Created
September 11, 2017 11:49
-
-
Save ehrnst/a8db76bce82cc48f29165a01af95b077 to your computer and use it in GitHub Desktop.
Generate azure AD application oAuth token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $result = Get-AADAppoAuthToken -ClientID <AzureAD APPLICATION ID> -ClientSecret <ClientSecret> -TenantId "test.no" | |
| $AuthKey = "Bearer " + ($result.access_token) | |
| $authHeader = @{ | |
| 'Content-Type' = 'application/json' | |
| 'Accept' = 'application/json' | |
| 'Authorization' = $AuthKey | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Function to connect to the Microsoft login OAuth endpoint and return an OAuth token. | |
| .DESCRIPTION | |
| Generate Azure AD oauth token. | |
| You can specify the resource you want in the paramenter. Default is management.core.windows.net | |
| Parts of this function is created from these examples: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-rest-api-walkthrough | |
| .PARAMETER ClientID | |
| Azure AD application ID | |
| .PARAMETER ClientSecret | |
| Your application secret. | |
| .PARAMETER TenantId | |
| Your tenant domain name. test.onmicrosoft.com | |
| .PARAMETER ResourceName | |
| Specify if you are accessing other resources than https://management.core.windows.net | |
| For example microsoft partner center would have https://api.partnercenter.microsoft.com | |
| .EXAMPLE | |
| Get-AADAppoAuthToken -ClientID 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' -ClientSecret <application secret> -TenantId "test.no" will return | |
| token_type : Bearer | |
| expires_in : 3600 | |
| ext_expires_in : 0 | |
| expires_on : 1505133623 | |
| not_before : 1505129723 | |
| resource : https://management.core.windows.net/ | |
| access_token : eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhIQnlLVS0wRHFBcU1aaDZaRlBkMlZXYU90ZyIsImtpZCI6IkhIQnlLVS0wRHFBcU1aaDZaRlB | |
| kMlZXYU90ZyJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY29yZS53aW5kb3dzLm5ldC8iLCJpc3MiOiJodHRwczovL3N0cy | |
| .NOTES | |
| v1.0 | |
| Martin Ehrnst 2017 | |
| #> | |
| [Cmdletbinding()] | |
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string]$ClientID, | |
| [Parameter(Mandatory = $true)] | |
| [string]$ClientSecret, | |
| [Parameter(Mandatory = $true)] | |
| [string]$TenantId, | |
| [Parameter(Mandatory = $false)] | |
| [string]$ResourceName = "https://management.core.windows.net/" | |
| ) | |
| $LoginURL = 'https://login.windows.net' | |
| #Get application access token | |
| $Body = @{ | |
| grant_type = "client_credentials"; | |
| resource = $ResourceName; | |
| client_id = $ClientID; | |
| client_secret = $ClientSecret | |
| } | |
| Return Invoke-RestMethod -Method Post -Uri $LoginURL/$TenantId/oauth2/token -Body $Body | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment