Functions/Get-PartnerCenterAccessToken.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<#
.SYNOPSIS
    This function retrieves an access token from the Partner Center authentication servers.
.DESCRIPTION
    This function retrieves an access token from the Partner Center authentication servers.
    This access token is used in Partner Center REST API calls.
    Returns null if failed to retrieve the access token.
.EXAMPLE
    Get-PartnerCenterAccessToken -Endpoint $Endpoint
.EXAMPLE
    $Endpoint | Get-PartnerCenterAccessToken
.EXAMPLE
    Get-PartnerCenterAccessToken -Username $username -Password $password -ApplicationId $applicationId
#>

function Get-PartnerCenterAccessToken {
    [CmdletBinding(PositionalBinding=$false)]
    [OutputType([String])]
    param (
        # The username of the Partner Center admin account.
        [Parameter(Mandatory=$true, ParameterSetName="credential")]
        [String]$username,

        # The password of the Partner Center admin account.
        [Parameter(Mandatory=$true, ParameterSetName="credential")]
        [SecureString]$password,

        # The Partner Center Native App Application Id.
        [Parameter(Mandatory=$true, ParameterSetName="credential")]
        [GUID]$applicationId,

        # The MSPComplete Endpoint containing the Partner Center admin credentials.
        [Parameter(Mandatory=$true, ParameterSetName="endpoint", ValueFromPipeline=$true)]
        $endpoint
    )

    # If given endpoint, retrieve username, password and application ID
    if ($PSCmdlet.ParameterSetName -eq "endpoint") {
        $partnerCenterCredential = $endpoint.Credential
        $username = $partnerCenterCredential.Username
        $password = $partnerCenterCredential.Password

        # Check if endpoint has application ID extended property
        if (!($endpoint.ExtendedProperties) -or !(Search-HashTable -HashTable $endpoint.ExtendedProperties -Key "ApplicationId")) {
            Write-Error "Endpoint provided does not have an 'ApplicationId' extended property."
            return $null
        }
        $applicationId = $endpoint.ExtendedProperties.ApplicationId
    }

    # Retrieve plaintext password
    $plainTextPassword = ([PSCredential]::new("username", $password)).GetNetworkCredential().Password

    # Extract the domain from the username
    $domain = Get-EmailAddressDomain $username
    if ([String]::IsNullOrWhiteSpace($domain)) {
        Write-Error "Failed to extract domain from username '$($username)'."
        return $null
    }

    # Construct the REST call
    Add-Type -AssemblyName System.Web
    $url = "https://login.windows.net/$($domain)/oauth2/token"
    $body = "grant_type=password&resource=https://api.partnercenter.microsoft.com&" `
          + "client_id=$([System.Web.HttpUtility]::UrlEncode($applicationID))&" `
          + "username=$([System.Web.HttpUtility]::UrlEncode($username))&" `
          + "password=$([System.Web.HttpUtility]::UrlEncode($plainTextPassword))&" `
          + "scope=openid"

    # Create hash table for params
    $invokeRestMethodParams = @{
        Uri         = $url
        ContentType = "application/x-www-form-urlencoded"
        Body        = $body
        Method      = "POST"
    }

    # Invoke the REST call
    try {
        $response = Invoke-RestMethod @invokeRestMethodParams
    }
    catch {
        Write-Error "Exception occurred while invoking REST call.`r`n$($_.Exception.Message)"
        return $null
    }

    # Verify the response
    if ($null -eq $response -or $response.expires_in -le 0 -or [String]::IsNullOrWhiteSpace($response.access_token)) {
        Write-Error "Failed to retrieve the access token."
        return $null
    }

    # Return the access token
    return $response.access_token
}