCommand_initTelemetry, _CliConsentCommand_initOptions, _CliConsentCommand_initValidators;
-import config from '../../../config.js';
+import { cli } from '../../../cli/cli.js';
 import AnonymousCommand from '../../base/AnonymousCommand.js';
 import commands from '../commands.js';
 class CliConsentCommand extends AnonymousCommand {
@@ -23,10 +23,14 @@ class CliConsentCommand extends AnonymousCommand {
     }
     async commandAction(logger, args) {
         let scope = '';
-        if (args.options.service === 'VivaEngage') {
-            scope = 'https://api.yammer.com/user_impersonation';
+        switch (args.options.service) {
+            case 'yammer':
+                await this.warn(logger, 'The yammer service is deprecated. Please use the VivaEngage service instead.');
+            case 'VivaEngage':
+                scope = 'https://api.yammer.com/user_impersonation';
+                break;
         }
-        await logger.log(`To consent permissions for executing ${args.options.service} commands, navigate in your web browser to https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/authorize?client_id=${config.cliEntraAppId}&response_type=code&scope=${encodeURIComponent(scope)}`);
+        await logger.log(`To consent permissions for executing ${args.options.service} commands, navigate in your web browser to https://login.microsoftonline.com/${cli.getTenant()}/oauth2/v2.0/authorize?client_id=${cli.getClientId()}&response_type=code&scope=${encodeURIComponent(scope)}`);
     }
     async action(logger, args) {
         await this.initAction(args, logger);
@@ -46,7 +50,7 @@ _CliConsentCommand_instances = new WeakSet(), _CliConsentCommand_initTelemetry =
     });
 }, _CliConsentCommand_initValidators = function _CliConsentCommand_initValidators() {
     this.validators.push(async (args) => {
-        if (args.options.service !== 'VivaEngage') {
+        if (args.options.service !== 'VivaEngage' && args.options.service !== 'yammer') {
             return `${args.options.service} is not a valid value for the service option. Allowed values: VivaEngage`;
         }
         return true;

package/dist/m365/cli/commands/cli-doctor.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import os from 'os';
-import auth, { AuthType } from '../../../Auth.js';
+import auth from '../../../Auth.js';
 import { cli } from '../../../cli/cli.js';
 import Command from '../../../Command.js';
 import { app } from '../../../utils/app.js';
@@ -33,7 +33,7 @@ class CliDoctorCommand extends Command {
             nodeVersion: process.version,
             cliAadAppId: auth.connection.appId,
             cliAadAppTenant: validation.isValidGuid(auth.connection.tenant) ? 'single' : auth.connection.tenant,
-            authMode: AuthType[auth.connection.authType],
+            authMode: auth.connection.authType,
             cliEnvironment: process.env.CLIMICROSOFT365_ENV ? process.env.CLIMICROSOFT365_ENV : '',
             cliConfig: cli.getConfig().all,
             roles: roles,

package/dist/m365/cli/commands/cli-reconsent.js CHANGED Viewed

@@ -1,5 +1,4 @@
 import { cli } from '../../../cli/cli.js';
-import config from '../../../config.js';
 import { settingsNames } from '../../../settingsNames.js';
 import { browserUtil } from '../../../utils/browserUtil.js';
 import AnonymousCommand from '../../base/AnonymousCommand.js';
@@ -12,9 +11,9 @@ class CliReconsentCommand extends AnonymousCommand {
         return 'Returns URL to open in the browser to re-consent CLI for Microsoft 365 Microsoft Entra permissions';
     }
     async commandAction(logger) {
-        const url = `https://login.microsoftonline.com/${config.tenant}/oauth2/authorize?client_id=${config.cliEntraAppId}&response_type=code&prompt=admin_consent`;
+        const url = `https://login.microsoftonline.com/${cli.getTenant()}/oauth2/authorize?client_id=${cli.getClientId()}&response_type=code&prompt=admin_consent`;
         if (cli.getSettingWithDefaultValue(settingsNames.autoOpenLinksInBrowser, false) === false) {
-            await logger.log(`To re-consent the PnP Microsoft 365 Management Shell Microsoft Entra application navigate in your web browser to ${url}`);
+            await logger.log(`To re-consent your Microsoft Entra application, navigate in your web browser to ${url}.`);
             return;
         }
         await logger.log(`Opening the following page in your browser: ${url}`);

