Problem using PnP Core GetAzureADAppOnlyAuthenticatedContext() with Azure Functions runtime.

I was working on an Azure Function recently that used the OfficeDevPnPCore AuthenticationManager() class with the GetAzureADAppOnlyAuthenticatedContext() method to get an app only authentication context.

new AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext();

I was running into the very helpful error message of “Object reference not set to the instance of an object”.

After a little digging around I came across the following GitHub issue when pointed me in the right direction.

The problem seems to be with the latest runtime. I was running version 1.0.9 of the Azure Functions Core Tools to locally debug the function.

If you look at the app settings for your function in the portal, you will see that there is a setting called “FUNCTIONS_EXTENSION_VERSION” and this will be set to the value ~1 which means use the latest runtime.

The solution to being able to run this above code on Azure was to force the runtime to use a particular version. I set mine to 1.0.11388 which got everything working again.



However I still needed to debug the function locally so I needed to update my local version of the core tools.

If you open a command prompt and type


you will see which runtime you have installed.


As you can see I had version 1.0.9 installed. I looked through the releases on GitHub at and decided to downgrade my tools to version 1.0.7.

After downgrading to version 1.0.7 I found that the above app only auth call started to work again.



Looking up SharePoint taxonomy terms from Microsoft Flow app using an Azure Function

In this post I am going to show you how you can use an Azure Function to return an item from the SharePoint Online term store and use that value inside a Microsoft Flow app.

As an example of where this might be useful think of something like an approval workflow using Microsoft Flow that can lookup an approver’s email address from the SharePoint term store.

The basic architecture looks like below:


Getting started

The first thing to do is to download the source code from this GitHub repository.

The code includes an Authentication context that supports both App Only authentication and SharePoint authentication through AppRegNew.aspx.

This can be configured by changing the Azure Function app setting called AUTH_TYPE from AppOnly to SPAuth.

Creating Azure AD App

We need our Azure Function to be able to authenticate with SharePoint so we will create a new Azure AD app in the portal and configure it’s application permissions to allow SharePoint access.

Setting up App Only auth is quite lengthy and there is pretty good documentation over on you can follow the steps in this article to create an Azure AD app and then follow this article to configure it for app only authentication

Once you have the Azure AD app created and your app only certificate, make sure you put the .pfx file inside the .\Cert directory inside the solution and set its ‘Copy to Output Directory’ property to ‘Copy Always’. You will also need to update the name of this certificate in the Azure Function app settings in the CERT_NAME setting.

Open the permissions for the newly created AAD app in the portal and make sure the Office 365 SharePoint Online permissions are configure as below:


You will need to make a note of the Application ID for this AAD app and update the AUTH_ID app setting in the Azure Function once created.


Deploying Azure Function

In the Azure Portal create a new Function App as shown below and make a note of the App Name.


Next we want to deploy the function to Azure. We can either download the publish profile from the portal or use the Azure Functions Core Tools library

To use the core tools to deploy make sure you first build the solution. Open a command prompt and CD to .\bin\debug\net461 folder.

After installing the tools with

npm i -g azure-functions-core-tools

Then run

func azure functionapp publish leetestsptaxlookup

Replace leetestsptaxlookup with the function name you created earlier.

Update the functions app settings with the values in the local.settings.json file replacing the values with the ones that relate to your tenant.


Configure the Azure Function taxonomy lookup

The Azure Function will lookup from the term store based on the value in the TERM_GROUP app setting.

For instance if our term store structure look like below:


We would set our TERM_GROUP setting to be the value “Lee;Settings;SiteRequestApprover”. Notice the structure is TermGroup -> TermSet -> Term all separated by a semi colon.


Creating Microsoft Flow App

Open Microsoft Flow and create a new Flow. You can pick whichever trigger you want to use. Create a new HTTP action and configure as shown below:


The HTTP action just makes a GET request to the Azure Function passing in two parameters; siteUrl and code.

siteUrl is the URL of the SharePoint site you want to use as a context for obtaining the taxonomy values. You need to pass your host key to the code parameter. You can view your host keys when you visit the settings page for your function in the Azure portal.


When your Flow is run the Azure function will return the value from the term store inside the body of the HTTP response as show below:


This Body value can then be used as a parameter to other actions. This means we can use a value from the term store to drive decisions within our Microsoft Flow app. This could be something like an approver for a workflow for example. In reality any value can be retrived from the term store and we can host multiple Azure functions for different values.