MSApiConnect

1.0.0

functions/Get-OAuthHeaderUPN.ps1

                                <#

.SYNOPSIS

Authenticate to Azure AD with Azure Directory Authentication Librairy with your UserPrincipalName

.DESCRIPTION

Authenticate to Azure AD with Azure Directory Authentication Librairy with your UserPrincipalName and and Azure Ad Application

.PARAMETER ClientID

This is the Client ID (Application ID) of the registered Azure AD Application.

The Application need to have the right permission in your tenant.

.PARAMETER RedirectUri

Redirect URI of the Azure AD Application that is registered.

.PARAMETER ResourceAppIdURI

Resource URI of the Azure AD Application that is registered.

.PARAMETER UserPrincipalName

UserPrincipalName of the Admin Account

.EXAMPLE

TODO - Example

TODO - Line 2

.NOTES

#

#>

function Get-OAuthHeaderUPN

{

    [OutputType([Hashtable])]

    [cmdletbinding()]

    param(

    [Parameter(Mandatory = $True)]

          [string]$ClientID,

    [Parameter(Mandatory = $True)]

          [string]$RedirectUri,

    [Parameter(Mandatory = $True)]

          [string]$ResourceAppIdURI,

    [Parameter(Mandatory = $False)]

          [string]$UserPrincipalName

    )

    $AzureADDLL = Get-AzureADDLL

    if([string]::IsNullOrEmpty($UserPrincipalName))

    {

        $UserPrincipalName = Get-CurrentUPN

    }

    $TenantName = $UserPrincipalName.split("@")[1]

    $TenantInfo = Get-TenantLoginEndPoint -TenantName $TenantName

    $NULL = [System.Reflection.Assembly]::LoadFrom($AzureADDLL)

    [string] $authority = $TenantInfo.authorization_endpoint

    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

    $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto

    $platformParam = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList $PromptBehavior

    $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList $UserPrincipalName, "OptionalDisplayableId"

    Try{

        $authResult = $authContext.AcquireTokenSilentAsync($resourceAppIdURI, $clientId)

        $AuthHeader=$authResult.result.CreateAuthorizationHeader()

    }

    Catch{

    $authResult = $authContext.AcquireTokenAsync($resourceAppIdURI, $clientId, $redirectUri, $platformParam, $userId)

    $AuthHeader=$authResult.result.CreateAuthorizationHeader()

    }

    $headers = @{

        "Authorization" = $AuthHeader

        "Content-Type"  = "application/json"

        "ExpiresOn"     = $authResult.Result.ExpiresOn

        "AppID"     = $ClientID

        "UserID"     = $UserPrincipalName

        }

    Return $headers

}