internal/functions/oauth/Get-ProfiledToken.ps1
|
function Get-ProfiledToken { [CmdletBinding()] param ( [Parameter(Position = 0, Mandatory = $false)] [string] $MailboxName, [Parameter(Position = 0, Mandatory = $false)] [string] $ResourceURL ) Process { if ([String]::IsNullOrEmpty($ResourceURL)) { $ResourceURL = "graph.microsoft.com" } if ($Script:TokenCache.ContainsKey($ResourceURL)) { $AccessToken = $null if ([String]::IsNullOrEmpty($MailboxName)) { $firstToken = $Script:TokenCache[$ResourceURL].GetEnumerator() | select -first 1 $AccessToken = $firstToken.Value } else { $HostDomain = (New-Object system.net.Mail.MailAddress($MailboxName)).Host.ToLower() if ($Script:TokenCache[$ResourceURL].ContainsKey($HostDomain)) { $AccessToken = $Script:TokenCache[$ResourceURL][$HostDomain] } } if ($AccessToken -ne $null) { $MailboxName = $AccessToken.mailbox if ($AccessToken.ADAL) { $Context = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($AccessToken.Authority) $token = ($Context.AcquireTokenSilentAsync($AccessToken.resource,$AccessToken.clientid)).Result if($token.AccessToken -ne $AccessToken.AccessToken){ if($token.refresh){ write-host "Refreshed Token ADAL" if ([bool]($token.PSobject.Properties.name -match "AccessToken")) { #$AdalToken.access_token = Add-Member -InputObject $token -NotePropertyName access_token -NotePropertyValue (Get-ProtectedToken -PlainToken $token.AccessToken) -Force } Add-Member -InputObject $token -NotePropertyName clientid -NotePropertyValue $AccessToken.clientid Add-Member -InputObject $token -NotePropertyName ADAL -NotePropertyValue $True Add-Member -InputObject $token -NotePropertyName redirectUrl -NotePropertyValue $AccessToken.redirectUrl Add-Member -InputObject $token -NotePropertyName resource -NotePropertyValue $AccessToken.resource Add-Member -InputObject $token -NotePropertyName mailbox -NotePropertyValue $AccessToken.mailbox Add-Member -InputObject $token -NotePropertyName resourceCache -NotePropertyValue $AccessToken.resourceCache if(![String]::IsNullOrEmpty($AccessToken.TenantId)){ Add-Member -InputObject $token -NotePropertyName TenantId -NotePropertyValue $AccessToken.TenantId -Force } Add-Member -InputObject $token -NotePropertyName Cached -NotePropertyValue $true $HostDomain = (New-Object system.net.Mail.MailAddress($AccessToken.mailbox)).Host.ToLower() if(!$Script:TokenCache[$AccessToken.resourceCache].ContainsKey($HostDomain)){ $Script:TokenCache[$AccessToken.resourceCache].Add($HostDomain,$token) } else{ $Script:TokenCache[$AccessToken.resourceCache][$HostDomain] = $token } $AccessToken = $token } } } else { #Check for expired Token $minTime = new-object DateTime(1970, 1, 1, 0, 0, 0, 0, [System.DateTimeKind]::Utc); $expiry = $minTime.AddSeconds($AccessToken.expires_on) if ($expiry -le [DateTime]::Now.ToUniversalTime().AddMinutes(10)) { if ([bool]($AccessToken.PSobject.Properties.name -match "refresh_token")) { write-host "Refresh Token" $AccessToken = Invoke-RefreshAccessToken -MailboxName $MailboxName -AccessToken $AccessToken } else { throw "App Token has expired" } } } return $AccessToken } } } } |