@pnp/cli-microsoft365 9.0.0-beta.e69e8d0 → 9.0.0

package/dist/Auth.js

@@ -4,7 +4,6 @@ import { CommandError } from './Command.js';
 import { FileTokenStorage } from './auth/FileTokenStorage.js';
 import { msalCachePlugin } from './auth/msalCachePlugin.js';
 import { cli } from './cli/cli.js';
-import config from './config.js';
 import request from './request.js';
 import { settingsNames } from './settingsNames.js';
 import * as accessTokenUtil from './utils/accessToken.js';
@@ -22,10 +21,10 @@ export class Connection {
         this.active = false;
         this.authType = AuthType.DeviceCode;
         this.certificateType = CertificateType.Unknown;
+        // ID of the tenant where the Microsoft Entra app is registered; common if multi-tenant
+        this.tenant = 'common';
         this.cloudType = CloudType.Public;
         this.accessTokens = {};
-        this.appId = config.cliEntraAppId;
-        this.tenant = config.tenant;
         this.cloudType = CloudType.Public;
     }
     deactivate() {
@@ -44,18 +43,18 @@ export class Connection {
         this.thumbprint = undefined;
         this.spoUrl = undefined;
         this.spoTenantId = undefined;
-        this.appId = config.cliEntraAppId;
-        this.tenant = config.tenant;
+        this.appId = cli.getClientId();
+        this.tenant = cli.getTenant();
     }
 }
 export var AuthType;
 (function (AuthType) {
-    AuthType[AuthType["DeviceCode"] = 0] = "DeviceCode";
-    AuthType[AuthType["Password"] = 1] = "Password";
-    AuthType[AuthType["Certificate"] = 2] = "Certificate";
-    AuthType[AuthType["Identity"] = 3] = "Identity";
-    AuthType[AuthType["Browser"] = 4] = "Browser";
-    AuthType[AuthType["Secret"] = 5] = "Secret";
+    AuthType["DeviceCode"] = "deviceCode";
+    AuthType["Password"] = "password";
+    AuthType["Certificate"] = "certificate";
+    AuthType["Identity"] = "identity";
+    AuthType["Browser"] = "browser";
+    AuthType["Secret"] = "secret";
 })(AuthType || (AuthType = {}));
 export var CertificateType;
 (function (CertificateType) {
@@ -702,7 +701,7 @@ export class Auth {
         const details = {
             connectionName: connection.name,
             connectedAs: connection.identityName,
-            authType: AuthType[connection.authType],
+            authType: connection.authType,
             appId: connection.appId,
             appTenant: connection.tenant,
             cloudType: CloudType[connection.cloudType]

package/dist/Command.js

@@ -111,9 +111,7 @@ class Command {
                 prompted = true;
                 await cli.error('🌶️  Provide values for the following parameters:');
             }
-            const answer = optionInfo.autocomplete !== undefined
-                ? await prompt.forSelection({ message: `${optionInfo.name}: `, choices: optionInfo.autocomplete.map((choice) => { return { name: choice, value: choice }; }) })
-                : await prompt.forInput({ message: `${optionInfo.name}: ` });
+            const answer = await cli.promptForValue(optionInfo);
             args.options[optionInfo.name] = answer;
         }
         if (prompted) {

