Functions/Get-AGGraphAccessToken.ps1
Function Get-AGGraphAccessToken{ <# .SYNOPSIS Gets the bearer token needed for Graph REST API calls. .DESCRIPTION Gets the bearer token needed for Graph REST API calls. .EXAMPLE $TenantId = "c123456f-a1cd-6fv7-bh73-123r5t6y7u8i9" $ClientId = '1a2s3d4d4-dfhg-4567-d5f6-h4f6g7k933ae' $ClientSecret = '36._ERF567.6FB.XFGY75D-35TGasdrvk467' Get-AGGraphAccessToken -TenantID $TenantID -ClientID $ClientId -ClientSecret $ClientSecret .EXAMPLE $TenantId = "c123456f-a1cd-6fv7-bh73-123r5t6y7u8i9" $ClientId = '1a2s3d4d4-dfhg-4567-d5f6-h4f6g7k933ae' $ClientSecret = '36._ERF567.6FB.XFGY75D-35TGasdrvk467' $Token = Get-AGGraphAccessToken -TenantID $TenantID -ClientID $ClientId -ClientSecret $ClientSecret This example stores the token in a variable that can be used to grant access. .PARAMETER TenantID This is the tenant ID of your Azure subscription. .PARAMETER ClientID This is the ClientID of the Service Principal .PARAMETER ClientSecret This is the Client secret that was generated when you secured the Service Principal .INPUTS Input is from command line or called from a script. .OUTPUTS This will output an access token that can be used in future API calls. .NOTES Author: Lars Panzerbjørn Creation Date: 2021.08.11 This token is also stored in the Script scope, and so is automagically available to other functions. #> [CmdletBinding()] param ( [Parameter(Mandatory)][string]$TenantID, [Parameter(Mandatory)][string]$ClientID, [Parameter(Mandatory)][string]$ClientSecret ) BEGIN{ $TokenEndpoint = "https://login.microsoftonline.com/$Tenantid/oauth2/v2.0/token" } PROCESS{ $Body = @{ Grant_Type = "client_credentials" Scope = "https://graph.microsoft.com/.default" Client_Id = $ClientID Client_Secret = $ClientSecret } $InvokeRestMethodSplat = @{ ContentType = 'application/x-www-form-urlencoded' Headers = @{'accept'='application/json'} Body = $Body Method = 'Post' URI = $TokenEndpoint } $Script:TokenResponse = Invoke-RestMethod @InvokeRestMethodSplat } END{ Return $TokenResponse } } |