Created
March 19, 2019 00:46
-
-
Save phillipharding/b36e66f98cf2b230725fccc924788400 to your computer and use it in GitHub Desktop.
Creates an Azure AD Application Registration with Client Secret using the Azure CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[string]$tenantId, | |
[string]$userName, | |
[string]$userPassword, | |
[string]$subscriptionId, | |
[switch]$production, | |
[switch]$quiet | |
) | |
## Connecting to site | |
Clear-Host | |
Write-Host "===========================================================`nCreate Azure AD Application Registration`n===========================================================" -ForegroundColor Green | |
if ($userPassword -eq "") { | |
$conn = $host.UI.Prompt("Connect to $tenantid","Connect using: $userName", "Password") | |
$userPassword = $conn["Password"] | |
} | |
Write-Host "`n...About to connect to tenant [$tenantId] using credential [$userName]" -ForegroundColor Green | |
if (-not $quiet) { | |
Write-Host "`nPress S to start, or any other key to exit..." -ForegroundColor Yellow | |
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | |
$canRun = $(($x.Character -eq "S") -or ($x.Character -eq "s")) | |
if (-not $canRun) { | |
return | |
} | |
} | |
<# | |
create application ClientSecret | |
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in | |
#> | |
$bytes = New-Object Byte[] 32 | |
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create() | |
$rand.GetBytes($bytes) | |
$rand.Dispose() | |
$newClientSecret = [System.Convert]::ToBase64String($bytes) | |
$expiryDate = ((Get-Date).AddYears(2)).ToString("yyyy-MM-dd") | |
Write-Host "`n...Connecting" -ForegroundColor Green | |
$subscriptions = (az login -u $userName -p $userPassword --tenant $tenantId --output json) | ConvertFrom-Json | |
$subscriptions | ForEach-Object { Write-Host "name: $($_.name) id: $($_.id)" } | |
# show current subscriptions available | |
# az account list | |
# show current subscription details | |
# az account show | |
# set the current subscription | |
Write-Host "`n...Setting Current Subscription" -ForegroundColor Green | |
az account set --subscription $subscriptionId | |
$subscription = (az account show --output json) | ConvertFrom-Json | |
Write-Host "- name: $($subscription.name)`n- id: $($subscription.id)" | |
if ($production) { | |
$appName = "Application Name [PROD]" | |
$app = (az ad app list --display-name "$appName" --output json) | ConvertFrom-Json | |
if ($app.Count -eq 0) { | |
Write-Host "`n- Creating Application '$appName'" -ForegroundColor Cyan | |
$app = (az ad app create --display-name "$appName" --identifier-uris "https://tenant.onmicrosoft.com/{appGuid}" --homepage "https://tenant.onmicrosoft.com/{appName}" --reply-urls "https://tenant.onmicrosoft.com/{appName}" --required-resource-accesses "./app-requiredResourceManifest.json" --end-date "$expiryDate" --password "$newClientSecret" --output json) | ConvertFrom-Json | |
Write-Host "-Application '$($app.displayName)' created" -ForegroundColor Cyan | |
Write-Host "-ClientId: $($app.appId)" -ForegroundColor Cyan | |
Write-Host "-ClientSecret: $newClientSecret (expires: $expiryDate)" -ForegroundColor Cyan | |
} else { | |
Write-Host "`n-Application '$($app.displayName)' ClientId:$($app.appId) already created" -ForegroundColor Green | |
} | |
} else { | |
$appName = "Application Name [DEV]" | |
$app = (az ad app list --display-name "$appName" --output json) | ConvertFrom-Json | |
if ($app.Count -eq 0) { | |
} else { | |
Write-Host "`n-Application '$($app.displayName)' ClientId:$($app.appId) already created" -ForegroundColor Green | |
} | |
} | |
Write-Host "`nDone" -ForegroundColor Cyan |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment