functions/Private/Authorization/Get-MgaIdentityAccessToken.ps1
function Get-MgaIdentityAccessToken { param ( $ManagedIdentity ) function Test-MgaIdentityAccessToken { if ($null -eq $Script:MgaSession.ManagedIdentity.access_token) { throw 'No AccessToken retrieved... Exiting script...' } else { $Script:MgaSession.HeaderParameters = @{ Authorization = "$($Script:MgaSession.ManagedIdentity.token_type) $($Script:MgaSession.ManagedIdentity.access_token)" 'Content-Type' = 'application/json' } $Script:MgaSession.ManagedIdentityType = $ManagedIdentity } } try { $Resource = 'https://graph.microsoft.com/' if ($ManagedIdentity -eq 'AA') { $tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resource&api-version=2019-08-01" $Script:MgaSession.ManagedIdentity = Invoke-RestMethod -Method Get -Headers @{'X-IDENTITY-HEADER' = "$($env:IDENTITY_HEADER)" } -Uri $tokenAuthURI -UseBasicParsing Test-MgaIdentityAccessToken } elseif ($ManagedIdentity -eq 'VM') { $Script:MgaSession.ManagedIdentity = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$Resource" -Headers @{Metadata = 'true' } -UseBasicParsing Test-MgaIdentityAccessToken } elseif ($ManagedIdentity -eq 'TryMe') { try { Receive-MgaOauthToken -ManagedIdentity 'VM' } catch { try { Receive-MgaOauthToken -ManagedIdentity 'AA' } catch { throw 'Cannot find the Managed Identity type... Login is aborted...' } } } } catch { throw $_ } } |