Skip to content

Instantly share code, notes, and snippets.

@gscales
Created June 1, 2020 11:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gscales/fe2fb8cbcaa95218b903c43a44e7cb5c to your computer and use it in GitHub Desktop.
Save gscales/fe2fb8cbcaa95218b903c43a44e7cb5c to your computer and use it in GitHub Desktop.
Powershell Modern Hybrid Authentication using MSAL
$MailboxName = "user@domain.com";
$body = @{
"username" = $MailboxName
}
$RealmDiscover = Invoke-RestMethod -Uri ("https://login.microsoftonline.com/common/GetCredentialType") -ContentType "application/json; charset=UTF-8" -Method POST -Body ($body | ConvertTo-Json)
if ([Int]$RealmDiscover.EstsProperties.DomainType -eq 1 -bor [Int32]$RealmDiscover.EstsProperties.DomainType -eq 2) {
throw "Not Office365 or hybrid"
}
else {
$AutoDiscoverURI = "https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/" + $MailboxName + "?Protocol=EWS"
$JsonResult = Invoke-WebRequest -Uri $AutoDiscoverURI | ConvertFrom-Json
If ($JsonResult.Url) {
$hostName = ([URI]$JsonResult.Url).Host
$ClientId = "9d5d77a6-fe09-473e-8931-958f15f1a96b"
$scope = "https://$hostName/EWS.AccessAsUser.All";
$Scopes = New-Object System.Collections.Generic.List[string]
$Scopes.Add($Scope)
$pcaConfig = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($ClientId).WithAuthority([Microsoft.Identity.Client.AadAuthorityAudience]::AzureAdMultipleOrgs)
$TokenResult = $pcaConfig.Build().AcquireTokenInteractive($Scopes).WithLoginHint($MailboxName).ExecuteAsync().Result;
return $TokenResult
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment