BitTitan.Runbooks.MicrosoftGraph.Beta

0.1.3

Functions/Get-MicrosoftGraphAuthenticationToken.ps1

                                <#

.SYNOPSIS

    This function contacts the Microsoft Graph authentication servers to obtain an authentication token.

#>

function Get-MicrosoftGraphAuthenticationToken {

    [CmdletBinding(PositionalBinding=$false)]

    [OutputType([String])]

    param (

        # The application ID of the Microsoft Graph web application.

        [Parameter(Mandatory=$true, ParameterSetName="values")]

        [ValidateNotNullOrEmpty()]

        [String]$applicationId,

        # The client secret of the Microsoft Graph web application.

        [Parameter(Mandatory=$true, ParameterSetName="values")]

        [ValidateNotNullOrEmpty()]

        [String]$clientSecret,

        # The name of the organization in Office 365.

        # Example: if the onmicrosoft domain is contoso.onmicrosoft.com, the organization name is 'contoso'

        [Parameter(Mandatory=$true, ParameterSetName="values")]

        [ValidateNotNullOrEmpty()]

        [String]$organizationName,

        # The MSPComplete endpoint containing the application ID and client secret in the credential.

        [Parameter(Mandatory=$true, ParameterSetName="endpoint", ValueFromPipeline=$true)]

        [ValidateNotNull()]

        $endpoint

    )

    # Retrieve the properties from the endpoint

    if ($PSCmdlet.ParameterSetName -eq "endpoint") {

        $applicationId = $endpoint.Credential.Username

        $clientSecret = $endpoint.Credential.GetNetworkCredential().Password

        if ([String]::IsNullOrWhiteSpace((Search-HashTable $endpoint.ExtendedProperties "OrganizationName"))) {

            Write-Error "The endpoint does not have an 'OrganizationName' extended property."

            return

        }

        $organizationName = $endpoint.ExtendedProperties.OrganizationName

    }

    # Construct the REST call

    $url = "https://login.microsoftonline.com/$($organizationName).onmicrosoft.com/oauth2/v2.0/token"

    $body = @{

        client_id       = $applicationId

        grant_type      = "client_credentials"

        client_secret   = $clientSecret

        scope           = "https://graph.microsoft.com/.default"

    }

    # Create hash table for params

    $invokeRestMethodParams = @{

        Uri         = $url

        ContentType = "application/x-www-form-urlencoded"

        Body        = $body

        Method      = "POST"

    }

    # Invoke the REST call

    try {

        $response = Invoke-RestMethod @invokeRestMethodParams

    }

    catch {

        Write-Error "Exception occurred while invoking REST call.`r`n$($_.Exception.Message)"

        return

    }

    # Verify the response

    if ($null -eq $response -or $response.expires_in -le 0 -or [String]::IsNullOrWhiteSpace($response.access_token)) {

        Write-Error "Failed to retrieve the access token."

        return

    }

    # Return the access token

    return $response.access_token

}