Darren Robinson darrenjrobinson
darrenjrobinson
/ Query Microsoft Graph with Python and Decode AAD Access Token.py
Last active Jun 21, 2022
Decoding Azure AD Access Tokens with Python and PyJWT 2.4.x Associated blogpost https://blog.darrenjrobinson.com/decoding-azure-ad-access-tokens-with-python/
View Query Microsoft Graph with Python and Decode AAD Access Token.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| global accessToken | |
| global requestHeaders | |
| global tokenExpiry |
darrenjrobinson
/ WordPress API Authentication.ps1
Last active Jan 17, 2022
Using Wordpress API's with PowerShell. Associated blogpost https://blog.darrenjrobinson.com/using-wordpress-apis-with-powershell/
View WordPress API Authentication.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # V2 APIs | |
| # Basic AuthN | |
| $userID = 'yourWordpressAccountAlias' | |
| $userPassword = 'ABCD wTUZ pIST 9jEo 99LV 1234' | |
| $Bytes = [System.Text.Encoding]::utf8.GetBytes("$($userID):$($userPassword)") | |
| $encodedAuth = [Convert]::ToBase64String($Bytes) | |
| $header = @{Authorization = "Basic $($encodedAuth)" } | |
| Invoke-RestMethod -method get -uri "https://yourwordpressURL/wp-json/wp/v2/posts" -headers $header |
darrenjrobinson
/ MSGraph AuthCode with PKCE.ps1
Last active Dec 21, 2021
Connecting to Microsoft Graph using the Authorization Code with PKCE Flow and PowerShell. Associated blogpost https://blog.darrenjrobinson.com/connecting-to-microsoft-graph-using-the-authorization-code-with-pkce-flow-and-powershell/
View MSGraph AuthCode with PKCE.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import-module PKCE | |
| import-module JWTDetails | |
| $clientID = '<your AAD clientID>' | |
| $tenantID = '<your AAD tenantID' | |
| $clientSecret = '<your AAD App Client Secret>' | |
| $replyURL = 'https://localhost/' | |
| $scopes = 'user.read.all' | |
| Function Get-AuthCode { |
darrenjrobinson
/ Get Microsoft Graph Permission Scope IDs.ps1
Last active Nov 18, 2021
Get Microsoft Graph Permission Scope IDs using a PowerShell Azure Cloud Shell CLI. Associated blogpost https://blog.darrenjrobinson.com/microsoft-graph-permission-scope-ids/
View Get Microsoft Graph Permission Scope IDs.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get Service Principals | |
| $spList = az ad sp list --all | |
| $spListObj = $spList | ConvertFrom-Json | |
| # Get Graph Permissions | |
| $graphSP = $spListObj | Where-Object {$_.appID -eq '00000003-0000-0000-c000-000000000000'} | Select-Object | |
| # List of Application Scopes | |
| $adminScopes = $graphSP.oauth2Permissions | Where-Object {$_.type -eq 'Admin'} | Sort-Object value | Select-Object id, isEnabled, type, adminConsentDescription, adminConsentDisplayName, value |
darrenjrobinson
/ Get AAD FIDO2 Token Details.ps1
Last active Oct 6, 2021
Get FIDO2 Tokens Azure Active Directory Passwordless configuration details using PowerShell. Associated blogpost https://blog.darrenjrobinson.com/what-does-your-azure-ad-fido2-passwordless-credential-look-like/
View Get AAD FIDO2 Token Details.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Install-Module MSAL.PS | |
| Import-Module MSAL.PS | |
| $resource = "https://graph.windows.net" # AzureAD Graph | |
| $apiVersion = "api-version=1.6-internal" # Internal API | |
| $scope = "user_impersonation" # Delegated User Impersonation | |
| $clientID = "1b730954-1685-4b74-9bfd-dac224a7b894" # PowerShell | |
| $tenantID = "yourcompanyAADName.com" # AAD | |
| $myUPN = "useruserUPN@yourcompanyAADName.com" # User UPN |
darrenjrobinson
/ Interactive MSAL AAD Delegated AuthN.py
Last active Jul 27, 2021
Interactive Authentication to Microsoft Graph using MSAL with Python and Delegated Permissions. See associated blogpost https://blog.darrenjrobinson.com/interactive-authentication-to-microsoft-graph-using-msal-with-python-and-delegated-permissions/
View Interactive MSAL AAD Delegated AuthN.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import msal | |
| import jwt | |
| import json | |
| import sys | |
| import requests | |
| from datetime import datetime | |
| from msal_extensions import * | |
| # Microsoft Azure PowerShell Client ID | |
| clientID = '1950a258-227b-4e31-a9cf-717495945fc2' |
darrenjrobinson
/ AAD User B2B Guest Federation Report.ps1
Last active Jul 13, 2021
Query Azure Service Management with an Azure AD Member Account to report on tenants the AAD User is federated to as a B2B Guest User. Associated blogpost https://blog.darrenjrobinson.com/azure-ad-user-account-federation-report
View AAD User B2B Guest Federation Report.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module MSAL.PS | |
| Import-Module AzureADTenantID | |
| # Use the Azure PowerShell Well-Known Client ID | |
| $clientID = "1950a258-227b-4e31-a9cf-717495945fc2" | |
| # Get UserUPN | |
| $userUPN = Read-Host -Prompt "Please enter Azure AD User UPN" | |
| $tenantName = $userUPN.Split("@")[1] | |
| $tenantID = Get-AzureADTenantId -domain $tenantName |
darrenjrobinson
/ run.ps1
Last active Jun 1, 2021
Azure AD PowerShell Function to query Azure AD for a User to get their full object and their group memberships then send a summary email via SendGrid. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell AzureAD Query HTTP trigger function received a request." | |
| Write-Host $Request.Body | |
| # Write-Host $Request.Query |
darrenjrobinson
/ run.ps1
Last active Jun 1, 2021
Azure PowerShell Function to renew a Azure AD Change Notification Subscription. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Input bindings are passed in via param block. | |
| param($Timer) | |
| # Get the current universal time in the default string format | |
| $currentUTCtime = (Get-Date).ToUniversalTime() | |
| # The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled. | |
| if ($Timer.IsPastDue) { | |
| Write-Host "PowerShell timer is running late!" | |
| } |
darrenjrobinson
/ run.ps1
Last active Jun 1, 2021
Azure PowerShell Function to receive and validate Azure AD Change Notification Subscriptions. Associated Blogpost https://blog.darrenjrobinson.com/subscribing-to-azure-ad-change-notifications-with-powershell/
View run.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Write to the Azure Functions log stream. | |
| Write-Host "PowerShell HTTP trigger function received a new Azure AD Change Notification." | |
| # Convert Notification Details to a PSObject | |
| $objNotification = ($Request.RawBody | convertfrom-json).value |
NewerOlder