package/dist/m365/cli/commands/config/config-set.js CHANGED Viewed

@@ -4,8 +4,10 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _CliConfigSetCommand_instances, _a, _CliConfigSetCommand_initTelemetry, _CliConfigSetCommand_initOptions, _CliConfigSetCommand_initValidators;
+import { AuthType } from "../../../../Auth.js";
 import { cli } from "../../../../cli/cli.js";
 import { settingsNames } from "../../../../settingsNames.js";
+import { validation } from "../../../../utils/validation.js";
 import AnonymousCommand from "../../../base/AnonymousCommand.js";
 import commands from "../../commands.js";
 class CliConfigSetCommand extends AnonymousCommand {
@@ -82,15 +84,22 @@ _a = CliConfigSetCommand, _CliConfigSetCommand_instances = new WeakSet(), _CliCo
             cli.helpModes.indexOf(args.options.value) === -1) {
             return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${cli.helpModes.join(', ')}`;
         }
-        const allowedAuthTypes = ['certificate', 'deviceCode', 'password', 'identity', 'browser', 'secret'];
         if (args.options.key === settingsNames.authType &&
-            allowedAuthTypes.indexOf(args.options.value) === -1) {
-            return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${allowedAuthTypes.join(', ')}`;
+            !Object.values(AuthType).map(String).includes(args.options.value)) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${Object.values(AuthType).join(', ')}`;
         }
         if (args.options.key === settingsNames.helpTarget &&
             !cli.helpTargets.includes(args.options.value)) {
             return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${cli.helpTargets.join(', ')}`;
         }
+        if (args.options.key === settingsNames.clientId &&
+            !validation.isValidGuid(args.options.value)) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. The value has to be a valid GUID.`;
+        }
+        if (args.options.key === settingsNames.tenantId &&
+            !(args.options.value === 'common' || validation.isValidGuid(args.options.value))) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. The value has to be a valid GUID or 'common'.`;
+        }
         return true;
     });
 };

