MSGraph.PS

1.18.0.1

Connect-MsGraph.ps1

                                <#

.SYNOPSIS

    Connects with an authenticated account to use Microsoft Graph cmdlet requests.

.DESCRIPTION

    The cmdlet connects an authenticated account to use for Microsoft Graph cmdlet requests.

.EXAMPLE

    PS C:\>Connect-MsGraph -ClientId '00000000-0000-0000-0000-000000000000' -Scope 'https://graph.microsoft.com/User.Read','https://graph.microsoft.com/Files.ReadWrite'

    Authenticate to Microsoft Graph (with permissions User.Read and Files.ReadWrite) using client id from application registration (public client).

.EXAMPLE

    PS C:\>Connect-MsGraph -ClientId '00000000-0000-0000-0000-000000000000' -TenantId '00000000-0000-0000-0000-000000000000' -Interactive -Scope 'https://graph.microsoft.com/User.Read' -LoginHint user@domain.com

    Force interactive authentication to Microsoft Graph (with permissions User.Read) for specific Azure AD tenant using client id from application registration (public client).

.EXAMPLE

    PS C:\>Connect-MsGraph -ClientId '00000000-0000-0000-0000-000000000000' -ClientSecret (ConvertTo-SecureString 'SuperSecretString' -AsPlainText -Force) -Scope 'https://graph.microsoft.com/.default'

    Authenticate to Microsoft Graph (with permissions .Default) using client id and secret from application registration (confidential client).

.EXAMPLE

    PS C:\>$ClientCertificate = Get-Item Cert:\CurrentUser\My\0000000000000000000000000000000000000000

    PS C:\>Connect-MsGraph -ClientId '00000000-0000-0000-0000-000000000000' -ClientCertificate $ClientCertificate -TenantId '00000000-0000-0000-0000-000000000000'

    Authenticate to Microsoft Graph (with permissions .Default) for specific Azure AD tenant using client id and certificate.

#>

function Connect-MsGraph {

    [CmdletBinding(DefaultParameterSetName = 'PublicClient')]

    [OutputType([Microsoft.Graph.GraphServiceClient])]

    param

    (

        # Identifier of the client requesting the token.

        [parameter(Mandatory=$true, ParameterSetName='PublicClient')]

        [parameter(Mandatory=$false, ParameterSetName='PublicClient-InputObject')]

        [parameter(Mandatory=$true, ParameterSetName='ConfidentialClientSecret')]

        [parameter(Mandatory=$true, ParameterSetName='ConfidentialClientCertificate')]

        [parameter(Mandatory=$false, ParameterSetName='ConfidentialClient-InputObject')]

        [string] $ClientId,

        # Secure secret of the client requesting the token.

        [parameter(Mandatory=$true, ParameterSetName='ConfidentialClientSecret')]

        [parameter(Mandatory=$false, ParameterSetName='ConfidentialClient-InputObject')]

        [securestring] $ClientSecret,

        # Client assertion certificate of the client requesting the token.

        [parameter(Mandatory=$true, ParameterSetName='ConfidentialClientCertificate')]

        [parameter(Mandatory=$false, ParameterSetName='ConfidentialClient-InputObject')]

        [System.Security.Cryptography.X509Certificates.X509Certificate2] $ClientCertificate,

        # Address to return to upon receiving a response from the authority.

        [parameter(Mandatory=$false)]

        [uri] $RedirectUri,

        # Tenant identifier of the authority to issue token.

        [parameter(Mandatory=$false)]

        [string] $TenantId,

        # Public client application options

        [parameter(Mandatory=$true, ValueFromPipeline=$true, ParameterSetName='PublicClient-InputObject', Position=0)]

        [Microsoft.Identity.Client.PublicClientApplicationOptions] $PublicClientOptions,

        # Confidential client application options

        [parameter(Mandatory=$true, ValueFromPipeline=$true, ParameterSetName='ConfidentialClient-InputObject', Position=0)]

        [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions,

        # Array of scopes requested for resource

        [Parameter(Mandatory=$false)]

        [string[]] $Scopes = 'https://graph.microsoft.com/.default',

        # Microsoft Graph version

        [Parameter(Mandatory=$false)]

        [ValidateSet('v1.0','beta','canary')]

        [string] $Version

    )

    [hashtable] $paramMsalClientApplication = $PSBoundParameters

    if ($paramMsalClientApplication.ContainsKey('Scopes')) { [void] $paramMsalClientApplication.Remove('Scopes') }

    if ($paramMsalClientApplication.ContainsKey('Version')) { [void] $paramMsalClientApplication.Remove('Version') }

    $script:MsalClientApplication = New-MsalClientApplication @paramMsalClientApplication

    $script:MsalClientApplication | Get-MsalToken -Scopes $Scopes -ErrorAction Stop | Out-Null

    $script:Scopes = $Scopes

    $script:GraphServiceClient = New-MsGraphClient -Version $Version

    return $script:GraphServiceClient

}