astaykov/AzureFunction-ParseToken.ps1

## AzureFunction-ParseToken.ps1
using namespace System.Net

# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)

function Parse-JWTtoken {

    [cmdletbinding()]
    param([Parameter(Mandatory=$true)][string]$token)

    #Validate as per https://tools.ietf.org/html/rfc7519
    #Access and ID tokens are fine, Refresh tokens will not work
    if (!$token.Contains(".") -or !$token.StartsWith("eyJ")) { Write-Error "Invalid token" -ErrorAction Stop }

    #Header
    $tokenheader = $token.Split(".")[0].Replace('-', '+').Replace('_', '/')
    #Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0
    while ($tokenheader.Length % 4) { Write-Verbose "Invalid length for a Base-64 char array or string, adding ="; $tokenheader += "=" }
    Write-Verbose "Base64 encoded (padded) header:"
    Write-Verbose $tokenheader
    #Convert from Base64 encoded string to PSObject all at once
    Write-Verbose "Decoded header:"
    [System.Text.Encoding]::ASCII.GetString([system.convert]::FromBase64String($tokenheader)) | ConvertFrom-Json | fl | Out-Default

    #Payload
    $tokenPayload = $token.Split(".")[1].Replace('-', '+').Replace('_', '/')
    #Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0
    while ($tokenPayload.Length % 4) { Write-Verbose "Invalid length for a Base-64 char array or string, adding ="; $tokenPayload += "=" }
    Write-Verbose "Base64 encoded (padded) payoad:"
    Write-Verbose $tokenPayload
    #Convert to Byte array
    $tokenByteArray = [System.Convert]::FromBase64String($tokenPayload)
    #Convert to string array
    $tokenArray = [System.Text.Encoding]::ASCII.GetString($tokenByteArray)
    Write-Verbose "Decoded array in JSON format:"
    Write-Verbose $tokenArray
    #Convert from JSON to PSObject
    $tokobj = $tokenArray | ConvertFrom-Json
    Write-Verbose "Decoded Payload:"

    return $tokobj
}


# Write to the Azure Functions log stream.
Write-Host "PowerShell HTTP trigger function processed a request."

# Interact with query parameters or the body of the request.
$name = $Request.Query.Name
if (-not $name) {
    $name = $Request.Body.Name
}

$body = "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."

if ($name) {
    $body = "Hello, $name. This HTTP triggered function executed successfully."
}

$authHeader = $Request.Headers["Authorization"]
if ($authHeader.Length -gt 10) {
    $token = $authHeader.Substring(7)
    Write-Host "Token: $token"
    Parse-JWTtoken($token)
}


# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
    StatusCode = [HttpStatusCode]::OK
    Body = $body
})
	using namespace System.Net

	# Input bindings are passed in via param block.
	param($Request, $TriggerMetadata)

	function Parse-JWTtoken {

	[cmdletbinding()]
	param([Parameter(Mandatory=$true)][string]$token)

	#Validate as per https://tools.ietf.org/html/rfc7519
	#Access and ID tokens are fine, Refresh tokens will not work
	if (!$token.Contains(".") -or !$token.StartsWith("eyJ")) { Write-Error "Invalid token" -ErrorAction Stop }

	#Header
	$tokenheader = $token.Split(".")[0].Replace('-', '+').Replace('_', '/')
	#Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0
	while ($tokenheader.Length % 4) { Write-Verbose "Invalid length for a Base-64 char array or string, adding ="; $tokenheader += "=" }
	Write-Verbose "Base64 encoded (padded) header:"
	Write-Verbose $tokenheader
	#Convert from Base64 encoded string to PSObject all at once
	Write-Verbose "Decoded header:"
	[System.Text.Encoding]::ASCII.GetString([system.convert]::FromBase64String($tokenheader)) \| ConvertFrom-Json \| fl \| Out-Default

	#Payload
	$tokenPayload = $token.Split(".")[1].Replace('-', '+').Replace('_', '/')
	#Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0
	while ($tokenPayload.Length % 4) { Write-Verbose "Invalid length for a Base-64 char array or string, adding ="; $tokenPayload += "=" }
	Write-Verbose "Base64 encoded (padded) payoad:"
	Write-Verbose $tokenPayload
	#Convert to Byte array
	$tokenByteArray = [System.Convert]::FromBase64String($tokenPayload)
	#Convert to string array
	$tokenArray = [System.Text.Encoding]::ASCII.GetString($tokenByteArray)
	Write-Verbose "Decoded array in JSON format:"
	Write-Verbose $tokenArray
	#Convert from JSON to PSObject
	$tokobj = $tokenArray \| ConvertFrom-Json
	Write-Verbose "Decoded Payload:"

	return $tokobj
	}


	# Write to the Azure Functions log stream.
	Write-Host "PowerShell HTTP trigger function processed a request."

	# Interact with query parameters or the body of the request.
	$name = $Request.Query.Name
	if (-not $name) {
	$name = $Request.Body.Name
	}

	$body = "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."

	if ($name) {
	$body = "Hello, $name. This HTTP triggered function executed successfully."
	}

	$authHeader = $Request.Headers["Authorization"]
	if ($authHeader.Length -gt 10) {
	$token = $authHeader.Substring(7)
	Write-Host "Token: $token"
	Parse-JWTtoken($token)
	}


	# Associate values to output bindings by calling 'Push-OutputBinding'.
	Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
	StatusCode = [HttpStatusCode]::OK
	Body = $body
	})