package/dist/m365/commands/login.js CHANGED Viewed

@@ -3,13 +3,12 @@ import { z } from 'zod';
 import auth, { AuthType, CloudType } from '../../Auth.js';
 import Command, { CommandError, globalOptionsZod } from '../../Command.js';
 import { cli } from '../../cli/cli.js';
-import config from '../../config.js';
 import { settingsNames } from '../../settingsNames.js';
 import { zod } from '../../utils/zod.js';
 import commands from './commands.js';
 const options = globalOptionsZod
     .extend({
-    authType: zod.alias('t', z.enum(['certificate', 'deviceCode', 'password', 'identity', 'browser', 'secret']).optional()),
+    authType: zod.alias('t', z.nativeEnum(AuthType).optional()),
     cloud: z.nativeEnum(CloudType).optional().default(CloudType.Public),
     userName: zod.alias('u', z.string().optional()),
     password: zod.alias('p', z.string().optional()),
@@ -37,20 +36,34 @@ class LoginCommand extends Command {
     }
     getRefinedSchema(schema) {
         return schema
+            .refine(options => typeof options.appId !== 'undefined' || cli.getConfig().get(settingsNames.clientId), {
+            message: `appId is required. TIP: use the "m365 setup" command to configure the default appId`
+        })
             .refine(options => options.authType !== 'password' || options.userName, {
-            message: 'Username is required when using password authentication'
+            message: 'Username is required when using password authentication',
+            path: ['userName']
         })
             .refine(options => options.authType !== 'password' || options.password, {
-            message: 'Password is required when using password authentication'
+            message: 'Password is required when using password authentication',
+            path: ['password']
         })
             .refine(options => options.authType !== 'certificate' || !(options.certificateFile && options.certificateBase64Encoded), {
-            message: 'Specify either certificateFile or certificateBase64Encoded, but not both.'
+            message: 'Specify either certificateFile or certificateBase64Encoded, but not both.',
+            path: ['certificateBase64Encoded']
         })
-            .refine(options => options.authType !== 'certificate' || options.certificateFile || options.certificateBase64Encoded, {
-            message: 'Specify either certificateFile or certificateBase64Encoded'
+            .refine(options => options.authType !== 'certificate' ||
+            options.certificateFile ||
+            options.certificateBase64Encoded ||
+            cli.getConfig().get(settingsNames.clientCertificateFile) ||
+            cli.getConfig().get(settingsNames.clientCertificateBase64Encoded), {
+            message: 'Specify either certificateFile or certificateBase64Encoded',
+            path: ['certificateFile']
         })
-            .refine(options => options.authType !== 'secret' || options.secret, {
-            message: 'Secret is required when using secret authentication'
+            .refine(options => options.authType !== 'secret' ||
+            options.secret ||
+            cli.getConfig().get(settingsNames.clientSecret), {
+            message: 'Secret is required when using secret authentication',
+            path: ['secret']
         });
     }
     async commandAction(logger, args) {
@@ -59,13 +72,24 @@ class LoginCommand extends Command {
             await logger.logToStderr(`Logging out from Microsoft 365...`);
         }
         const deactivate = () => auth.connection.deactivate();
+        const getCertificate = (options) => {
+            // command args take precedence over settings
+            if (options.certificateFile) {
+                return fs.readFileSync(options.certificateFile).toString('base64');
+            }
+            if (options.certificateBase64Encoded) {
+                return options.certificateBase64Encoded;
+            }
+            return cli.getConfig().get(settingsNames.clientCertificateFile) ||
+                cli.getConfig().get(settingsNames.clientCertificateBase64Encoded);
+        };
         const login = async () => {
             if (this.verbose) {
                 await logger.logToStderr(`Signing in to Microsoft 365...`);
             }
             const authType = args.options.authType || cli.getSettingWithDefaultValue(settingsNames.authType, 'deviceCode');
-            auth.connection.appId = args.options.appId || config.cliEntraAppId;
-            auth.connection.tenant = args.options.tenant || config.tenant;
+            auth.connection.appId = args.options.appId || cli.getClientId();
+            auth.connection.tenant = args.options.tenant || cli.getTenant();
             auth.connection.name = args.options.connectionName;
             switch (authType) {
                 case 'password':
@@ -75,9 +99,9 @@ class LoginCommand extends Command {
                     break;
                 case 'certificate':
                     auth.connection.authType = AuthType.Certificate;
-                    auth.connection.certificate = args.options.certificateBase64Encoded ? args.options.certificateBase64Encoded : fs.readFileSync(args.options.certificateFile, 'base64');
+                    auth.connection.certificate = getCertificate(args.options);
                     auth.connection.thumbprint = args.options.thumbprint;
-                    auth.connection.password = args.options.password;
+                    auth.connection.password = args.options.password || cli.getConfig().get(settingsNames.clientCertificatePassword);
                     break;
                 case 'identity':
                     auth.connection.authType = AuthType.Identity;
@@ -88,7 +112,7 @@ class LoginCommand extends Command {
                     break;
                 case 'secret':
                     auth.connection.authType = AuthType.Secret;
-                    auth.connection.secret = args.options.secret;
+                    auth.connection.secret = args.options.secret || cli.getConfig().get(settingsNames.clientSecret);
                     break;
             }
             auth.connection.cloudType = args.options.cloud;