package/dist/cli/cli.js

@@ -36,6 +36,14 @@ const defaultHelpMode = 'options';
 const defaultHelpTarget = 'console';
 const helpModes = ['options', 'examples', 'remarks', 'response', 'full'];
 const helpTargets = ['console', 'web'];
+const yargsConfiguration = {
+    'parse-numbers': true,
+    'strip-aliased': true,
+    'strip-dashed': true,
+    'dot-notation': false,
+    'boolean-negation': true,
+    'camel-case-expansion': false
+};
 function getConfig() {
     if (!_config) {
         _config = new Configstore(config.configstoreName);
@@ -51,6 +59,12 @@ function getSettingWithDefaultValue(settingName, defaultValue) {
         return configuredValue;
     }
 }
+function getClientId() {
+    return cli.getSettingWithDefaultValue(settingsNames.clientId, process.env.CLIMICROSOFT365_ENTRAAPPID || process.env.CLIMICROSOFT365_AADAPPID);
+}
+function getTenant() {
+    return cli.getSettingWithDefaultValue(settingsNames.tenantId, process.env.CLIMICROSOFT365_TENANT || 'common');
+}
 async function execute(rawArgs) {
     const start = process.hrtime.bigint();
     // for completion commands we also need information about commands' options
@@ -129,14 +143,38 @@ async function execute(rawArgs) {
     }
     let finalArgs = cli.optionsFromArgs.options;
     if (cli.commandToExecute?.command.schema) {
-        const startValidation = process.hrtime.bigint();
-        const result = cli.commandToExecute.command.getSchemaToParse().safeParse(cli.optionsFromArgs.options);
-        const endValidation = process.hrtime.bigint();
-        timings.validation.push(Number(endValidation - startValidation));
-        if (!result.success) {
-            return cli.closeWithError(result.error, cli.optionsFromArgs, true);
+        while (true) {
+            const startValidation = process.hrtime.bigint();
+            const result = cli.commandToExecute.command.getSchemaToParse().safeParse(cli.optionsFromArgs.options);
+            const endValidation = process.hrtime.bigint();
+            timings.validation.push(Number(endValidation - startValidation));
+            if (result.success) {
+                finalArgs = result.data;
+                break;
+            }
+            else {
+                const hasNonRequiredErrors = result.error.errors.some(e => e.code !== 'invalid_type' || e.received !== 'undefined');
+                const shouldPrompt = cli.getSettingWithDefaultValue(settingsNames.prompt, true);
+                if (hasNonRequiredErrors === false &&
+                    shouldPrompt) {
+                    await cli.error('🌶️  Provide values for the following parameters:');
+                    for (const error of result.error.errors) {
+                        const optionInfo = cli.commandToExecute.options.find(o => o.name === error.path.join('.'));
+                        const answer = await cli.promptForValue(optionInfo);
+                        cli.optionsFromArgs.options[error.path.join('.')] = answer;
+                    }
+                }
+                else {
+                    result.error.errors.forEach(e => {
+                        if (e.code === 'invalid_type' &&
+                            e.received === 'undefined') {
+                            e.message = `Required option not specified`;
+                        }
+                    });
+                    return cli.closeWithError(result.error, cli.optionsFromArgs, true);
+                }
+            }
         }
-        finalArgs = result.data;
     }
     else {
         const startValidation = process.hrtime.bigint();
@@ -404,11 +442,7 @@ function getCommandOptions(command) {
 function getCommandOptionsFromArgs(args, commandInfo) {
     const yargsOptions = {
         alias: {},
-        configuration: {
-            "parse-numbers": false,
-            "strip-aliased": true,
-            "strip-dashed": true
-        }
+        configuration: yargsConfiguration
     };
     let argsToParse = args;
     if (commandInfo) {
@@ -749,7 +783,7 @@ async function closeWithError(error, args, showHelpIfEnabled = false) {
     }
     let errorMessage = error instanceof CommandError ? error.message : error;
     if (error instanceof ZodError) {
-        errorMessage = error.errors.map(e => `${e.path}: ${e.message}`).join(os.EOL);
+        errorMessage = error.errors.map(e => `${e.path.join('.')}: ${e.message}`).join(os.EOL);
     }
     if ((!args.options.output || args.options.output === 'json') &&
         !cli.getSettingWithDefaultValue(settingsNames.printErrorsAsPlainText, true)) {
@@ -789,6 +823,16 @@ async function error(message, ...optionalParams) {
         console.error(message, ...optionalParams);
     }
 }
+async function promptForValue(optionInfo) {
+    return optionInfo.autocomplete !== undefined
+        ? await prompt.forSelection({
+            message: `${optionInfo.name}: `,
+            choices: optionInfo.autocomplete.map((choice) => {
+                return { name: choice, value: choice };
+            })
+        })
+        : await prompt.forInput({ message: `${optionInfo.name}: ` });
+}
 async function promptForSelection(config) {
     const answer = await prompt.forSelection(config);
     await cli.error('');
@@ -799,6 +843,11 @@ async function promptForConfirmation(config) {
     await cli.error('');
     return answer;
 }
+async function promptForInput(config) {
+    const answer = await prompt.forInput(config);
+    await cli.error('');
+    return answer;
+}
 async function handleMultipleResultsFound(message, values) {
     const prompt = cli.getSettingWithDefaultValue(settingsNames.prompt, true);
     if (!prompt) {
@@ -833,7 +882,9 @@ export const cli = {
     closeWithError,
     commands,
     commandToExecute,
+    getClientId,
     getConfig,
+    getTenant,
     currentCommandName,
     error,
     execute,
@@ -852,7 +903,10 @@ export const cli = {
     optionsFromArgs,
     printAvailableCommands,
     promptForConfirmation,
+    promptForInput,
     promptForSelection,
-    shouldTrimOutput
+    promptForValue,
+    shouldTrimOutput,
+    yargsConfiguration
 };
 //# sourceMappingURL=cli.js.map

package/dist/config.js

@@ -1,10 +1,65 @@
-import { app } from "./utils/app.js";
-const cliEntraAppId = '31359c7f-bd7e-475c-86db-fdb8c937548e';
+import { app } from './utils/app.js';
 export default {
+    allScopes: [
+        'https://graph.windows.net/Directory.AccessAsUser.All',
+        'https://management.azure.com/user_impersonation',
+        'https://admin.services.crm.dynamics.com/user_impersonation',
+        'https://graph.microsoft.com/AppCatalog.ReadWrite.All',
+        'https://graph.microsoft.com/AuditLog.Read.All',
+        'https://graph.microsoft.com/Bookings.Read.All',
+        'https://graph.microsoft.com/Calendars.Read',
+        'https://graph.microsoft.com/ChannelMember.ReadWrite.All',
+        'https://graph.microsoft.com/ChannelMessage.Read.All',
+        'https://graph.microsoft.com/ChannelMessage.ReadWrite',
+        'https://graph.microsoft.com/ChannelMessage.Send',
+        'https://graph.microsoft.com/ChannelSettings.ReadWrite.All',
+        'https://graph.microsoft.com/Chat.ReadWrite',
+        'https://graph.microsoft.com/Directory.AccessAsUser.All',
+        'https://graph.microsoft.com/Directory.ReadWrite.All',
+        'https://graph.microsoft.com/ExternalConnection.ReadWrite.All',
+        'https://graph.microsoft.com/ExternalItem.ReadWrite.All',
+        'https://graph.microsoft.com/Group.ReadWrite.All',
+        'https://graph.microsoft.com/IdentityProvider.ReadWrite.All',
+        'https://graph.microsoft.com/InformationProtectionPolicy.Read',
+        'https://graph.microsoft.com/Mail.Read.Shared',
+        'https://graph.microsoft.com/Mail.ReadWrite',
+        'https://graph.microsoft.com/Mail.Send',
+        'https://graph.microsoft.com/Notes.ReadWrite.All',
+        'https://graph.microsoft.com/OnlineMeetingArtifact.Read.All',
+        'https://graph.microsoft.com/OnlineMeetings.ReadWrite',
+        'https://graph.microsoft.com/OnlineMeetingTranscript.Read.All',
+        'https://graph.microsoft.com/PeopleSettings.ReadWrite.All',
+        'https://graph.microsoft.com/Place.Read.All',
+        'https://graph.microsoft.com/Policy.Read.All',
+        'https://graph.microsoft.com/RecordsManagement.ReadWrite.All',
+        'https://graph.microsoft.com/Reports.Read.All',
+        'https://graph.microsoft.com/RoleAssignmentSchedule.ReadWrite.Directory',
+        'https://graph.microsoft.com/RoleEligibilitySchedule.Read.Directory',
+        'https://graph.microsoft.com/SecurityEvents.Read.All',
+        'https://graph.microsoft.com/ServiceHealth.Read.All',
+        'https://graph.microsoft.com/ServiceMessage.Read.All',
+        'https://graph.microsoft.com/ServiceMessageViewpoint.Write',
+        'https://graph.microsoft.com/Sites.Read.All',
+        'https://graph.microsoft.com/Tasks.ReadWrite',
+        'https://graph.microsoft.com/Team.Create',
+        'https://graph.microsoft.com/TeamMember.ReadWrite.All',
+        'https://graph.microsoft.com/TeamsAppInstallation.ReadWriteForUser',
+        'https://graph.microsoft.com/TeamSettings.ReadWrite.All',
+        'https://graph.microsoft.com/TeamsTab.ReadWrite.All',
+        'https://graph.microsoft.com/User.Invite.All',
+        'https://manage.office.com/ActivityFeed.Read',
+        'https://manage.office.com/ServiceHealth.Read',
+        'https://analysis.windows.net/powerbi/api/Dataset.Read.All',
+        'https://api.powerapps.com//User',
+        'https://microsoft.sharepoint-df.com/AllSites.FullControl',
+        'https://microsoft.sharepoint-df.com/TermStore.ReadWrite.All',
+        'https://microsoft.sharepoint-df.com/User.ReadWrite.All'
+    ],
     applicationName: `CLI for Microsoft 365 v${app.packageJson().version}`,
     delimiter: 'm365\$',
-    cliEntraAppId: process.env.CLIMICROSOFT365_ENTRAAPPID || cliEntraAppId,
-    tenant: process.env.CLIMICROSOFT365_TENANT || 'common',
-    configstoreName: 'cli-m365-config'
+    configstoreName: 'cli-m365-config',
+    minimalScopes: [
+        'https://graph.microsoft.com/User.Read'
+    ]
 };
 //# sourceMappingURL=config.js.map

