Auth/Get-InternalAcquireToken.ps1
|
Function Get-InternalAcquireToken { [CmdletBinding(DefaultParameterSetName='VisibleCredPrompt')] Param ( [Parameter(Mandatory=$true,ParameterSetName='ConnectByCredObject')] [System.Management.Automation.PSCredential]$Credential, [Parameter(Mandatory=$False,ParameterSetName='ConnectByCredObject')] [Parameter(Mandatory=$true,ParameterSetName='VisibleCredPrompt')] [String]$RedirectUri, [Parameter(Mandatory=$True)] [String]$LoginUrl, [Parameter(Mandatory=$True)] [String]$ClientId, [Parameter(Mandatory=$True)] [String]$ResourceUrl, [ValidateSet("Never", "Auto", "Suppress", "Always")] [String]$PromptBehavior, [Parameter(Mandatory=$True,ParameterSetName='ConnectByRefreshToken')] $RefreshToken ) $AuthContext = New-Object -TypeName Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext -ArgumentList ($LoginUrl) if ($PSCmdlet.ParameterSetName -eq "ConnectByCredObject") { $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Never Try { $UserCredential = New-Object -TypeName Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential -ArgumentList ($Credential.UserName, $Credential.Password) $authResult = $AuthContext.AcquireToken($ResourceUrl,$ClientId, $UserCredential) } Catch { } } ElseIf($PSCmdlet.ParameterSetName -eq "VisibleCredPrompt") { if ($PromptBehavior -eq "Always") { $ThisPromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always } Elseif ($PromptBehavior -eq "Suppress") { $ThisPromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Never } Else { #Check the credential cache to see if we already have an entry we can use $CacheHit = $AuthContext.TokenCache.ReadItems() | where {$_.Authority -eq $LoginUrl} if ($CacheHit) { Write-verbose " Attempting to authenticate using TokenCache" $ThisPromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Never } Else { $ThisPromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto } } Try { $authResult = $AuthContext.AcquireToken($ResourceUrl,$ClientId, $RedirectUri, $ThisPromptBehavior) } Catch { if ($_.Exception.Message -match "User canceled authentication") { Write-error "User Canceled authentication" return } if (($PromptBehavior -eq "Suppress") -or ($PromptBehavior -eq "Auto")) { #If that failed, and suppress is on, switch to auto $ThisPromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always $authResult = $AuthContext.AcquireToken($ResourceUrl,$ClientId, $RedirectUri, $ThisPromptBehavior) } } } ElseIf($PSCmdlet.ParameterSetName -eq "ConnectByRefreshToken") { try { $authResult = $AuthContext.AcquireTokenByRefreshToken($RefreshToken,$ClientId) } Catch { Write-error "Error acquiring updated token using refresh token." return } } if ($authResult) { Return $authResult } } |