Laura Kokkarinen LauraKokkarinen

## GetAccessToken_ClientSecretCredential.cs
using Azure.Identity;

public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string clientSecret)
{
    var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

    var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { });

    return accessToken.Token;
}

## id-token-example.json
{
  "typ": "JWT",
  "alg": "RS256",
  "kid": "7FmPcN9StwVbAcJnRfU8gQpZxEI"
}.
{
  "ver": "2.0",
  "iss": "https://login.microsoftonline.com/f12b8b50-1150-4f15-a5e2-3946e14f9a3a/v2.0",
  "sub": "P5qB3wFvR6tM8yN1oD4lZ7xG9aJ2sH5kC8vE3aR6tM",
  "aud": "00000003-0000-0000-c000-000000000000",

## base64-encoded-jwt-example.txt
eyJ0eXAiOiJKV1QiLCJub25jZSI6IlJtTjNwSzd2WmZMOFRxVTBYck0yWXpId045RGlHeFE0SnRCYVZ2UjZQeG0iLCJhbGciOiJSUzI1NiIsIng1dCI6IjdGbVBjTjlTdHdWYkFjSm5SZlU4Z1FwWnhFSSIsImtpZCI6IjdGbVBjTjlTdHdWYkFjSm5SZlU4Z1FwWnhFSSJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mMTJiOGI1MC0xMTUwLTRmMTUtYTVlMi0zOTQ2ZTE0ZjlhM2EvIiwiaWF0IjoxNjY5MzU2NDY1LCJuYmYiOjE2NjkzNTY0NjUsImV4cCI6MTY2OTM2MDc1NSwiYWNjdCI6MCwiYWNyIjoiMSIsImFpbyI6IlpHOXNiLzNrZ2FYTWdkR2hsSUd4dmJtY2djM1J5YVc1bklHbG1JSGx2ZC9TQmthV1FnZVc5MUlHMWxZVzV6SUhSdklHRnNiQ0IwYUciLCJhbXIiOlsicHdkIl0sImFwcF9kaXNwbGF5bmFtZSI6IkdyYXBoIEV4cGxvcmVyIiwiYXBwaWQiOiJkZThiYzhiNS1kOWY5LTQ4YjEtYThhZC1iNzQ4ZGE3MjUwNjQiLCJhcHBpZGFjciI6IjAiLCJmYW1pbHlfbmFtZSI6Iktva2thcmluZW4iLCJnaXZlbl9uYW1lIjoiTGF1cmEiLCJpZHR5cCI6InVzZXIiLCJpcGFkZHIiOiIxOTIuMTY4LjEuMTAwIiwibmFtZSI6IkxhdXJhIEtva2thcmluZW4iLCJvaWQiOiI4ZDQ4N2M5Yi0zZjY1LTRiYWUtODJiOC03YTlkNTZhMGYzYzgiLCJwbGF0ZiI6IjMiLCJwdWlkIjoiMTAwMzIwMDA5NDRBNDRGQiIsInJoIjoiMC5YQWJCWjZEZWZVSU9Fa3FWcGxJUEFrX1hud01

## decoded-jwt-example.json
{
  "typ": "JWT",
  "nonce": "RmN3pK7vZfL8TqU0XrM2YzHwN9DiGxQ4JtBaVvR6Pxm",
  "alg": "RS256",
  "x5t": "7FmPcN9StwVbAcJnRfU8gQpZxEI",
  "kid": "7FmPcN9StwVbAcJnRfU8gQpZxEI"
}.
{
  "aud": "00000003-0000-0000-c000-000000000000",
  "iss": "https://sts.windows.net/f12b8b50-1150-4f15-a5e2-3946e14f9a3a/",

## connect-pnponline-with-local-cert.ps1
# Configure these four variable values before running the script
$tenantName = "the prefix of your tenant before .sharepoint.com"
$clientId = "the GUID you copied from the Entra ID application registration"
$certPath = "C:\some_local_directory\cert_name.pfx"
$certPassword = "the password you used when generating the certificate"

$adminSiteUrl = "https://" + $tenantName + "-admin.sharepoint.com"
$password = (ConvertTo-SecureString -AsPlainText $certPassword -Force)
Connect-PnPOnline -Url $adminSiteUrl -ClientId $clientId -CertificatePath $certPath -CertificatePassword $password -Tenant "$($tenantName).onmicrosoft.com"

## microsoft-graph-paging.ts
private async page(url: string, objects: any[] = []): Promise<any> {
  const response = await this.graphClient.api(url).get();

  if (response.value === undefined) return response; // The result is a single object, no need for paging.

  objects = objects.concat(response.value);

  if (response["@odata.nextLink"] !== undefined) {
    return await this.page(response["@odata.nextLink"], objects);
  }

## connect-securitycompliance-with-certificate.ps1
$tenant = $env:Tenant
$clientId = $env:ClientId
$certificateBase64Encoded = $env:Certificate

try {
    $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]([System.Convert]::FromBase64String($certificateBase64Encoded))

    Connect-IPPSSession -Organization $tenant -AppID $clientId -Certificate $certificate

    # Execute the Security & Compliance PowerShell commands you want here

## requirements.psd1
# This file enables modules to be automatically managed by the Functions service.
# See https://aka.ms/functionsmanageddependency for additional information.
#
@{
    # For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'.
    # To use the Az module in your function app, please uncomment the line below.
    # 'Az' = '11.*'
    'ExchangeOnlineManagement' = '3.*'
    'PowerShellGet' = '2.*'
    'PackageManagement' = '1.*'

## spfx-pipeline-deploy.yml
- script: 'm365 spo app deploy --name $(packageFileName) --appCatalogUrl $(appCatalogSiteUrl) --appCatalogScope $(appCatalogScope)'
  displayName: 'Deploy the solution'

## spfx-pipeline-upload.yml
- script: 'm365 spo app add --filePath "$(Build.Repository.LocalPath)/$(Build.Repository.Name)/sharepoint/solution/$(packageFileName)" --appCatalogUrl $(appCatalogSiteUrl) --appCatalogScope $(appCatalogScope) --overwrite'
  displayName: 'Upload the package file to SharePoint app catalog'
	using Azure.Identity;

	public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string clientSecret)
	{
	var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

	var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { });

	return accessToken.Token;
	}
	{
	"typ": "JWT",
	"alg": "RS256",
	"kid": "7FmPcN9StwVbAcJnRfU8gQpZxEI"
	}.
	{
	"ver": "2.0",
	"iss": "https://login.microsoftonline.com/f12b8b50-1150-4f15-a5e2-3946e14f9a3a/v2.0",
	"sub": "P5qB3wFvR6tM8yN1oD4lZ7xG9aJ2sH5kC8vE3aR6tM",
	"aud": "00000003-0000-0000-c000-000000000000",
	{
	"typ": "JWT",
	"nonce": "RmN3pK7vZfL8TqU0XrM2YzHwN9DiGxQ4JtBaVvR6Pxm",
	"alg": "RS256",
	"x5t": "7FmPcN9StwVbAcJnRfU8gQpZxEI",
	"kid": "7FmPcN9StwVbAcJnRfU8gQpZxEI"
	}.
	{
	"aud": "00000003-0000-0000-c000-000000000000",
	"iss": "https://sts.windows.net/f12b8b50-1150-4f15-a5e2-3946e14f9a3a/",
	# Configure these four variable values before running the script
	$tenantName = "the prefix of your tenant before .sharepoint.com"
	$clientId = "the GUID you copied from the Entra ID application registration"
	$certPath = "C:\some_local_directory\cert_name.pfx"
	$certPassword = "the password you used when generating the certificate"

	$adminSiteUrl = "https://" + $tenantName + "-admin.sharepoint.com"
	$password = (ConvertTo-SecureString -AsPlainText $certPassword -Force)
	Connect-PnPOnline -Url $adminSiteUrl -ClientId $clientId -CertificatePath $certPath -CertificatePassword $password -Tenant "$($tenantName).onmicrosoft.com"
	private async page(url: string, objects: any[] = []): Promise<any> {
	const response = await this.graphClient.api(url).get();

	if (response.value === undefined) return response; // The result is a single object, no need for paging.

	objects = objects.concat(response.value);

	if (response["@odata.nextLink"] !== undefined) {
	return await this.page(response["@odata.nextLink"], objects);
	}
	$tenant = $env:Tenant
	$clientId = $env:ClientId
	$certificateBase64Encoded = $env:Certificate

	try {
	$certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]([System.Convert]::FromBase64String($certificateBase64Encoded))

	Connect-IPPSSession -Organization $tenant -AppID $clientId -Certificate $certificate

	# Execute the Security & Compliance PowerShell commands you want here
	# This file enables modules to be automatically managed by the Functions service.
	# See https://aka.ms/functionsmanageddependency for additional information.
	#
	@{
	# For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'.
	# To use the Az module in your function app, please uncomment the line below.
	# 'Az' = '11.*'
	'ExchangeOnlineManagement' = '3.*'
	'PowerShellGet' = '2.*'
	'PackageManagement' = '1.*'
	- script: 'm365 spo app deploy --name $(packageFileName) --appCatalogUrl $(appCatalogSiteUrl) --appCatalogScope $(appCatalogScope)'
	displayName: 'Deploy the solution'
	- script: 'm365 spo app add --filePath "$(Build.Repository.LocalPath)/$(Build.Repository.Name)/sharepoint/solution/$(packageFileName)" --appCatalogUrl $(appCatalogSiteUrl) --appCatalogScope $(appCatalogScope) --overwrite'
	displayName: 'Upload the package file to SharePoint app catalog'