package/dist/m365/app/commands/permission/permission-add.js

@@ -33,12 +33,12 @@ class AppPermissionAddCommand extends AppCommand {
             const appObject = await this.getAppObject();
             const servicePrincipals = await odata.getAllItems(`${this.resource}/v1.0/myorganization/servicePrincipals?$select=appId,appRoles,id,oauth2PermissionScopes,servicePrincipalNames`);
             const appPermissions = [];
-            if (args.options.delegatedPermissions) {
-                const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermissions, ScopeType.Scope, appPermissions, logger);
+            if (args.options.delegatedPermission) {
+                const delegatedPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.delegatedPermission, ScopeType.Scope, appPermissions, logger);
                 this.addPermissionsToResourceArray(delegatedPermissions, appObject.requiredResourceAccess);
             }
-            if (args.options.applicationPermissions) {
-                const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermissions, ScopeType.Role, appPermissions, logger);
+            if (args.options.applicationPermission) {
+                const applicationPermissions = await this.getRequiredResourceAccessForApis(servicePrincipals, args.options.applicationPermission, ScopeType.Role, appPermissions, logger);
                 this.addPermissionsToResourceArray(applicationPermissions, appObject.requiredResourceAccess);
             }
             const addPermissionsRequestOptions = {
@@ -198,17 +198,17 @@ _AppPermissionAddCommand_instances = new WeakSet(), _AppPermissionAddCommand_ini
     this.telemetry.push((args) => {
         Object.assign(this.telemetryProperties, {
             appId: typeof args.options.appId !== 'undefined',
-            applicationPermissions: typeof args.options.applicationPermissions !== 'undefined',
-            delegatedPermissions: typeof args.options.delegatedPermissions !== 'undefined',
+            applicationPermission: typeof args.options.applicationPermission !== 'undefined',
+            delegatedPermission: typeof args.options.delegatedPermission !== 'undefined',
             grantAdminConsent: !!args.options.grantAdminConsent
         });
     });
 }, _AppPermissionAddCommand_initOptions = function _AppPermissionAddCommand_initOptions() {
-    this.options.unshift({ option: '--appId [appId]' }, { option: '--applicationPermissions [applicationPermissions]' }, { option: '--delegatedPermissions [delegatedPermissions]' }, { option: '--grantAdminConsent' });
+    this.options.unshift({ option: '--appId [appId]' }, { option: '--applicationPermission [applicationPermission]' }, { option: '--delegatedPermission [delegatedPermission]' }, { option: '--grantAdminConsent' });
 }, _AppPermissionAddCommand_initOptionSets = function _AppPermissionAddCommand_initOptionSets() {
     this.optionSets.push({
-        options: ['applicationPermissions', 'delegatedPermissions'],
-        runsWhen: (args) => args.options.delegatedPermissions === undefined && args.options.applicationPermissions === undefined
+        options: ['applicationPermission', 'delegatedPermission'],
+        runsWhen: (args) => args.options.delegatedPermission === undefined && args.options.applicationPermission === undefined
     });
 };
 export default new AppPermissionAddCommand();

