This module provides some helper functions to work with Azure AD OAuth2 endpoint without the need to construct URL manually.
The easiest way to use this module is to download it from PowerShell Gallery:
Install-Module -Name Oauth2Toolkit| OAuth 2 Flow | Function | Notes |
|---|---|---|
| Authorization Code Grant | Invoke-CodeGrantFlow |
|
| Device Code | Invoke-DeviceCodeFlow |
|
| Password | Invoke-ResourceOwnerPasswordGrantFlow |
|
| On behalf of | Invoke-OnBehalfOfFlow |
https://docs.microsoft.com/cs-cz/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow |
Obtain access token for the application:
$response = Invoke-CodeGrantFlow -RedirectUrl "http://localhost:8080/auth" -ClientId "<AppId>" -ClientSecret "<AppSecret>" -Tenant "tenant.onmicrosoft.com" -Resource "<AppId>" -AlwaysPrompt $trueAnd use the returned Access Token to get resource specific Access Tokens for multiple services on behalf of the user:
$graphAuthenticationHeaders = Invoke-OnBehalfOfFlow -Tenant "tenant.onmicrosoft.com" -ClientId "<AppId>" -ClientSecret "<AppSecret>" -AccessToken $response.access_token -Resource "https://graph.microsoft.com" | ConvertTo-AuthorizationHeaders
Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/v1.0/me" -Headers $graphAuthenticationHeaders