Skip to content

Instantly share code, notes, and snippets.

Avatar

Darren Robinson darrenjrobinson

View GitHub Profile
View Query Microsoft Graph with Python and Decode AAD Access Token.py
import msal
import jwt
import json
import sys
import requests
from datetime import datetime
global accessToken
global requestHeaders
global tokenExpiry
View WordPress API Authentication.ps1
# V2 APIs
# Basic AuthN
$userID = 'yourWordpressAccountAlias'
$userPassword = 'ABCD wTUZ pIST 9jEo 99LV 1234'
$Bytes = [System.Text.Encoding]::utf8.GetBytes("$($userID):$($userPassword)")
$encodedAuth = [Convert]::ToBase64String($Bytes)
$header = @{Authorization = "Basic $($encodedAuth)" }
Invoke-RestMethod -method get -uri "https://yourwordpressURL/wp-json/wp/v2/posts" -headers $header
@darrenjrobinson
darrenjrobinson / MSGraph AuthCode with PKCE.ps1
Last active Dec 21, 2021
Connecting to Microsoft Graph using the Authorization Code with PKCE Flow and PowerShell. Associated blogpost https://blog.darrenjrobinson.com/connecting-to-microsoft-graph-using-the-authorization-code-with-pkce-flow-and-powershell/
View MSGraph AuthCode with PKCE.ps1
import-module PKCE
import-module JWTDetails
$clientID = '<your AAD clientID>'
$tenantID = '<your AAD tenantID'
$clientSecret = '<your AAD App Client Secret>'
$replyURL = 'https://localhost/'
$scopes = 'user.read.all'
Function Get-AuthCode {
@darrenjrobinson
darrenjrobinson / Get Microsoft Graph Permission Scope IDs.ps1
Last active Nov 18, 2021
Get Microsoft Graph Permission Scope IDs using a PowerShell Azure Cloud Shell CLI. Associated blogpost https://blog.darrenjrobinson.com/microsoft-graph-permission-scope-ids/
View Get Microsoft Graph Permission Scope IDs.ps1
# Get Service Principals
$spList = az ad sp list --all
$spListObj = $spList | ConvertFrom-Json
# Get Graph Permissions
$graphSP = $spListObj | Where-Object {$_.appID -eq '00000003-0000-0000-c000-000000000000'} | Select-Object
# List of Application Scopes
$adminScopes = $graphSP.oauth2Permissions | Where-Object {$_.type -eq 'Admin'} | Sort-Object value | Select-Object id, isEnabled, type, adminConsentDescription, adminConsentDisplayName, value
@darrenjrobinson
darrenjrobinson / Get AAD FIDO2 Token Details.ps1
Last active Oct 6, 2021
Get FIDO2 Tokens Azure Active Directory Passwordless configuration details using PowerShell. Associated blogpost https://blog.darrenjrobinson.com/what-does-your-azure-ad-fido2-passwordless-credential-look-like/
View Get AAD FIDO2 Token Details.ps1
#Install-Module MSAL.PS
Import-Module MSAL.PS
$resource = "https://graph.windows.net" # AzureAD Graph
$apiVersion = "api-version=1.6-internal" # Internal API
$scope = "user_impersonation" # Delegated User Impersonation
$clientID = "1b730954-1685-4b74-9bfd-dac224a7b894" # PowerShell
$tenantID = "yourcompanyAADName.com" # AAD
$myUPN = "useruserUPN@yourcompanyAADName.com" # User UPN
@darrenjrobinson
darrenjrobinson / Interactive MSAL AAD Delegated AuthN.py
Last active Jul 27, 2021
Interactive Authentication to Microsoft Graph using MSAL with Python and Delegated Permissions. See associated blogpost https://blog.darrenjrobinson.com/interactive-authentication-to-microsoft-graph-using-msal-with-python-and-delegated-permissions/
View Interactive MSAL AAD Delegated AuthN.py
import msal
import jwt
import json
import sys
import requests
from datetime import datetime
from msal_extensions import *
# Microsoft Azure PowerShell Client ID
clientID = '1950a258-227b-4e31-a9cf-717495945fc2'
@darrenjrobinson
darrenjrobinson / AAD User B2B Guest Federation Report.ps1
Last active Jul 13, 2021
Query Azure Service Management with an Azure AD Member Account to report on tenants the AAD User is federated to as a B2B Guest User. Associated blogpost https://blog.darrenjrobinson.com/azure-ad-user-account-federation-report
View AAD User B2B Guest Federation Report.ps1
Import-Module MSAL.PS
Import-Module AzureADTenantID
# Use the Azure PowerShell Well-Known Client ID
$clientID = "1950a258-227b-4e31-a9cf-717495945fc2"
# Get UserUPN
$userUPN = Read-Host -Prompt "Please enter Azure AD User UPN"
$tenantName = $userUPN.Split("@")[1]
$tenantID = Get-AzureADTenantId -domain $tenantName
@darrenjrobinson
darrenjrobinson / run.ps1
Last active Jun 1, 2021
Azure AD PowerShell Function to query Azure AD for a User to get their full object and their group memberships then send a summary email via SendGrid. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
# Write to the Azure Functions log stream.
Write-Host "PowerShell AzureAD Query HTTP trigger function received a request."
Write-Host $Request.Body
# Write-Host $Request.Query
@darrenjrobinson
darrenjrobinson / run.ps1
Last active Jun 1, 2021
Azure PowerShell Function to renew a Azure AD Change Notification Subscription. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
# Input bindings are passed in via param block.
param($Timer)
# Get the current universal time in the default string format
$currentUTCtime = (Get-Date).ToUniversalTime()
# The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled.
if ($Timer.IsPastDue) {
Write-Host "PowerShell timer is running late!"
}
@darrenjrobinson
darrenjrobinson / run.ps1
Last active Jun 1, 2021
Azure PowerShell Function to receive and validate Azure AD Change Notification Subscriptions. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
# Write to the Azure Functions log stream.
Write-Host "PowerShell HTTP trigger function received a new Azure AD Change Notification."
# Convert Notification Details to a PSObject
$objNotification = ($Request.RawBody | convertfrom-json).value