Created
August 8, 2019 21:49
-
-
Save craig-martin/3433e59ec030b8921d807c23878c5304 to your computer and use it in GitHub Desktop.
Using a Refresh Token in PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
This snippet assumes a valid refresh token. To see how to get one of those, check out: | |
https://www.thelazyadministrator.com/2019/07/22/connect-and-navigate-the-microsoft-graph-api-with-powershell/#3_Authentication_and_Authorization_Different_Methods_to_Connect | |
#> | |
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # This is the standard client ID for Windows Azure PowerShell | |
$redirectUrl = [System.Uri]"urn:ietf:wg:oauth:2.0:oob" # This is the standard Redirect URI for Windows Azure PowerShell | |
$tenant = "fabrikam.onmicrosoft.com" # TODO - your tenant name goes here | |
$resource = "https://graph.microsoft.com/"; | |
$serviceRootURL = "https://graph.microsoft.com//$tenant" | |
$authUrl = "https://login.microsoftonline.com/$tenant"; | |
$postParams = @{ resource = "$resource"; client_id = "$clientId" } | |
$response = Invoke-RestMethod -Method POST -Uri "$authurl/oauth2/devicecode" -Body $postParams | |
Write-Host $response.message | |
#I got tired of manually copying the code, so I did string manipulation and stored the code in a variable and added to the clipboard automatically | |
$code = ($response.message -split "code " | Select-Object -Last 1) -split " to authenticate." | |
Set-Clipboard -Value $code | |
Start-Process "https://microsoft.com/devicelogin" # must complete before the rest of the snippet will work | |
# Get the initial token | |
$tokenParams = @{ | |
grant_type = "device_code" | |
resource = $resource | |
client_id = $clientId | |
code = $response.device_code | |
} | |
$tokenResponse = Invoke-RestMethod -Method POST -Uri "$authurl/oauth2/token" -Body $tokenParams | |
# Use the Refresh Token | |
$refreshToken = $tokenResponse.refresh_token | |
$refreshTokenParams = @{ | |
grant_type = "refresh_token" | |
client_id = "$clientId" | |
refresh_token = $refreshToken | |
} | |
$tokenResponse = Invoke-RestMethod -Method POST -Uri "$authurl/oauth2/token" -Body $refreshTokenParams |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment