functions/Public/Authorization/Get-MgaToken.ps1
|
function Get-MgaToken { <# .LINK https://github.com/baswijdenes/Optimized.Mga/ .LINK https://baswijdenes.com/c/microsoft/mga/ .SYNOPSIS Get-MgaToken will retreive a RefreshToken for the Microsoft Graph API. .DESCRIPTION The AccessToken is automatically renewed when you use cmdlets. .PARAMETER Certificate Use Certificate to get an AccessToken with a Certificate. You can also use a Certificate thumbprint. .PARAMETER Secret Use a ClientSecret to get an AccessToken. .PARAMETER ClientId CliendId is the AzureAD Application registration ObjectId. .PARAMETER Identity Parameter is a switch, it can be used for when it's a Managed Identity authenticating to Microsoft Graph API. Examples are: Azure Automation, Azure Functions, & Azure Virtual Machines. .PARAMETER DeviceCode Parameter is a switch and it will let you log in with a DeviceCode. It will open a browser window and you will have to log in with your credentials. You have 15 minutes before it cancels the request. .PARAMETER TenantId TenantId is the TenantId or XXX.onmicrosoft.com address. .PARAMETER Force Use -Force when you want to overwrite the AccessToken with a new one. .EXAMPLE Get-MgaToken -ClientSecret '1yD3h~.KgROPO.K1sbRF~XXXXXXXXXXXXX' -CliendId 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX' -TenantId 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX' .EXAMPLE $Cert = get-ChildItem 'Cert:\LocalMachine\My\XXXXXXXXXXXXXXXXXXX' Get-MgaToken -Certificate $Cert -CliendId 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX' -TenantId 'XXXXXXXX.onmicrosoft.com' .EXAMPLE Get-MgaToken -Certificate '3A7328F1059E9802FAXXXXXXXXXXXXXX' -CliendId 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX' -TenantId 'XXXXXXXX.onmicrosoft.com' .EXAMPLE Get-MgaToken -Credential $Cred -TenantId 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX' -CliendId 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX' .EXAMPLE Get-MgaToken -Identity .EXAMPLE Get-MgaToken -DeviceCode #> [CmdletBinding(DefaultParameterSetName = 'DeviceCode')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'Certificate')] [ValidateScript( { ($_.length -eq 40) -or ([System.Security.Cryptography.X509Certificates.X509Certificate2]$_) })] [Alias('Thumbprint')] $Certificate, [Parameter(Mandatory = $true, ParameterSetName = 'ClientSecret')] [Alias('ClientSecret', 'AppSecret', 'AppPass')] [string] $Secret, [Parameter(Mandatory = $true, ParameterSetName = 'ManagedIdentity')] [Alias('ManagedIdentity', 'ManagedSPN')] [switch] $Identity, [Parameter(Mandatory = $false, ParameterSetName = 'DeviceCode')] [switch] $DeviceCode, [Parameter(Mandatory = $true, ParameterSetName = 'Certificate')] [Parameter(Mandatory = $true, ParameterSetName = 'ClientSecret')] [Parameter(Mandatory = $false, ParameterSetName = 'ManagedIdentity')] [Parameter(Mandatory = $false, ParameterSetName = 'DeviceCode')] [Alias('ApplicationID', 'AppID', 'App', 'Application')] [String] $ClientId, [Parameter(Mandatory = $true, ParameterSetName = 'Certificate')] [Parameter(Mandatory = $true, ParameterSetName = 'ClientSecret')] [Parameter(Mandatory = $false, ParameterSetName = 'ManagedIdentity')] [Alias('Tenant')] [String] $TenantId, [Parameter(Mandatory = $false)] [Switch] $Force ) begin { try { if ($Force) { Write-Verbose 'Running Remove-MgaToken to force a new AccessToken' $null = Remove-MgaToken } else { if ($Script:MgaSession.headerParameters) { $Confirmation = Read-Host 'You already have an AccessToken, are you sure you want to proceed? Type (Y)es to continue' if (($Confirmation -eq 'y') -or ($Confirmation -eq 'yes') -or ($Confirmation -eq 'true') -or ($Confirmation -eq '(Y)es')) { $null = Remove-MgaToken } else { throw 'Login aborted' } } } if ($Certificate.length -eq 40) { Write-Verbose 'Certificate is a string of 40 characters, updating value to search for certificate on client' $Thumbprint = $Certificate } Write-Verbose 'Creating MgaSession HashTable for Script scope' $MgaSession = @{ headerParameters = $null ApplicationID = $null Tenant = $null Secret = $null Certificate = $null AccessToken = $null ManagedIdentity = $null ManagedIdentityType = $null DeviceCode = $null LoginScope = $null OriginalHeader = $null } $Null = New-Variable -Name MgaSession -Value $MgaSession -Scope Script -Force } catch { throw $_ } } process { try { $ReceiveMgaOauthToken = @{ ApplicationId = $ClientId Tenant = $TenantId } if ($Thumbprint) { $ReceiveMgaOauthToken.Add('Thumbprint', $Thumbprint) Receive-MgaOauthToken @ReceiveMgaOauthToken } elseif ($Certificate) { $ReceiveMgaOauthToken.Add('Certificate', $Certificate) Receive-MgaOauthToken @ReceiveMgaOauthToken } elseif ($Secret) { $ReceiveMgaOauthToken.Add('ClientSecret', $Secret) Receive-MgaOauthToken @ReceiveMgaOauthToken } elseif ($Identity -eq $true) { Receive-MgaOauthToken -ManagedIdentity 'TryMe' } else { Start-Process 'https://microsoft.com/devicelogin' Receive-MgaOauthToken -DeviceCode } } catch { throw $_ } } end { return "AccessToken received, you can now use other cmdlets from module 'Mga'" } } |