svarukala/Connect-MSGraphAuthCodeODBvsSPOPerms.ps1

## Connect-MSGraphAuthCodeODBvsSPOPerms.ps1
clear
# The resource URI
$resource = "https://graph.microsoft.com"
# Your Client ID and Client Secret obainted when registering your Azure AD (AAD) APP
$clientid = "AAD APP ID";
$clientSecret = "AAD APP CLIENT SECRET";
$redirectUri = "https://localhost"

# UrlEncode the ClientID and ClientSecret and URL's for special characters
Add-Type -AssemblyName System.Web
$clientIDEncoded = [System.Web.HttpUtility]::UrlEncode($clientid)
$clientSecretEncoded = [System.Web.HttpUtility]::UrlEncode($clientSecret)
$redirectUriEncoded =  [System.Web.HttpUtility]::UrlEncode($redirectUri)
$resourceEncoded = [System.Web.HttpUtility]::UrlEncode($resource)
$scopeEncoded = [System.Web.HttpUtility]::UrlEncode("https://outlook.office.com/user.readwrite.all")

# Function to popup Auth Dialog Windows Form
Function Get-AuthCode {
    Add-Type -AssemblyName System.Windows.Forms

    $form = New-Object -TypeName System.Windows.Forms.Form -Property @{Width=440;Height=640}
    $web  = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{Width=420;Height=600;Url=($url -f ($Scope -join "%20")) }

    $DocComp  = {
        $Global:uri = $web.Url.AbsoluteUri
        if ($Global:uri -match "error=[^&]*|code=[^&]*") {$form.Close() }
    }
    $web.ScriptErrorsSuppressed = $true
    $web.Add_DocumentCompleted($DocComp)
    $form.Controls.Add($web)
    $form.Add_Shown({$form.Activate()})
    $form.ShowDialog() | Out-Null

    $queryOutput = [System.Web.HttpUtility]::ParseQueryString($web.Url.Query)
    $output = @{}
    foreach($key in $queryOutput.Keys){
        $output["$key"] = $queryOutput[$key]
    }

    $output
}

# Get AuthCode
#$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&redirect_uri=$redirectUriEncoded&client_id=$clientID&resource=$resourceEncoded&prompt=admin_consent&scope=$scopeEncoded"
$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&redirect_uri=$redirectUriEncoded&client_id=$clientID&resource=$resourceEncoded&prompt=admin_consent"
Get-AuthCode
# Extract Access token from the returned URI
$regex = '(?<=code=)(.*)(?=&)'
$authCode  = ($uri | Select-string -pattern $regex).Matches[0].Value

#Write-output "Received an authCode, $authCode"


#get Access Token
$body = "grant_type=authorization_code&redirect_uri=$redirectUri&client_id=$clientId&client_secret=$clientSecretEncoded&code=$authCode&resource=$resource"
$tokenResponse = Invoke-RestMethod https://login.microsoftonline.com/common/oauth2/token `
    -Method Post -ContentType "application/x-www-form-urlencoded" `
    -Body $body `
    -ErrorAction STOP

$Tokenresponse.access_token | clip

#Get files from SPO library
$apiUrl = 'https://graph.microsoft.com/v1.0/sites/root/lists/45c12593-c895-478c-916c-15c6368a40dc/items'
try {
  $spoResult = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri  $apiUrl -Method Get
  Write-output "Received SPO lib items"
  Write-output $spoResult.value.count
}
catch {
  Write-Output "Failed to get files from SPO"
  Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
  Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
}


#Get files from ODB
$apiUrl = 'https://graph.microsoft.com/v1.0/me/drive/root/children'
try {
  $odbResult = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri  $apiUrl -Method Get
  Write-output "Received ODB items"
  Write-output $odbResult.value.count
}
catch {
  Write-Output "Failed to get files from ODB"
  Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
  Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
}

#Create file in ODB
$apiUrl = 'https://graph.microsoft.com/v1.0/me/drive/root:/DemoFile.txt:/content'
$body = "This is sample text that goes into the text file"
try {
    $odbData = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Put -Body $body -ContentType "text/plain" -ResponseHeadersVariable odbRespHeaders
    Write-output "Created ODB file"
    Write-output $odbData.webUrl
    #Write-Output $odbRespHeaders
}
catch {
    Write-Output "Failed to create file in ODB"
    Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
    Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
}


#Create file in SPO
$apiUrl = 'https://graph.microsoft.com/v1.0/sites/root/drive/items/root:/DemoFile.txt:/content'
$body = "This is sample text that goes into the text file"
try {
    $spoData = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Put -Body $body -ContentType "text/plain" -ResponseHeadersVariable spoRespHeaders
    Write-output "Created SPO file"
    Write-output $spoData.webUrl
    #Write-Output $spoRespHeaders
}
catch {
    Write-Output "Failed to create file in SPO"
    Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
    Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
}
	clear
	# The resource URI
	$resource = "https://graph.microsoft.com"
	# Your Client ID and Client Secret obainted when registering your Azure AD (AAD) APP
	$clientid = "AAD APP ID";
	$clientSecret = "AAD APP CLIENT SECRET";
	$redirectUri = "https://localhost"

