ehrnst/Get-PCAAppUserAuthenticationBearer.ps1

## Get-PCAAppUserAuthenticationBearer.ps1
function Get-PCAppUserAuthenticationBearer {
    <#
    .SYNOPSIS
       Function to retrieve App+User bearer token from Microsoft CSP API
    .DESCRIPTION
       This function connects to Azure AD to generate an oAuth token.
       Aquired token is then used against the partner center REST API to generate a App+User jwt token. https://api.partnercenter.microsoft.com/generatetoken

       You can read more about the authentication method here: https://msdn.microsoft.com/en-us/library/partnercenter/mt634709.aspx
    .PARAMETER ClientID
        The ClientID of the application used for authentication against Azure AD.
    .PARAMETER TenantId
        The TenantId of the Azure AD that you wish to authenticate against. Ie: test.onmicrosoft.com
    .PARAMETER Credential
        Pass a Powershell credential object or type in username and password
    .EXAMPLE
        Get-PCAppUserAuthenticationBearer -TenantID https://test.onmicrosoft.com -ClientID <Native App GUID> -username <admin@test.onmicrosft.com> -password <password>
        Returns a object containing the response from azure ad and a generated CSP bearer. Use the CSP bearer for further authenticating against the CSP API's and AAD token for reference

    .NOTES
        Version 1.0
        Martin Ehrnst
        September 2017
    #>

    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [string]$TenantID,
        [Parameter(Mandatory = $true)]
        [string]$ClientID,
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]$Credential = (get-credential)
    )
    #clear error variable
    $error.clear()

    $ErrorActionPreference = "Stop"
    $username = $Credential.UserName
    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR(($Credential.Password))
    $StringPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

    #try to access azure ad to generate a token
    try {
        $loginurl = "https://login.windows.net/$tenantId/oauth2/token"

        $params = @{resource = "https://api.partnercenter.microsoft.com"; grant_type = "password"; client_id = $ClientId; username = $username; password = $StringPassword; scope = "openid"}
        $res = Invoke-RestMethod -Uri $loginurl -Method POST -Body $params
        $oAuth = "Bearer " + $res.access_token
    }

    catch {
        write-error -message "$error"
    }

    try {

        $CSPAuthHeader = @{
            "Content-Type"  = "application/x-www-form-urlencoded"
            "Authorization" = $oAuth
        }
        $CspAuthBody = "grant_type=jwt_token"

        $CSPAppUserToken = (Invoke-restmethod -uri 'https://api.partnercenter.microsoft.com/generatetoken' -Method Post -Body $CspAuthBody -Headers $CSPAuthHeader).access_token

    }

    catch {
        write-error -message "$error"
    }

    $CspBearer = "Bearer " + $CSPAppUserToken

    $Tokens = @{

        "AzureAd" = $res
        "CSPBearer" = $CspBearer
    }

    $tokens
}
	function Get-PCAppUserAuthenticationBearer {
	<#
	.SYNOPSIS
	Function to retrieve App+User bearer token from Microsoft CSP API
	.DESCRIPTION
	This function connects to Azure AD to generate an oAuth token.
	Aquired token is then used against the partner center REST API to generate a App+User jwt token. https://api.partnercenter.microsoft.com/generatetoken

	You can read more about the authentication method here: https://msdn.microsoft.com/en-us/library/partnercenter/mt634709.aspx
	.PARAMETER ClientID
	The ClientID of the application used for authentication against Azure AD.
	.PARAMETER TenantId
	The TenantId of the Azure AD that you wish to authenticate against. Ie: test.onmicrosoft.com
	.PARAMETER Credential
	Pass a Powershell credential object or type in username and password
	.EXAMPLE
	Get-PCAppUserAuthenticationBearer -TenantID https://test.onmicrosoft.com -ClientID <Native App GUID> -username <admin@test.onmicrosft.com> -password <password>
	Returns a object containing the response from azure ad and a generated CSP bearer. Use the CSP bearer for further authenticating against the CSP API's and AAD token for reference

	.NOTES
	Version 1.0
	Martin Ehrnst
	September 2017
	#>

	[CmdletBinding()]
	param(
	[Parameter(Mandatory = $true)]
	[string]$TenantID,
	[Parameter(Mandatory = $true)]
	[string]$ClientID,
	[Parameter(Mandatory = $true)]
	[System.Management.Automation.PSCredential]$Credential = (get-credential)
	)
	#clear error variable
	$error.clear()

	$ErrorActionPreference = "Stop"
	$username = $Credential.UserName
	$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR(($Credential.Password))
	$StringPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

	#try to access azure ad to generate a token
	try {
	$loginurl = "https://login.windows.net/$tenantId/oauth2/token"

	$params = @{resource = "https://api.partnercenter.microsoft.com"; grant_type = "password"; client_id = $ClientId; username = $username; password = $StringPassword; scope = "openid"}
	$res = Invoke-RestMethod -Uri $loginurl -Method POST -Body $params
	$oAuth = "Bearer " + $res.access_token
	}

	catch {
	write-error -message "$error"
	}

	try {

	$CSPAuthHeader = @{
	"Content-Type" = "application/x-www-form-urlencoded"
	"Authorization" = $oAuth
	}
	$CspAuthBody = "grant_type=jwt_token"

	$CSPAppUserToken = (Invoke-restmethod -uri 'https://api.partnercenter.microsoft.com/generatetoken' -Method Post -Body $CspAuthBody -Headers $CSPAuthHeader).access_token

	}

	catch {
	write-error -message "$error"
	}

	$CspBearer = "Bearer " + $CSPAppUserToken

	$Tokens = @{

	"AzureAd" = $res
	"CSPBearer" = $CspBearer
	}

	$tokens
	}