package/dist/m365/base/SpoCommand.js

@@ -94,7 +94,7 @@ export default class SpoCommand extends Command {
         catch (error) {
             throw new CommandError(error);
         }
-        if (auth.connection.active && AuthType[auth.connection.authType] === AuthType[AuthType.Secret]) {
+        if (auth.connection.active && auth.connection.authType === AuthType.Secret) {
             throw new CommandError(`SharePoint does not support authentication using client ID and secret. Please use a different login type to use SharePoint commands.`);
         }
         await super.action(logger, args);

package/dist/m365/cli/commands/cli-consent.js

@@ -4,7 +4,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _CliConsentCommand_instances, _CliConsentCommand_initTelemetry, _CliConsentCommand_initOptions, _CliConsentCommand_initValidators;
-import config from '../../../config.js';
+import { cli } from '../../../cli/cli.js';
 import AnonymousCommand from '../../base/AnonymousCommand.js';
 import commands from '../commands.js';
 class CliConsentCommand extends AnonymousCommand {
@@ -30,7 +30,7 @@ class CliConsentCommand extends AnonymousCommand {
                 scope = 'https://api.yammer.com/user_impersonation';
                 break;
         }
-        await logger.log(`To consent permissions for executing ${args.options.service} commands, navigate in your web browser to https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/authorize?client_id=${config.cliEntraAppId}&response_type=code&scope=${encodeURIComponent(scope)}`);
+        await logger.log(`To consent permissions for executing ${args.options.service} commands, navigate in your web browser to https://login.microsoftonline.com/${cli.getTenant()}/oauth2/v2.0/authorize?client_id=${cli.getClientId()}&response_type=code&scope=${encodeURIComponent(scope)}`);
     }
     async action(logger, args) {
         await this.initAction(args, logger);

package/dist/m365/cli/commands/cli-doctor.js

@@ -1,5 +1,5 @@
 import os from 'os';
-import auth, { AuthType } from '../../../Auth.js';
+import auth from '../../../Auth.js';
 import { cli } from '../../../cli/cli.js';
 import Command from '../../../Command.js';
 import { app } from '../../../utils/app.js';
@@ -33,7 +33,7 @@ class CliDoctorCommand extends Command {
             nodeVersion: process.version,
             cliAadAppId: auth.connection.appId,
             cliAadAppTenant: validation.isValidGuid(auth.connection.tenant) ? 'single' : auth.connection.tenant,
-            authMode: AuthType[auth.connection.authType],
+            authMode: auth.connection.authType,
             cliEnvironment: process.env.CLIMICROSOFT365_ENV ? process.env.CLIMICROSOFT365_ENV : '',
             cliConfig: cli.getConfig().all,
             roles: roles,

