1.2.0/Connect-AzAD_Token.psm1
FUNCTION Connect-AzAD_Token { [CmdLetBinding()] [Alias("CAZADT")] param ( $DelegateID = "", [Parameter(DontShow = $true)] [string] $MsGraphVersion = "beta", [Parameter(DontShow = $true)] [string] $MsGraphHost = "graph.microsoft.com", $GraphURI = "https://$MSGraphHost/$MsGraphVersion", [string]$Tenant, [string]$ClientID, [string]$ClientSecret ) IF (($ClientID) -and ($ClientSecret)) { #Create the body of the Authentication of the request for the OAuth Token $Body = @{client_id=$ClientID;client_secret=$ClientSecret;grant_type="client_credentials";scope="https://$MSGraphHost/.default";} #Get the OAuth Token $OAuthReq = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -Body $Body #Return access token as a variable $OAuthReq.access_token } ELSE { Write-Host -ForegroundColor Cyan "Checking for AzureAD module..." $AADMod = Get-Module -Name "AzureAD" -ListAvailable $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) $IsUserAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (!($AADMod)) { Write-Host -ForegroundColor Yellow "AzureAD PowerShell module not found, looking for AzureADPreview" $AADModPrev = Get-Module -Name "AzureADPreview" -ListAvailable #Check to see if the AzureAD Preview Module is insalled, If so se that as the AAD Module Else Insall the AzureAD Module IF ($AADModPrev) { $AADMod = Get-Module -Name "AzureADPreview" -ListAvailable } else { try { IF ($IsUserAdmin) { Write-Host -ForegroundColor Yellow "AzureAD Preview is not installed..." Write-Host -ForegroundColor Cyan "Attempting to Install the AzureAD Powershell module..." Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -ErrorAction Stop | Out-Null Install-Module AzureAD -Force -ErrorAction Stop Start-Sleep 5 Import-Module AzureAD } ELSE { Write-Host -ForegroundColor Yellow "AzureAD Preview is not installed..." Write-Host -ForegroundColor Cyan "Attempting to Install the AzureAD Powershell module for the current user..." Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Scope CurrentUser -Force -ErrorAction SilentlyContinue | Out-Null Install-Module AzureAD -Scope CurrentUser -Force -ErrorAction Stop Start-Sleep 5 Import-Module AzureAD } } catch { Throw "Failed to install the AzureAD PowerShell Module" } } } $AADMod = ($AADMod | Select-Object -Unique | Sort-Object)[-1] $ADAL = Join-Path $AADMod.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" $ADALForms = Join-Path $AADMod.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll" [System.Reflection.Assembly]::LoadFrom($ADAL) | Out-Null [System.Reflection.Assembly]::LoadFrom($ADALForms) | Out-Null $UserInfo = Connect-AzureAD -ErrorAction Stop if ($DelegateID) { $AppClientID = $DelegateID } ELSE { # Microsoft Intune PowerShell Enterprise Application ID $AppClientID = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" } # The redirectURI $RedirectURI = "urn:ietf:wg:oauth:2.0:oob" #The Authority to connect with (YOur Tenant) IF ($Tenant) { $TenantID = $Tenant } Else { $TenantID = $UserInfo.TenantID } $Auth = "https://login.microsoftonline.com/$TenantID" try { $AuthContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $Auth # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto" $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($UserInfo.Account, "OptionalDisplayableId") $global:authResult = $AuthContext.AcquireTokenAsync(("https://" + $MSGraphHost),$AppClientID,$RedirectURI,$platformParameters,$userId).Result # If the accesstoken is valid then create the authentication header if($authResult.AccessToken){ # Creating header for Authorization token return $authResult } else { Throw "Authorization Access Token is null, please re-run authentication..." } } catch { Throw "There was an exception while running this module" } } } Export-ModuleMember -Alias * -Function * |