Exch-Rest

3.50.0

functions/oAuth/New-EXRJWTToken.ps1

                                function New-EXRJWTToken {

    [CmdletBinding()]

    param (

        [Parameter(Position = 1, Mandatory = $false)]

        [string]

        $CertFileName,

        [Parameter(Position = 2, Mandatory = $false)]

        [System.Security.Cryptography.X509Certificates.X509Certificate2]

        $Certificate,

        [Parameter(Position = 3, Mandatory = $true)]

        [string]

        $TenantId,

        [Parameter(Position = 4, Mandatory = $true)]

        [string]

        $ClientId,

        [Parameter(Position = 5, Mandatory = $true)]

        [Int32]

        $ValidateForMinutes,

        [Parameter(Mandatory = $false)]

        [Security.SecureString]

        $password

    )

    Begin {

        $date1 = Get-Date -Date "01/01/1970"

        $date2 = (Get-Date).ToUniversalTime().AddMinutes($ValidateForMinutes)

        $date3 = (Get-Date).ToUniversalTime().AddMinutes(-5)

        $exp = [Math]::Round((New-TimeSpan -Start $date1 -End $date2).TotalSeconds, 0)

        $nbf = [Math]::Round((New-TimeSpan -Start $date1 -End $date3).TotalSeconds, 0)

        $exVal = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

        if (![String]::IsNullOrEmpty($CertFileName)) {

            $Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $CertFileName, $password, $exVal

        }        

        $x5t = [System.Convert]::ToBase64String($Certificate.GetCertHash())

        $jti = [System.Guid]::NewGuid().ToString()

        $headerAssertion = @"

{

     "alg": "RS256",

     "x5t": "$x5t"

}

"@

        $payLoadAssertion += @"

{

    "aud": "https://login.windows.net/$TenantId/oauth2/token",

    "exp": $exp,

    "iss": "$ClientId",

    "jti": "$jti",

    "nbf": $nbf,

    "sub": "$ClientId"

}

"@

        $encodedHeader = [System.Convert]::ToBase64String([System.Text.UTF8Encoding]::UTF8.GetBytes($headerAssertion)).Replace('=', '').Replace('+', '-').Replace('/', '_')

        $encodedPayLoadAssertion = [System.Convert]::ToBase64String([System.Text.UTF8Encoding]::UTF8.GetBytes($payLoadAssertion)).Replace('=', '').Replace('+', '-').Replace('/', '_')

        $JWTOutput = $encodedHeader + "." + $encodedPayLoadAssertion

        $SigBytes = [System.Text.UTF8Encoding]::UTF8.GetBytes($JWTOutput)

        $rsa = $Certificate.PrivateKey;

        $sha256 = [System.Security.Cryptography.SHA256]::Create()

        $hash = $sha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($encodedHeader + '.' + $encodedPayLoadAssertion));

        $sigform = New-Object System.Security.Cryptography.RSAPKCS1SignatureFormatter($rsa);

        $sigform.SetHashAlgorithm("SHA256");

        $sig = [System.Convert]::ToBase64String($sigform.CreateSignature($hash)).Replace('=', '').Replace('+', '-').Replace('/', '_')

        $JWTOutput = $encodedHeader + '.' + $encodedPayLoadAssertion + '.' + $sig

        Write-Output ($JWTOutput)

    }

}