functions/other/Get-AppOnlyToken.ps1

function Get-AppOnlyToken
{
    param (
        
        [Parameter(Position = 1, Mandatory = $true)]
        [string]
        $CertFileName,
        
        [Parameter(Position = 2, Mandatory = $false)]
        [string]
        $TenantId,
        
        [Parameter(Position = 3, Mandatory = $false)]
        [string]
        $ClientId,
        
        [Parameter(Position = 4, Mandatory = $false)]
        [string]
        $redirectUrl,
        
        [Parameter(Position = 6, Mandatory = $false)]
        [Int32]
        $ValidateForMinutes,
        
        [Parameter(Position = 7, Mandatory = $false)]
        [string]
        $ResourceURL,
        
        [Parameter(Position = 8, Mandatory = $false)]
        [switch]
        $Beta,
        
        [Parameter(Mandatory = $true)]
        [Security.SecureString]
        $password
        
    )
    Begin
    {
        $AppSetting = Get-AppSettings
        if ($TenantId -eq $null)
        {
            $AppSetting.TenantId
        }
        if ($ClientId -eq $null)
        {
            $ClientId = $AppSetting.ClientId
        }
        if ($redirectUrl -eq $null)
        {
            $redirectUrl = $AppSetting.redirectUrl
        }
        if ($ValidateForMinutes -eq 0)
        {
            $ValidateForMinutes = $AppSetting.ValidateForMinutes
        }
        if ([String]::IsNullOrEmpty($ResourceURL))
        {
            $ResourceURL = $AppSetting.ResourceURL
        }
        $JWTToken = New-JWTToken -CertFileName $CertFileName -password $password -TenantId $TenantId -ClientId $ClientId -ValidateForMinutes $ValidateForMinutes
        Add-Type -AssemblyName System.Web
        $HttpClient = Get-HTTPClient(" ")
        $AuthorizationPostRequest = "resource=https%3A%2F%2F$ResourceURL&client_id=$ClientId&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=$JWTToken&grant_type=client_credentials&redirect_uri=$redirectUrl"
        $content = New-Object System.Net.Http.StringContent($AuthorizationPostRequest, [System.Text.Encoding]::UTF8, "application/x-www-form-urlencoded")
        $ClientReesult = $HttpClient.PostAsync([Uri]("https://login.windows.net/" + $TenantId + "/oauth2/token"), $content)
        $JsonObject = ConvertFrom-Json -InputObject $ClientReesult.Result.Content.ReadAsStringAsync().Result
        if ([bool]($JsonObject.PSobject.Properties.name -match "refresh_token"))
        {
            $JsonObject.refresh_token = (Get-ProtectedToken -PlainToken $JsonObject.refresh_token)
        }
        if ([bool]($JsonObject.PSobject.Properties.name -match "access_token"))
        {
            $JsonObject.access_token = (Get-ProtectedToken -PlainToken $JsonObject.access_token)
        }
        if ([bool]($JsonObject.PSobject.Properties.name -match "id_token"))
        {
            $JsonObject.id_token = (Get-ProtectedToken -PlainToken $JsonObject.id_token)
        }
        Add-Member -InputObject $JsonObject -NotePropertyName tenantid -NotePropertyValue $TenantId
        Add-Member -InputObject $JsonObject -NotePropertyName clientid -NotePropertyValue $ClientId
        Add-Member -InputObject $JsonObject -NotePropertyName redirectUrl -NotePropertyValue $redirectUrl
        if ($Beta.IsPresent)
        {
            Add-Member -InputObject $JsonObject -NotePropertyName Beta -NotePropertyValue True
        }
        return $JsonObject
    }
}