Skip to content

Instantly share code, notes, and snippets.

@dafthack
Last active June 1, 2023 12:34
Show Gist options
  • Save dafthack/4a753e00ee946a0d967fcffa9fc1c526 to your computer and use it in GitHub Desktop.
Save dafthack/4a753e00ee946a0d967fcffa9fc1c526 to your computer and use it in GitHub Desktop.
A few PowerShell tools for working with Azure OAuth2 Authentication Codes and Access Tokens
## A few tools for working with Azure OAuth2 Authentication Codes and access_tokens
## By Beau Bullock @dafthack
Function Get-AzureAccessToken{
Param
(
[Parameter(Position = 0, Mandatory = $false)]
[string]
$Scope = "openid offline_access email user.read profile",
[Parameter(Position = 1, Mandatory = $true)]
[string]
$ClientID = "",
[Parameter(Position = 2, Mandatory = $true)]
[string]
$ClientSecret = "",
[Parameter(Position = 3, Mandatory = $true)]
[string]
$RedirectUri = "",
[Parameter(Position = 4, Mandatory = $true)]
[string]
$AuthCode = ""
)
$body = @{client_id=$ClientID
scope=$Scope
code=$AuthCode
redirect_uri=$RedirectUri
grant_type="authorization_code"
client_secret=$ClientSecret
}
$request = Invoke-WebRequest -Method POST -ContentType "application/x-www-form-urlencoded" -Uri "https://login.microsoftonline.com/common/oauth2/v2.0/token" -Body $body
$parsed = $request.Content | ConvertFrom-Json
Write-Output "---Here is your access token---"
$parsed.access_token
Write-Output "---Here is your refresh token---"
$parsed.refresh_token
}
Function Check-MSGraphAccess{
param(
[Parameter(Position = 0, Mandatory = $true)]
[string]
$access_token = ""
)
$request = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/me" -Headers @{"Authorization" = "Bearer $access_token"}
$out = $request.Content | ConvertFrom-Json
$out
}
Function Get-NewAccessTokenWithRefreshToken{
Param
(
[Parameter(Position = 0, Mandatory = $false)]
[string]
$Scope = "openid offline_access email user.read profile",
[Parameter(Position = 1, Mandatory = $true)]
[string]
$ClientID = "",
[Parameter(Position = 2, Mandatory = $true)]
[string]
$ClientSecret = "",
[Parameter(Position = 3, Mandatory = $true)]
[string]
$RedirectUri = "",
[Parameter(Position = 4, Mandatory = $true)]
[string]
$RefreshToken = ""
)
$body = @{client_id=$ClientID
scope=$Scope
refresh_token=$RefreshToken
redirect_uri=$RedirectUri
grant_type="refresh_token"
client_secret=$ClientSecret
}
$request = Invoke-WebRequest -Method POST -ContentType "application/x-www-form-urlencoded" -Uri "https://login.microsoftonline.com/common/oauth2/v2.0/token" -Body $body
$parsed = $request.Content | ConvertFrom-Json
Write-Output "---Here is your access token---"
$parsed.access_token
Write-Output "---Here is your refresh token---"
$parsed.refresh_token
}
Function Get-AzureADUsers{
param(
[Parameter(Position = 0, Mandatory = $true)]
[string]
$access_token = ""
)
$request = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users" -Headers @{"Authorization" = "Bearer $access_token"}
$out = $request.Content | ConvertFrom-Json
Write-Output "---Azure AD User Data---"
$out.value
Write-Output "---All Azure AD User Principal Names---"
$out.value.userPrincipalName
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment