Apurer/oauth2.ps1

## oauth2.ps1
function Generate-CodeVerifier {
    $bytes = New-Object Byte[] 32
    [System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes)
    return [System.Convert]::ToBase64String($bytes) -replace '\+', '-' -replace '\/', '_' -replace '='
}

function Generate-CodeChallenge($verifier) {
    $bytes = [System.Text.Encoding]::ASCII.GetBytes($verifier)
    $hash = [System.Security.Cryptography.SHA256]::Create().ComputeHash($bytes)
    return [System.Convert]::ToBase64String($hash) -replace '\+', '-' -replace '\/', '_' -replace '='
}

$clientId = "<Your-Client-ID-Here>"
$tenantId = "<Your-Tenant-ID-Here>" # Use "common" for multi-tenant apps
$redirectUri = "<Your-Redirect-URI>" # Must be URL encoded
$scope = "<Your-Scope-Here>" # Example: "https%3A%2F%2Fgraph.microsoft.com%2F.default"
$responseType = "code"

# Generate PKCE code verifier and challenge
$codeVerifier = Generate-CodeVerifier
$codeChallenge = Generate-CodeChallenge -verifier $codeVerifier

# Construct the authorization URL
$authorizationUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize?client_id=$clientId&response_type=$responseType&redirect_uri=$redirectUri&response_mode=query&scope=$scope&state=12345&code_challenge_method=S256&code_challenge=$codeChallenge"

# Open the authorization URL in the default web browser
Start-Process "chrome.exe" $authorizationUrl # Use "chrome.exe", "firefox.exe", etc., or remove the "chrome.exe" to use the default browser

Write-Host "Authorization URL: $authorizationUrl"
Write-Host "Code Verifier: $codeVerifier"

## oauth2_part2.ps1
# Replace these variables with your actual values
$tenantId = "<Your-Tenant-ID>"
$clientID = "<Your-Client-ID>"
$clientSecret = "<Your-Client-Secret>" # Needed for web applications
$authorizationCode = "<Authorization-Code-You-Received>"
$redirectUri = "<Your-Redirect-URI>" # Must match the redirect URI used in the auth request

$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
    client_id     = $clientID
    scope         = "https://graph.microsoft.com/.default"
    code          = $authorizationCode
    redirect_uri  = $redirectUri
    grant_type    = "authorization_code"
    client_secret = $clientSecret # For confidential clients. Omit for public clients like mobile/desktop apps.
}

$response = Invoke-RestMethod -Uri $tokenUrl -Method Post -Body $body -ContentType "application/x-www-form-urlencoded"
$accessToken = $response.access_token

## test.ps1
$graphApiUrl = "https://graph.microsoft.com/v1.0/me"

# Prepare the header with the access token
$headers = @{
    Authorization = "Bearer $accessToken"
}

# Execute the API request
$userInfo = Invoke-RestMethod -Uri $graphApiUrl -Headers $headers -Method Get

# Display the result
$userInfo
	function Generate-CodeVerifier {
	$bytes = New-Object Byte[] 32
	[System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes)
	return [System.Convert]::ToBase64String($bytes) -replace '\+', '-' -replace '\/', '_' -replace '='
	}

	function Generate-CodeChallenge($verifier) {
	$bytes = [System.Text.Encoding]::ASCII.GetBytes($verifier)
	$hash = [System.Security.Cryptography.SHA256]::Create().ComputeHash($bytes)
	return [System.Convert]::ToBase64String($hash) -replace '\+', '-' -replace '\/', '_' -replace '='
	}

	$clientId = "<Your-Client-ID-Here>"
	$tenantId = "<Your-Tenant-ID-Here>" # Use "common" for multi-tenant apps
	$redirectUri = "<Your-Redirect-URI>" # Must be URL encoded
	$scope = "<Your-Scope-Here>" # Example: "https%3A%2F%2Fgraph.microsoft.com%2F.default"
	$responseType = "code"

	# Generate PKCE code verifier and challenge
	$codeVerifier = Generate-CodeVerifier
	$codeChallenge = Generate-CodeChallenge -verifier $codeVerifier

	# Construct the authorization URL
	$authorizationUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize?client_id=$clientId&response_type=$responseType&redirect_uri=$redirectUri&response_mode=query&scope=$scope&state=12345&code_challenge_method=S256&code_challenge=$codeChallenge"

	# Open the authorization URL in the default web browser
	Start-Process "chrome.exe" $authorizationUrl # Use "chrome.exe", "firefox.exe", etc., or remove the "chrome.exe" to use the default browser

	Write-Host "Authorization URL: $authorizationUrl"
	Write-Host "Code Verifier: $codeVerifier"
	# Replace these variables with your actual values
	$tenantId = "<Your-Tenant-ID>"
	$clientID = "<Your-Client-ID>"
	$clientSecret = "<Your-Client-Secret>" # Needed for web applications
	$authorizationCode = "<Authorization-Code-You-Received>"
	$redirectUri = "<Your-Redirect-URI>" # Must match the redirect URI used in the auth request

	$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
	$body = @{
	client_id = $clientID
	scope = "https://graph.microsoft.com/.default"
	code = $authorizationCode
	redirect_uri = $redirectUri
	grant_type = "authorization_code"
	client_secret = $clientSecret # For confidential clients. Omit for public clients like mobile/desktop apps.
	}

	$response = Invoke-RestMethod -Uri $tokenUrl -Method Post -Body $body -ContentType "application/x-www-form-urlencoded"
	$accessToken = $response.access_token
	$graphApiUrl = "https://graph.microsoft.com/v1.0/me"

	# Prepare the header with the access token
	$headers = @{
	Authorization = "Bearer $accessToken"
	}

	# Execute the API request
	$userInfo = Invoke-RestMethod -Uri $graphApiUrl -Headers $headers -Method Get

	# Display the result
	$userInfo