Public/Connect-GraphApplication.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
function Connect-GraphApplication() {
    <#
        .SYNOPSIS
            Retrieve an Auth Token for the Application
        .DESCRIPTION
            Retrieve an Auth Token for the AzureAD endpoint, using the Active Directory Authentication Library (ADAL) client library,
            which is included in the AzureAD PowerShell Module.
 
            https://developer.microsoft.com/en-us/graph/docs/concepts/auth_overview
        .PARAMETER TenantId
            Id of the Tenant for which an Auth Token is requested.
        .PARAMETER ClientId
            Application Id of an Azure AD App registration
        .PARAMETER ClientSecret
            Authentication key of the Azure AD App registration
        .PARAMETER ResourceUri
            REST API endpoint Uri
    #>

    [cmdletbinding()]
    param(
        [Parameter(Mandatory = $true)]
        [string]$TenantId,

        [Parameter(Mandatory = $true)]
        [string]$ClientId,

        [Parameter(Mandatory = $true)]
        [string]$ClientSecret,

        [Parameter(Mandatory = $false)]
        [string]$ResourceUri = "https://graph.microsoft.com"
    )

    process {
        try {
            # Load DLLs
            $azureADModule = Get-Module -Name "AzureAD" -ListAvailable
            if ($null -eq $azureADModule) {
                $azureADModule = Get-Module -Name "AzureADPreview" -ListAvailable
            }
            if ($null -eq $azureADModule) {
                Write-Output "AzureAD Powershell module is not installed. The module can be installed by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt. Stopping."
                exit
            }
            if ($azureADModule.count -gt 1) {
                $latestVersion = ($azureADModule | Select-Object version | Sort-Object)[-1]
                $azureADModule  = $azureADModule | Where-Object { $_.version -eq $latestVersion.version }
                $adal           = Join-Path $azureADModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
                $adalForms      = Join-Path $azureADModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
            }
            else {
                $adal           = Join-Path $azureADModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
                $adalForms      = Join-Path $azureADModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
            }
            $null = [System.Reflection.Assembly]::LoadFrom($adal)
            $null = [System.Reflection.Assembly]::LoadFrom($adalForms)

            $credentials = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential" -ArgumentList $clientId, $clientSecret
            $authority = "https://login.microsoftonline.com/$tenantId"
            $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

            $authResult = $authContext.AcquireTokenAsync($resourceUri, $credentials).Result

            # If the accesstoken is valid then create the authentication header
            if($authResult.AccessToken) {
                # Creating header for Authorization token
                $authHeader = @{
                    'Content-Type' = 'application/json'
                    'Authorization'= "Bearer $($authResult.AccessToken)"
                    'ExpiresOn'    = $authResult.ExpiresOn
                }
        
                $Script:moduleScopeGraphAuthHeader = $authHeader       
                return $moduleScopeGraphAuthHeader
        
            }
            else {
                Write-Error "Authorization Access Token is null, please re-run authentication..." -ErrorAction Stop
            }
        }
        catch {
            $Script:moduleScopeGraphAuthHeader = $null
            $streamReader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream())
            $streamReader.BaseStream.Position = 0
            $streamReader.DiscardBufferedData()
            $responseBody = $streamReader.ReadToEnd()

            Write-Error "Request to $($_.Exception.Response.ResponseUri) failed with HTTP Status $($_.Exception.Response.StatusCode) $($_.Exception.Response.StatusDescription). `nResponse content: `n$responseBody"
        }
    }
}