Connect-AzAD_Token

1.2.0

1.2.0/Connect-AzAD_Token.psm1

                                FUNCTION Connect-AzAD_Token {

    [CmdLetBinding()]

    [Alias("CAZADT")]

    param (

        $DelegateID = "",

        [Parameter(DontShow = $true)]

        [string]

        $MsGraphVersion = "beta",

        [Parameter(DontShow = $true)]

        [string]

        $MsGraphHost = "graph.microsoft.com",

        $GraphURI = "https://$MSGraphHost/$MsGraphVersion",

        [string]$Tenant,

        [string]$ClientID,

        [string]$ClientSecret

    )

    IF (($ClientID) -and ($ClientSecret)) {

        #Create the body of the Authentication of the request for the OAuth Token

        $Body = @{client_id=$ClientID;client_secret=$ClientSecret;grant_type="client_credentials";scope="https://$MSGraphHost/.default";}

        #Get the OAuth Token 

        $OAuthReq = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -Body $Body

        #Return access token as a variable

        $OAuthReq.access_token

    } ELSE {

        Write-Host -ForegroundColor Cyan "Checking for AzureAD module..."

        $AADMod = Get-Module -Name "AzureAD" -ListAvailable

        $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())

        $IsUserAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

                if (!($AADMod)) {

            Write-Host -ForegroundColor Yellow "AzureAD PowerShell module not found, looking for AzureADPreview"

            $AADModPrev = Get-Module -Name "AzureADPreview" -ListAvailable

            #Check to see if the AzureAD Preview Module is insalled, If so se that as the AAD Module Else Insall the AzureAD Module

            IF ($AADModPrev) {

                $AADMod = Get-Module -Name "AzureADPreview" -ListAvailable

            } else {

                try {

                    IF ($IsUserAdmin) {

                        Write-Host -ForegroundColor Yellow "AzureAD Preview is not installed..."

                        Write-Host -ForegroundColor Cyan "Attempting to Install the AzureAD Powershell module..."

                        Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -ErrorAction Stop | Out-Null

                        Install-Module AzureAD -Force -ErrorAction Stop

                        Start-Sleep 5 

                        Import-Module AzureAD 

                    } ELSE {

                        Write-Host -ForegroundColor Yellow "AzureAD Preview is not installed..."

                        Write-Host -ForegroundColor Cyan "Attempting to Install the AzureAD Powershell module for the current user..."

                        Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Scope CurrentUser -Force -ErrorAction SilentlyContinue | Out-Null

                        Install-Module AzureAD  -Scope CurrentUser -Force -ErrorAction Stop 

                        Start-Sleep 5

                        Import-Module AzureAD

                    }

                }

                catch {

                    Throw "Failed to install the AzureAD PowerShell Module" 

                }   

            }

        }

        $AADMod = ($AADMod | Select-Object -Unique | Sort-Object)[-1]

        $ADAL = Join-Path $AADMod.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"

        $ADALForms = Join-Path $AADMod.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

        [System.Reflection.Assembly]::LoadFrom($ADAL) | Out-Null

        [System.Reflection.Assembly]::LoadFrom($ADALForms) | Out-Null

        $UserInfo = Connect-AzureAD -ErrorAction Stop

        if ($DelegateID) {

            $AppClientID = $DelegateID

        } ELSE {

            # Microsoft Intune PowerShell Enterprise Application ID 

            $AppClientID = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"

        }

        # The redirectURI

        $RedirectURI = "urn:ietf:wg:oauth:2.0:oob"

        #The Authority to connect with (YOur Tenant)

        IF ($Tenant) {

            $TenantID = $Tenant

        } Else {

            $TenantID = $UserInfo.TenantID

        }

        $Auth = "https://login.microsoftonline.com/$TenantID"

        try {

            $AuthContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $Auth

            # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx

            # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession

            $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"

            $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($UserInfo.Account, "OptionalDisplayableId")

            $global:authResult = $AuthContext.AcquireTokenAsync(("https://" + $MSGraphHost),$AppClientID,$RedirectURI,$platformParameters,$userId).Result

            # If the accesstoken is valid then create the authentication header

            if($authResult.AccessToken){

                # Creating header for Authorization token

                return $authResult

            } else {

                Throw "Authorization Access Token is null, please re-run authentication..."

            }

        }

        catch {

            Throw "There was an exception while running this module"

        }

    }

}

Export-ModuleMember -Alias * -Function *