@spfxappdev/cli Version 2.0.0 is Here
I am very excited to announce that version 2.0.0 of the @spfxappdev/cli is officially released.
While there are a few smaller updates under the hood, this major release focuses on one very important breaking change: The way the CLI authenticates with SharePoint and Microsoft 365.
If you use the CLI to automatically generate models based on your SharePoint lists, this article is for you. Here is everything you need to know about the new authentication process.
Goodbye sp-request (Username & Password)
In previous versions, the CLI used the sp-request package. This allowed you to connect to your SharePoint environment by simply typing in your username and password.
While this was very easy to use, it had some big problems:
Security: Sending a username and password directly is no longer recommended.
MFA (Multi-Factor Authentication): Username and password logins often fail if your organization uses MFA or conditional access policies. Microsoft is actively disabling basic authentication across all tenants.
To make the CLI future-proof and much more secure, username and password authentication is no longer supported in version 2.0.0.
Welcome msal-node (Modern Authentication)
To replace the old method, the CLI now uses the official Microsoft Authentication Library for Node.js (@azure/msal-node).
Instead of a user account, you now need an App Registration in Microsoft Entra ID (formerly Azure AD). This is the modern, secure way to connect to Microsoft 365.
Depending on your needs, you can now choose between two different authentication methods:
1. The Device Code Flow (Easy & Interactive)
If you only provide a Client ID to the CLI, it will use the Device Code Flow.
How it works: The CLI will show you a short code and a Microsoft login URL in your terminal. You just open the link in your browser, enter the code, and log in securely with your normal Microsoft 365 account (MFA works perfectly here!).
- Behind the scenes: This method uses Delegated Permissions and connects to the SharePoint REST API. The authentication is cached, so you don't have to log in every single time.
2. The Client Credentials Flow (Automated & Background)
If you provide both a Client ID and a Client Secret to the CLI, it will use the Client Credentials Flow.
How it works: The CLI logs in automatically in the background without any browser interaction. This is great if you don't want to be interrupted or if you are running scripts automatically.
- Behind the scenes: This method uses Application Permissions (App-Only) and connects to the Microsoft Graph API.
Important: SharePoint REST API vs. Microsoft Graph API
Because the two flows use different APIs under the hood, there is a small difference in the models that the CLI generates for you:
When using Device Code (SharePoint REST API): The CLI gets full details about your SharePoint lists. It can read hidden fields and knows the exact types of complex fields (like Taxonomy or URL fields).
When using Client Credentials (Graph API): The Graph API is very fast, but it does not return all field details. Hidden fields cannot be read, and complex fields (like Taxonomy) might be typed as
anyin your generated TypeScript model.
If you need strict type safety for complex fields, I highly recommend using the Device Code Flow (leaving the Client Secret empty).
Ready to upgrade?
You can install the new version globally via npm right now:
Bash
npm i @spfxappdev/cli -g
To learn exactly how to set up your App Registration in Azure and configure the CLI, please check out the updated documentation on the GitHub repository
Thank you for using the CLI, and happy coding!
