Invoke-AuthorizationCodeToken.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
Function Invoke-AuthorizationCodeToken { [CmdletBinding()] Param ( [Parameter(Mandatory=$true)] [String]$TenantId, [Parameter(Mandatory=$true)] [String]$ClientId, [Parameter(Mandatory=$true)] [String]$ClientSecret, [Parameter(Mandatory=$true)] [String]$RedirectUri, [Parameter(Mandatory=$true)] [String]$Scope ) Write-Host "Invoke-AuthorizationCodeToken" -ForegroundColor DarkBlue # Step 1 $Url = 'https://login.microsoftonline.com/{0}/oauth2/v2.0/authorize' -f $TenantId $QueryParameters = @{ client_id = $ClientID response_type = "code" redirect_uri = $RedirectUri response_mode = "query" scope = $Scope state = Get-Random #12345 prompt = "select_account" } Add-Type -AssemblyName System.Web $Query = [System.Web.HttpUtility]::ParseQueryString([String]::Empty) ForEach ($Key in $QueryParameters.Keys) { $Query.Add($Key, $QueryParameters.$key) } $UriRequest = [System.UriBuilder]$Url $UriRequest.Query = $Query.ToString() $Output = Invoke-WebBrowser -Url $UriRequest.Uri.AbsoluteUri # Step 2 $RequestBody = @{ grant_type = "authorization_code" redirect_uri = $RedirectUri client_id = $ClientID client_secret = $ClientSecret code = $Output["code"] scope = $Scope } $Request = @{ ContentType = 'application/x-www-form-urlencoded' Method = 'POST' Body = $RequestBody Uri = 'https://login.microsoftonline.com/{0}/oauth2/v2.0/token' -f $TenantId } #Send request $TokenResponse = Invoke-RestMethod @Request $Result = New-Object -Type PSObject @{ TokenRequest = @($QueryParameters,$Request) TokenResponse = $TokenResponse } Write-Host "End Invoke-AuthorizationCodeToken" -ForegroundColor DarkBlue Return $Result } |