Skip to content

Instantly share code, notes, and snippets.

@tyconsulting

tyconsulting/Get-AADToken.ps1 Secret

Last active May 11, 2020
Embed
What would you like to do?
PowerShell function Get-AADToken - works for both UPN and SPN
Function Get-AADToken {
[CmdletBinding()]
[OutputType([string])]
PARAM (
[Parameter(Position=0,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[Alias('tID')]
[String]$TenantID,
[Parameter(Position=1,Mandatory=$true)][Alias('cred')]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
$Credential,
[Parameter(Position=0,Mandatory=$false)][Alias('type')]
[ValidateSet('UserPrincipal', 'ServicePrincipal')]
[String]$AuthenticationType = 'UserPrincipal'
)
Try
{
$Username = $Credential.Username
$Password = $Credential.Password
If ($AuthenticationType -ieq 'UserPrincipal')
{
# Set well-known client ID for Azure PowerShell
$clientId = '1950a258-227b-4e31-a9cf-717495945fc2'
# Set Resource URI to Azure Service Management API
$resourceAppIdURI = 'https://management.azure.com/'
# Set Authority to Azure AD Tenant
$authority = 'https://login.microsoftonline.com/common/' + $TenantID
Write-Verbose "Authority: $authority"
$AADcredential = [Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential]::new($UserName, $Password)
$authContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authority)
$authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$clientId,$AADcredential)
$Token = $authResult.Result.CreateAuthorizationHeader()
} else {
# Set Resource URI to Azure Service Management API
$resourceAppIdURI = 'https://management.core.windows.net/'
# Set Authority to Azure AD Tenant
$authority = 'https://login.windows.net/' + $TenantId
$ClientCred = [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]::new($UserName, $Password)
$authContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authority)
$authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$ClientCred)
$Token = $authResult.Result.CreateAuthorizationHeader()
}
}
Catch
{
Throw $_
$ErrorMessage = 'Failed to aquire Azure AD token.'
Write-Error -Message 'Failed to aquire Azure AD token'
}
$Token
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.