package/dist/m365/cli/commands/cli-reconsent.js

@@ -1,5 +1,4 @@
 import { cli } from '../../../cli/cli.js';
-import config from '../../../config.js';
 import { settingsNames } from '../../../settingsNames.js';
 import { browserUtil } from '../../../utils/browserUtil.js';
 import AnonymousCommand from '../../base/AnonymousCommand.js';
@@ -12,9 +11,9 @@ class CliReconsentCommand extends AnonymousCommand {
         return 'Returns URL to open in the browser to re-consent CLI for Microsoft 365 Microsoft Entra permissions';
     }
     async commandAction(logger) {
-        const url = `https://login.microsoftonline.com/${config.tenant}/oauth2/authorize?client_id=${config.cliEntraAppId}&response_type=code&prompt=admin_consent`;
+        const url = `https://login.microsoftonline.com/${cli.getTenant()}/oauth2/authorize?client_id=${cli.getClientId()}&response_type=code&prompt=admin_consent`;
         if (cli.getSettingWithDefaultValue(settingsNames.autoOpenLinksInBrowser, false) === false) {
-            await logger.log(`To re-consent the PnP Microsoft 365 Management Shell Microsoft Entra application navigate in your web browser to ${url}`);
+            await logger.log(`To re-consent your Microsoft Entra application, navigate in your web browser to ${url}.`);
             return;
         }
         await logger.log(`Opening the following page in your browser: ${url}`);

package/dist/m365/cli/commands/config/config-set.js

@@ -4,8 +4,10 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _CliConfigSetCommand_instances, _a, _CliConfigSetCommand_initTelemetry, _CliConfigSetCommand_initOptions, _CliConfigSetCommand_initValidators;
+import { AuthType } from "../../../../Auth.js";
 import { cli } from "../../../../cli/cli.js";
 import { settingsNames } from "../../../../settingsNames.js";
+import { validation } from "../../../../utils/validation.js";
 import AnonymousCommand from "../../../base/AnonymousCommand.js";
 import commands from "../../commands.js";
 class CliConfigSetCommand extends AnonymousCommand {
@@ -82,15 +84,22 @@ _a = CliConfigSetCommand, _CliConfigSetCommand_instances = new WeakSet(), _CliCo
             cli.helpModes.indexOf(args.options.value) === -1) {
             return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${cli.helpModes.join(', ')}`;
         }
-        const allowedAuthTypes = ['certificate', 'deviceCode', 'password', 'identity', 'browser', 'secret'];
         if (args.options.key === settingsNames.authType &&
-            allowedAuthTypes.indexOf(args.options.value) === -1) {
-            return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${allowedAuthTypes.join(', ')}`;
+            !Object.values(AuthType).map(String).includes(args.options.value)) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${Object.values(AuthType).join(', ')}`;
         }
         if (args.options.key === settingsNames.helpTarget &&
             !cli.helpTargets.includes(args.options.value)) {
             return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${cli.helpTargets.join(', ')}`;
         }
+        if (args.options.key === settingsNames.clientId &&
+            !validation.isValidGuid(args.options.value)) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. The value has to be a valid GUID.`;
+        }
+        if (args.options.key === settingsNames.tenantId &&
+            !(args.options.value === 'common' || validation.isValidGuid(args.options.value))) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. The value has to be a valid GUID or 'common'.`;
+        }
         return true;
     });
 };

