New-AzureRMRESTApiAuthenticationToken.psm1
|
Function New-AzureRMRESTApiAuthenticationToken { <# .Synopsis Enables you to get Azure authentication token .DESCRIPTION Inorder to do CRUD oprations on Azure using REST API you firstly you should obtain the autheitication token post which you can generate header from it and so on.. This command helps you to get the authentication token .EXAMPLE $token = New-AzureRMRESTApiAuthenticationToken -TenantId 'xxxxxxxx-238f-xxxx-xxxx-xxxxxxxxxxxx' -ApplicationId '64b2470d-a3d8-45ff-9123-4faf3ced0238' -ApplicationKey '1234567890dajQVUL7lJ2jcp5AbUFdtuhlMAiPeAJ2E=' -SubscriptionId 'xxxxxxxx-238f-xxxx-xxxx-xxxxxxxxxxxx' -Resource (https://graph.microsoft.com/ (or) https://management.core.windows.net/) PS C:\$token token_type : Bearer expires_in : 3599 ext_expires_in : 0 expires_on : 1540454626 not_before : 1540450726 resource : https://graph.microsoft.com access_token : eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N 5SEpsWSJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY29yZS53aW5kb3dzLm5ldC8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84ZDg5NGMyY i0yMzhmLTQ5MGItddOGRkMS1kO4OThjNWJmODMvIiwiaWF0IjoxNTQwNDUwNzI2LCJuYmYiOjE1NDA0NTA3MjYsImV4cCI6MTU0MDQ1NDYyNiwiYWlvIjoiNDJS Z1lBait0bTVwWVNaNzllsshtdDZ1UG85ckFBPT0iLCJhcHBpZCI6IjY0YjI0NzBkLWEzZDgtNDVmZi05MTIzLTRmYWYzY2VkMDIzOCIsImFwcGlkYWNyIjoiMSI sImlkcCI6Imh0dHBzOidd8sczLndpbmRvd3MubmV0LzhkODk0YzJiLTIzOGYtNDkwYi04ZGQxLWQ5Mzg5OGM1YmY4My8iLCJvaWQiOiJhOWFlZWRhNC1hMWU5LT QwOTktOWVhNy1mNzc1sshjZTY4ZWYiLCJzdWIiOiJhOWFlZWRhNC1hMWU5LTQwOTktOWVhNy1mNzc1ODhjZTY4ZWYiLCJ0aWQiOiI4ZDg5NGMyYi0yMzhmLTQ5M GItOGRkMS1kOTM4OThjNWJmODMiLCJ1dGkiOiJBTzhGczFSRk9VYVNPRkY5S1FRaEFRIiwidmVyIjoiMS4wIn0.Pse_WldgQ5K35WzFRRM2gac_AGpZUFGOUhmM Lr_yi4C0Uk7RzLF9ZdxUb8O-ppMjN4-m9gRXCwmF9KrUbNiMNsPGoQiabS0hYjrVj_W5VSBIP5VoTSYBB1i6y14vULdSeOVWB4FtvDh99ml0kaLFOh3WZblLbrz c5wyqx4HXWjkXw6Gb_MFAh69WJqC2sif6k7Yh43DdHhzSX9f-C8ybGcAK8Ez9-aMFpR0jDkBKZKHGc_s-qFh6Wcq72-Hb1J4eOgSFv_89IPy2okxqhZsBviP4d1 L35nMAKmmhG1qrEmcLwalRYqECmHrrTbfkwGJyi2zX2__de11Gww5NeJcecA .INPUTS 1. TenantId 2. ApplicationId 3. ApplicationKey 4. SubscriptionId .OUTPUTS PSCustomObject .NOTES Probably this notes helps you get the data points to form the command. ---------------------------------------------------------------------------------------------------------------------------------------------------- | Parameter | How to get it ---------------------------------------------------------------------------------------------------------------------------------------------------- | Tenant Id | Azure Path = search for 'Azure Active Directory'->'Properties'->'Directory ID' | | | Application Id | Auzre Path = search for 'Azure Active Directory'->'App registrations'->search for the appliaction you created/ have access | | and should be type of 'Web app / API'->copy 'Application ID' | | | Application Key | Azure Path = I cannot help :) you should have copied the key when you create the new application registration | | | Subscription Id | Azure Path = search for 'Subscriptions'->Copy the 'Subscription ID' of the subscription on which you want to operate ---------------------------------------------------------------------------------------------------------------------------------------------------- Okey, lets say you got toke id so whats next...hmm, here you go with one example 1. Create header ---------------- $Headers.Add("Authorization","$($Token.token_type) "+ " " + "$($Token.access_token)") 2. For example, lets fetch list of resource groups -------------------------------------------------- $ResourceGroups = Invoke-RestMethod -Method Get -Uri $ResourceGroupApiUri -Headers $Headers Enjoy :) .COMPONENT Azure Authentication Token .ROLE Authentication .LINK https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application #> [CMDLetBinding()] Param( [Parameter(Mandatory)][ValidateNotNull()][ValidateNotNullOrEmpty()] [String]$TenantId, [Parameter(Mandatory)][ValidateNotNull()][ValidateNotNullOrEmpty()] [String]$ApplicationId, [Parameter(Mandatory)][ValidateNotNull()][ValidateNotNullOrEmpty()] [String]$ApplicationKey, [Parameter(Mandatory)][ValidateNotNull()][ValidateNotNullOrEmpty()] [String]$SubscriptionId, [Parameter(Mandatory)][ValidateNotNull()][ValidateNotNullOrEmpty()] [ValidateSet("https://graph.microsoft.com","https://management.core.windows.net/")]$Resource ) $startTime = (Get-Date) #$Resource = "https://graph.microsoft.com" $RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $body = "grant_type=client_credentials&client_id=$ApplicationId&client_secret=$ApplicationKey&resource=$Resource" $contentType = 'application/x-www-form-urlencoded' try { Write-Verbose ("Requesting for the token") Write-Debug $PSBoundParameters Write-Debug "Access token Uri = $RequestAccessTokenUri" Write-Debug "Body = $body" Write-Debug "content type = $contentType" #---- **** ---- $Token = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType $contentType #---- **** ---- Write-Verbose ("Successfully received the authentication token") Write-Output $Token Write-Verbose ("Total command run time is {0}"-f (((Get-Date)-$startTime).ToString())) } catch{ throw } } |