EasyGraph

1.4.0

Private/Get-EasyGraphAuthTokenUserAuth.ps1

                                function Get-EasyGraphAuthTokenUserAuth {

    if ($IsLinux -or $IsMacOS) {

        throw 'The selected authentication method is not available on this platform'

    }

    if (-not $GraphConnection.TenantId) {

        $GraphConnection.TenantId = 'common'

    }

    $Resource = 'https://graph.microsoft.com/'

    $RedirectUri = 'https://login.microsoftonline.com/common/oauth2/nativeclient'

    Add-Type -AssemblyName System.Web

    $Query = [System.Web.HttpUtility]::ParseQueryString([string]::Empty)

    $Query.Add('response_type', 'code')

    $Query.Add('client_id', $GraphConnection.AppId)

    $Query.Add('login_hint', $GraphConnection.UserName)

    $Query.Add('redirect_uri', $RedirectUri)

    $Query.Add('resource', $Resource)

    $Url = "https://login.microsoftonline.com/$($GraphConnection.TenantId)/oauth2/authorize?$($Query.ToString())"

    Add-Type -AssemblyName System.Windows.Forms

    $FormProperties = @{

        FormBorderStyle         = [System.Windows.Forms.FormBorderStyle]::FixedDialog

        Width                   = 568

        Height                  = 760

        MinimizeBox             = $false

        MaximizeBox             = $false

        TopMost                 = $true

    }

    $Form = New-Object -TypeName System.Windows.Forms.Form -Property $FormProperties

    $WebBrowserProperties = @{

        Dock                    = [System.Windows.Forms.DockStyle]::Fill

        Url                     = $Url

        ScriptErrorsSuppressed  = $true

    }

    $WebBrowser = New-Object -TypeName System.Windows.Forms.WebBrowser -Property $WebBrowserProperties

    $WebBrowser.Add_DocumentCompleted({$Form.Text=$WebBrowser.Document.Title; if ($WebBrowser.Url.AbsoluteUri -match 'error=[^&]*|code=[^&]*') {$Form.Close()}})

    $Form.Controls.Add($WebBrowser)

    $Form.Add_Shown({$Form.Activate()})

    $Form.ShowDialog() | Out-Null

    $AuthorizationCode = [System.Web.HttpUtility]::ParseQueryString($WebBrowser.Url.Query)['code']

    $WebBrowser.Dispose()

    $Form.Dispose()

    if ($AuthorizationCode) {

        $TokenRequest = @{

            Uri             = "https://login.microsoftonline.com/$($GraphConnection.TenantId)/oauth2/token"

            Method          = 'Post'

            ContentType     = 'application/x-www-form-urlencoded'

            Body = @{

                grant_type      = 'authorization_code'

                redirect_uri    = $RedirectUri

                client_id       = $GraphConnection.AppId

                code            = $AuthorizationCode

                resource        = $Resource

            }

        }

        $TokenResponse = Invoke-RestMethod @TokenRequest

        $GraphConnection.AccessToken = $TokenResponse.access_token

        $GraphConnection.RefreshToken = $TokenResponse.refresh_token

        $GraphConnection.Expires = ([DateTime]::UtcNow).AddSeconds($TokenResponse.expires_in)

        $IdToken = $TokenResponse.id_token | ConvertFrom-JWTtoken

        $GraphConnection.TenantId = $IdToken.tid

        $GraphConnection.UserName = $IdToken.upn

    } else {

        throw 'Authentication canceled'

    }

}