package/dist/m365/commands/login.js

@@ -3,13 +3,12 @@ import { z } from 'zod';
 import auth, { AuthType, CloudType } from '../../Auth.js';
 import Command, { CommandError, globalOptionsZod } from '../../Command.js';
 import { cli } from '../../cli/cli.js';
-import config from '../../config.js';
 import { settingsNames } from '../../settingsNames.js';
 import { zod } from '../../utils/zod.js';
 import commands from './commands.js';
 const options = globalOptionsZod
     .extend({
-    authType: zod.alias('t', z.enum(['certificate', 'deviceCode', 'password', 'identity', 'browser', 'secret']).optional()),
+    authType: zod.alias('t', z.nativeEnum(AuthType).optional()),
     cloud: z.nativeEnum(CloudType).optional().default(CloudType.Public),
     userName: zod.alias('u', z.string().optional()),
     password: zod.alias('p', z.string().optional()),
@@ -37,20 +36,34 @@ class LoginCommand extends Command {
     }
     getRefinedSchema(schema) {
         return schema
+            .refine(options => typeof options.appId !== 'undefined' || cli.getConfig().get(settingsNames.clientId), {
+            message: `appId is required. TIP: use the "m365 setup" command to configure the default appId`
+        })
             .refine(options => options.authType !== 'password' || options.userName, {
-            message: 'Username is required when using password authentication'
+            message: 'Username is required when using password authentication',
+            path: ['userName']
         })
             .refine(options => options.authType !== 'password' || options.password, {
-            message: 'Password is required when using password authentication'
+            message: 'Password is required when using password authentication',
+            path: ['password']
         })
             .refine(options => options.authType !== 'certificate' || !(options.certificateFile && options.certificateBase64Encoded), {
-            message: 'Specify either certificateFile or certificateBase64Encoded, but not both.'
+            message: 'Specify either certificateFile or certificateBase64Encoded, but not both.',
+            path: ['certificateBase64Encoded']
         })
-            .refine(options => options.authType !== 'certificate' || options.certificateFile || options.certificateBase64Encoded, {
-            message: 'Specify either certificateFile or certificateBase64Encoded'
+            .refine(options => options.authType !== 'certificate' ||
+            options.certificateFile ||
+            options.certificateBase64Encoded ||
+            cli.getConfig().get(settingsNames.clientCertificateFile) ||
+            cli.getConfig().get(settingsNames.clientCertificateBase64Encoded), {
+            message: 'Specify either certificateFile or certificateBase64Encoded',
+            path: ['certificateFile']
         })
-            .refine(options => options.authType !== 'secret' || options.secret, {
-            message: 'Secret is required when using secret authentication'
+            .refine(options => options.authType !== 'secret' ||
+            options.secret ||
+            cli.getConfig().get(settingsNames.clientSecret), {
+            message: 'Secret is required when using secret authentication',
+            path: ['secret']
         });
     }
     async commandAction(logger, args) {
@@ -59,13 +72,24 @@ class LoginCommand extends Command {
             await logger.logToStderr(`Logging out from Microsoft 365...`);
         }
         const deactivate = () => auth.connection.deactivate();
+        const getCertificate = (options) => {
+            // command args take precedence over settings
+            if (options.certificateFile) {
+                return fs.readFileSync(options.certificateFile).toString('base64');
+            }
+            if (options.certificateBase64Encoded) {
+                return options.certificateBase64Encoded;
+            }
+            return cli.getConfig().get(settingsNames.clientCertificateFile) ||
+                cli.getConfig().get(settingsNames.clientCertificateBase64Encoded);
+        };
         const login = async () => {
             if (this.verbose) {
                 await logger.logToStderr(`Signing in to Microsoft 365...`);
             }
             const authType = args.options.authType || cli.getSettingWithDefaultValue(settingsNames.authType, 'deviceCode');
-            auth.connection.appId = args.options.appId || config.cliEntraAppId;
-            auth.connection.tenant = args.options.tenant || config.tenant;
+            auth.connection.appId = args.options.appId || cli.getClientId();
+            auth.connection.tenant = args.options.tenant || cli.getTenant();
             auth.connection.name = args.options.connectionName;
             switch (authType) {
                 case 'password':
@@ -75,9 +99,9 @@ class LoginCommand extends Command {
                     break;
                 case 'certificate':
                     auth.connection.authType = AuthType.Certificate;
-                    auth.connection.certificate = args.options.certificateBase64Encoded ? args.options.certificateBase64Encoded : fs.readFileSync(args.options.certificateFile, 'base64');
+                    auth.connection.certificate = getCertificate(args.options);
                     auth.connection.thumbprint = args.options.thumbprint;
-                    auth.connection.password = args.options.password;
+                    auth.connection.password = args.options.password || cli.getConfig().get(settingsNames.clientCertificatePassword);
                     break;
                 case 'identity':
                     auth.connection.authType = AuthType.Identity;
@@ -88,7 +112,7 @@ class LoginCommand extends Command {
                     break;
                 case 'secret':
                     auth.connection.authType = AuthType.Secret;
-                    auth.connection.secret = args.options.secret;
+                    auth.connection.secret = args.options.secret || cli.getConfig().get(settingsNames.clientSecret);
                     break;
             }
             auth.connection.cloudType = args.options.cloud;