	# UrlEncode the ClientID and ClientSecret and URL's for special characters
	Add-Type -AssemblyName System.Web
	$clientIDEncoded = [System.Web.HttpUtility]::UrlEncode($clientid)
	$clientSecretEncoded = [System.Web.HttpUtility]::UrlEncode($clientSecret)
	$redirectUriEncoded = [System.Web.HttpUtility]::UrlEncode($redirectUri)
	$resourceEncoded = [System.Web.HttpUtility]::UrlEncode($resource)
	$scopeEncoded = [System.Web.HttpUtility]::UrlEncode("https://outlook.office.com/user.readwrite.all")

	# Function to popup Auth Dialog Windows Form
	Function Get-AuthCode {
	Add-Type -AssemblyName System.Windows.Forms

	$form = New-Object -TypeName System.Windows.Forms.Form -Property @{Width=440;Height=640}
	$web = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{Width=420;Height=600;Url=($url -f ($Scope -join "%20")) }

	$DocComp = {
	$Global:uri = $web.Url.AbsoluteUri
	if ($Global:uri -match "error=[^&]\|code=[^&]") {$form.Close() }
	}
	$web.ScriptErrorsSuppressed = $true
	$web.Add_DocumentCompleted($DocComp)
	$form.Controls.Add($web)
	$form.Add_Shown({$form.Activate()})
	$form.ShowDialog() \| Out-Null

	$queryOutput = [System.Web.HttpUtility]::ParseQueryString($web.Url.Query)
	$output = @{}
	foreach($key in $queryOutput.Keys){
	$output["$key"] = $queryOutput[$key]
	}

	$output
	}

	# Get AuthCode
	#$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&redirect_uri=$redirectUriEncoded&client_id=$clientID&resource=$resourceEncoded&prompt=admin_consent&scope=$scopeEncoded"
	$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&redirect_uri=$redirectUriEncoded&client_id=$clientID&resource=$resourceEncoded&prompt=admin_consent"
	Get-AuthCode
	# Extract Access token from the returned URI
	$regex = '(?<=code=)(.*)(?=&)'
	$authCode = ($uri \| Select-string -pattern $regex).Matches[0].Value

	#Write-output "Received an authCode, $authCode"


	#get Access Token
	$body = "grant_type=authorization_code&redirect_uri=$redirectUri&client_id=$clientId&client_secret=$clientSecretEncoded&code=$authCode&resource=$resource"
	$tokenResponse = Invoke-RestMethod https://login.microsoftonline.com/common/oauth2/token `
	-Method Post -ContentType "application/x-www-form-urlencoded" `
	-Body $body `
	-ErrorAction STOP

	$Tokenresponse.access_token \| clip

	#Get files from SPO library
	$apiUrl = 'https://graph.microsoft.com/v1.0/sites/root/lists/45c12593-c895-478c-916c-15c6368a40dc/items'
	try {
	$spoResult = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Get
	Write-output "Received SPO lib items"
	Write-output $spoResult.value.count
	}
	catch {
	Write-Output "Failed to get files from SPO"
	Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
	Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
	}


	#Get files from ODB
	$apiUrl = 'https://graph.microsoft.com/v1.0/me/drive/root/children'
	try {
	$odbResult = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Get
	Write-output "Received ODB items"
	Write-output $odbResult.value.count
	}
	catch {
	Write-Output "Failed to get files from ODB"
	Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
	Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
	}

	#Create file in ODB
	$apiUrl = 'https://graph.microsoft.com/v1.0/me/drive/root:/DemoFile.txt:/content'
	$body = "This is sample text that goes into the text file"
	try {
	$odbData = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Put -Body $body -ContentType "text/plain" -ResponseHeadersVariable odbRespHeaders
	Write-output "Created ODB file"
	Write-output $odbData.webUrl
	#Write-Output $odbRespHeaders
	}
	catch {
	Write-Output "Failed to create file in ODB"
	Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
	Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
	}


	#Create file in SPO
	$apiUrl = 'https://graph.microsoft.com/v1.0/sites/root/drive/items/root:/DemoFile.txt:/content'
	$body = "This is sample text that goes into the text file"
	try {
	$spoData = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Put -Body $body -ContentType "text/plain" -ResponseHeadersVariable spoRespHeaders
	Write-output "Created SPO file"
	Write-output $spoData.webUrl
	#Write-Output $spoRespHeaders
	}
	catch {
	Write-Output "Failed to create file in SPO"
	Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
	Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
	}