gscales/gist:337bb23013e26842bb86d9aad8f82b4a

## gistfile1.txt
$ClientId = "12d09d34-c3a3-49fc-bdf7-e059801801ae"
$MailboxName = "gscales@datarumble.com"
$KeyVaultURL = "https://gspskeys.vault.azure.net/secrets/App1AuthCert/xxx99c5d054f43698f39c51f24440xxx?api-version=7.0"
Import-Module .\Microsoft.IdentityModel.Clients.ActiveDirectory.dll -Force
$TenantId = (Invoke-WebRequest -Uri ('https://login.windows.net/' + $MailboxName.Split('@')[1] + '/.well-known/openid-configuration') | ConvertFrom-Json).authorization_endpoint.Split('/')[3]

$SptokenResult = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Headers @{Metadata="true"}
$Sptoken = ConvertFrom-Json $SptokenResult.Content
$headers = @{
    'Content-Type'  = 'application\json'
    'Authorization' = 'Bearer ' + $Sptoken.access_token
}
$Response = (Invoke-WebRequest -Uri $KeyVaultURL  -Headers $headers)
$certResponse = ConvertFrom-Json $Response.Content
$base64Value = $certResponse.value
$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$Certificate.Import([System.Convert]::FromBase64String($base64Value))

$Context = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/" + $TenantId)
$clientCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($ClientId,$Certificate)
$token = ($Context.AcquireTokenAsync("https://graph.microsoft.com", $clientCredential).Result)
$Header = @{
       'Content-Type'  = 'application\json'
       'Authorization' = $token.CreateAuthorizationHeader()
}
$UserResult = (Invoke-RestMethod -Headers $Header -Uri ("https://graph.microsoft.com/v1.0/users?`$filter=mail eq '" + $MailboxName + "'&`$Select=displayName,businessPhones,mobilePhone,mail,jobTitle,companyName") -Method Get -ContentType "Application/json").value
return $UserResult
	$ClientId = "12d09d34-c3a3-49fc-bdf7-e059801801ae"
	$MailboxName = "gscales@datarumble.com"
	$KeyVaultURL = "https://gspskeys.vault.azure.net/secrets/App1AuthCert/xxx99c5d054f43698f39c51f24440xxx?api-version=7.0"
	Import-Module .\Microsoft.IdentityModel.Clients.ActiveDirectory.dll -Force
	$TenantId = (Invoke-WebRequest -Uri ('https://login.windows.net/' + $MailboxName.Split('@')[1] + '/.well-known/openid-configuration') \| ConvertFrom-Json).authorization_endpoint.Split('/')[3]

	$SptokenResult = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Headers @{Metadata="true"}
	$Sptoken = ConvertFrom-Json $SptokenResult.Content
	$headers = @{
	'Content-Type' = 'application\json'
	'Authorization' = 'Bearer ' + $Sptoken.access_token
	}
	$Response = (Invoke-WebRequest -Uri $KeyVaultURL -Headers $headers)
	$certResponse = ConvertFrom-Json $Response.Content
	$base64Value = $certResponse.value
	$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$Certificate.Import([System.Convert]::FromBase64String($base64Value))

	$Context = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/" + $TenantId)
	$clientCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($ClientId,$Certificate)
	$token = ($Context.AcquireTokenAsync("https://graph.microsoft.com", $clientCredential).Result)
	$Header = @{
	'Content-Type' = 'application\json'
	'Authorization' = $token.CreateAuthorizationHeader()
	}
	$UserResult = (Invoke-RestMethod -Headers $Header -Uri ("https://graph.microsoft.com/v1.0/users?`$filter=mail eq '" + $MailboxName + "'&`$Select=displayName,businessPhones,mobilePhone,mail,jobTitle,companyName") -Method Get -ContentType "Application/json").value
	return $UserResult