Private/GraphAuthMode.ps1
|
function Assert-InTUIGraphDelegatedAuthMode { [CmdletBinding()] param( [Parameter()] [switch]$UseDeviceCode, [Parameter()] [switch]$UseBrowserAuth ) if ($UseDeviceCode -and $UseBrowserAuth) { throw 'UseDeviceCode and UseBrowserAuth are mutually exclusive delegated authentication modes.' } } function Assert-InTUIGraphAuthMode { [CmdletBinding()] param( [Parameter()] [switch]$ClientCredential, [Parameter()] [switch]$UseDeviceCode, [Parameter()] [switch]$UseBrowserAuth ) Assert-InTUIGraphDelegatedAuthMode -UseDeviceCode:$UseDeviceCode -UseBrowserAuth:$UseBrowserAuth if ($ClientCredential -and ($UseDeviceCode -or $UseBrowserAuth)) { throw 'Client credential authentication cannot be combined with delegated authentication switches.' } } function Resolve-InTUIGraphDelegatedAuthMode { [CmdletBinding()] param( [Parameter()] [switch]$UseDeviceCode, [Parameter()] [switch]$UseBrowserAuth ) Assert-InTUIGraphAuthMode -UseDeviceCode:$UseDeviceCode -UseBrowserAuth:$UseBrowserAuth if ($UseDeviceCode) { return 'DeviceCode' } return 'BrowserAuth' } function Resolve-InTUIGraphAuthMode { [CmdletBinding()] param( [Parameter()] [switch]$ClientCredential, [Parameter()] [switch]$UseDeviceCode, [Parameter()] [switch]$UseBrowserAuth ) if ($ClientCredential) { Assert-InTUIGraphAuthMode -ClientCredential -UseDeviceCode:$UseDeviceCode -UseBrowserAuth:$UseBrowserAuth return 'ClientCredential' } return (Resolve-InTUIGraphDelegatedAuthMode -UseDeviceCode:$UseDeviceCode -UseBrowserAuth:$UseBrowserAuth) } function Get-InTUIGraphCurrentDelegatedAuthMode { [CmdletBinding()] param() if ($script:GraphAuthMode -in @('BrowserAuth', 'DeviceCode')) { return $script:GraphAuthMode } return 'BrowserAuth' } function Set-InTUIGraphAuthModeState { [CmdletBinding()] param( [Parameter(Mandatory)] [ValidateSet('ClientCredential', 'DeviceCode', 'BrowserAuth')] [string]$AuthMode ) $script:GraphAuthMode = $AuthMode $script:UseDeviceCode = ($AuthMode -eq 'DeviceCode') $script:UseBrowserAuth = ($AuthMode -eq 'BrowserAuth') } function Get-InTUIGraphAuthModeLabel { [CmdletBinding()] param( [Parameter(Mandatory)] [ValidateSet('ClientCredential', 'DeviceCode', 'BrowserAuth')] [string]$AuthMode ) switch ($AuthMode) { 'ClientCredential' { 'Service Principal' } 'DeviceCode' { 'Device Code' } 'BrowserAuth' { 'Browser' } } } function Add-InTUIGraphDelegatedAuthParameters { [CmdletBinding()] param( [Parameter(Mandatory)] [hashtable]$Parameters, [Parameter(Mandatory)] [ValidateSet('DeviceCode', 'BrowserAuth')] [string]$AuthMode, [Parameter()] [object]$BrowserSuccessContent, [Parameter()] [object]$BrowserErrorContent ) if ($AuthMode -eq 'DeviceCode') { $Parameters['UseDeviceCode'] = $true return } $Parameters['UseBrowserAuth'] = $true if ($null -ne $BrowserSuccessContent) { $Parameters['BrowserSuccessContent'] = $BrowserSuccessContent } if ($null -ne $BrowserErrorContent) { $Parameters['BrowserErrorContent'] = $BrowserErrorContent } } |