KeDo_AzureGraphAPI

3.0.1

Connect-AzureGraphAPI--v3-0.psm1

                                $FunctionScriptName = "Connect-AzureGraphAPI"

Write-Verbose "Import-Start| [$($FunctionScriptName)]"

function Connect-AzureGraphAPI { 

    <#

        .SYNOPSIS

            Login Azure Graph

        .NOTES

            AUTHOR: Ken Dobrunz // Ken.Dobrunz@Direkt-Gruppe.de | Direkt Gruppe

            WEBSITE: http://kensmagic.site

            LASTEDIT: 30.05.2020 - Version: 3.0

    #> 

    [cmdletbinding()]

    Param(

        [Parameter()]$Config,

        [Parameter()][string]$ClientID,

        [Parameter()][string]$ClientSecret,

        [Parameter()][string]$TenantId,

        [Parameter()]$redirectURI,

        [Parameter()]$Resource,

        [Parameter()]$ResourceLoginVersion = "", #Ignored for Graph

        [Parameter()]$AutomationSecretVariable,

        [Parameter()]$TenantIDVariable

    )

    Process {

        $SelfIdentifier = "AZGraph"

        #* Config check

        $ClientID = if ($ClientID) { $ClientID }elseif ($Config.ClientID) { $Config.ClientID }else { Write-Error "[$($SelfIdentifier)] No ClientID provided" }

        $ClientSecret = if ($ClientSecret) { $ClientSecret }elseif ($Config.ClientSecret) { $Config.ClientSecret }else { Write-Error "[$($SelfIdentifier)] No ClientSecret provided" }

        $TenantId = if ($TenantId) { $TenantId }elseif ($Config.TenantId) { $Config.TenantId }else { Write-Error "[$($SelfIdentifier)] No TenantId provided" }

        if ($resource) {

            # Resource API / scope

            Write-Verbose "[$($SelfIdentifier)] Connecting against resource [$($resource)]"

            $Body = @{grant_type = 'client_credentials'; client_id = $ClientID; redirect_uri = $redirectURI; resource = $Resource; client_secret = $ClientSecret }

            $URI = "https://login.microsoftonline.com/$TenantId/oauth2/$ResourceLoginVersion/token"

        }

        else {

            Write-Verbose "[$($SelfIdentifier)] Getting MS Graph oauth2 v2.0 token"

            # AZ Graph API / scope

            $Body = @{grant_type = 'client_credentials'; client_id = $ClientID; client_secret = $ClientSecret; scope = 'https://graph.microsoft.com/.default' }

            $URI = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"

        }

        # Getting oAuth token & creating auth header

        $oauthresponse = Invoke-RestMethod -Method Post -Uri $URI -Body $Body   

        return @{'Authorization' = "Bearer " + $oauthresponse.access_token } # "Bearer" optional for graph - necessary for resource

    }

} #v3.0

Export-ModuleMember -Function *

Write-Verbose "Import-END| [$($FunctionScriptName)]"