Automate Azure PowerShell login with a service principal and self-signed certificate

ps-service-principal-auth.ps1

$cert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" `
    -Subject "CN=psauth1" `
    -KeySpec KeyExchange
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())

$sp = New-AzADServicePrincipal -DisplayName 'psauth1' `
    -CertValue $keyValue `
    -EndDate $cert.NotAfter `
    -StartDate $cert.NotBefore
Start-Sleep -Seconds 20

New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $sp.ApplicationId

$TenantId = (Get-AzSubscription -SubscriptionName "Microsoft Azure Sponsorship").TenantId
$ApplicationId = (Get-AzADApplication -DisplayNameStartWith psauth).ApplicationId
$Thumbprint = (Get-ChildItem cert:\CurrentUser\My\ | Where-Object { $_.Subject -eq "CN=psauth1" }).Thumbprint
Connect-AzAccount -ServicePrincipal `
    -CertificateThumbprint $Thumbprint `
    -ApplicationId $ApplicationId `
    -TenantId $TenantId