I hereby claim:
- I am kasenga on github.
- I am kasenga (https://keybase.io/kasenga) on keybase.
- I have a public key whose fingerprint is FB9B D1DB 4437 5808 EC99 15F0 3E72 32BC 6C18 CD0D
To claim this, I am signing this object:
# Kasenga Kapansa - July 2021 | |
# This script connects to Azure AD to obtain a token and uses it to call MsGraph using the client credentials grant flow | |
# It also reads object ids from a json file | |
#Goal: to revoke all sign-ins and refresh tokens listed in a json file | |
# To run: | |
# 1. Create an Azure AD app registration and assign the Microsoft Graph Application permission: Directory.Read.All or Directory.ReadWrite.All and grant admin consent | |
# 2. Generate and take note of the client secret | |
# 3. Populate the values below: client id (app id), tenant id, client secret | |
# 4. Create a json file with a headings of "id", "userPrincipalName" and include the list of object ids you intend to revoke sign-ins for. |
# Kasenga Kapansa - July 2021 | |
# This script connects to Azure AD to obtain a token and uses it to call MsGraph using the client credentials grant flow | |
# It also writes the results to a json file. | |
# Goal: to obtain a list of all objectIds in a tenant and write them to a json file. This file should then be modified to include only those users who need to have their sign-in sessions and refresh tokens revoked. | |
# To run: | |
# 1. Create an Azure AD app registration and assign the Microsoft Graph Application permission: Directory.Read.All or Directory.ReadWrite.All and grant admin consent | |
# 2. Generate and take note of the client secret | |
# 3. Populate the values below: client id (app id), tenant id, client secret | |
# 4. Create a folder for your json file. |
/* | |
* May 2020 - Kasenga Kapansa, revised March 2021 | |
* https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-credential-flows | |
* https://github.com/Kasenga/ClientCredentialWithCertificate-ADFS/edit/master/Program.cs | |
*/ | |
using System.Security.Cryptography.X509Certificates; | |
using Microsoft.Identity.Client; | |
using System; | |
using System.Threading.Tasks; |
# Generate a self-signed certificate, save it to the current user's personal store | |
$displayName = "TestCreate" | |
Write-Host "Creating the client certificate for application $displayName" | |
$certificate=New-SelfSignedCertificate -Subject CN=$displayName ` | |
-CertStoreLocation "Cert:\CurrentUser\My" ` | |
-KeyExportPolicy Exportable ` | |
-KeySpec Signature |
I hereby claim:
To claim this, I am signing this object: