Get-MsalClientApplication.ps1
<#
.SYNOPSIS Get client application from local session cache. .DESCRIPTION This cmdlet will return a client application object from the local session cache. If it does not yet exist, a new client application will be created and added to the cache. .EXAMPLE PS C:\>Get-MsalClientApplication -ClientId '00000000-0000-0000-0000-000000000000' Get public client application using default settings. .EXAMPLE PS C:\>$ConfidentialClientOptions = New-Object Microsoft.Identity.Client.ConfidentialClientApplicationOptions -Properties @{ ClientId = '00000000-0000-0000-0000-000000000000' } PS C:\>$ConfidentialClientOptions | Get-MsalClientApplication -ClientSecret (ConvertTo-SecureString 'SuperSecretString' -AsPlainText -Force) -TenantId '00000000-0000-0000-0000-000000000000' Pipe in confidential client options object to get a confidential client application using a client secret and target a specific tenant. .EXAMPLE PS C:\>$ClientCertificate = Get-Item Cert:\CurrentUser\My\0000000000000000000000000000000000000000 PS C:\>$ConfidentialClientOptions = New-Object Microsoft.Identity.Client.ConfidentialClientApplicationOptions -Properties @{ ClientId = '00000000-0000-0000-0000-000000000000'; TenantId = '00000000-0000-0000-0000-000000000000' } PS C:\>$ConfidentialClientOptions | Get-MsalClientApplication -ClientCertificate $ClientCertificate Pipe in confidential client options object to get a confidential client application using a client certificate and target a specific tenant. #> function Get-MsalClientApplication { [CmdletBinding(DefaultParameterSetName='PublicClient')] [OutputType([Microsoft.Identity.Client.PublicClientApplication],[Microsoft.Identity.Client.ConfidentialClientApplication])] param ( # Identifier of the client requesting the token. [Parameter(Mandatory=$true, ParameterSetName='PublicClient')] [Parameter(Mandatory=$false, ParameterSetName='PublicClient-InputObject')] [Parameter(Mandatory=$true, ParameterSetName='ConfidentialClientSecret')] [Parameter(Mandatory=$true, ParameterSetName='ConfidentialClientCertificate')] [Parameter(Mandatory=$false, ParameterSetName='ConfidentialClient-InputObject')] [string] $ClientId, # Secure secret of the client requesting the token. [Parameter(Mandatory=$true, ParameterSetName='ConfidentialClientSecret')] [Parameter(Mandatory=$false, ParameterSetName='ConfidentialClient-InputObject')] [securestring] $ClientSecret, # Client assertion certificate of the client requesting the token. [Parameter(Mandatory=$true, ParameterSetName='ConfidentialClientCertificate')] [Parameter(Mandatory=$false, ParameterSetName='ConfidentialClient-InputObject')] [System.Security.Cryptography.X509Certificates.X509Certificate2] $ClientCertificate, # Address to return to upon receiving a response from the authority. [Parameter(Mandatory=$false)] [uri] $RedirectUri, # Tenant identifier of the authority to issue token. [Parameter(Mandatory=$false)] [string] $TenantId, # Address of the authority to issue token. [Parameter(Mandatory=$false)] [uri] $Authority, # Public client application options [Parameter(Mandatory=$true, ValueFromPipeline=$true, ParameterSetName='PublicClient-InputObject', Position=0)] [Microsoft.Identity.Client.PublicClientApplicationOptions] $PublicClientOptions, # Confidential client application options [Parameter(Mandatory=$true, ValueFromPipeline=$true, ParameterSetName='ConfidentialClient-InputObject', Position=0)] [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions, # Create application in cache if it does not already exist [Parameter(Mandatory=$false)] [switch] $CreateIfMissing ) [hashtable] $paramMsalClientApplication = $PSBoundParameters if ($paramMsalClientApplication.ContainsKey('CreateIfMissing')) { [void] $paramMsalClientApplication.Remove('CreateIfMissing') } $NewClientApplication = New-MsalClientApplication -ErrorAction Stop @paramMsalClientApplication switch -Wildcard ($PSCmdlet.ParameterSetName) { "PublicClient*" { [Microsoft.Identity.Client.IPublicClientApplication] $ClientApplication = $PublicClientApplications | Where-Object { $_.ClientId -eq $NewClientApplication.ClientId -and $_.AppConfig.RedirectUri -eq $NewClientApplication.AppConfig.RedirectUri -and $_.AppConfig.TenantId -eq $NewClientApplication.AppConfig.TenantId } | Select-Object -First 1 break } "ConfidentialClientSecret" { [Microsoft.Identity.Client.IConfidentialClientApplication] $ClientApplication = $ConfidentialClientApplications | Where-Object { $_.ClientId -eq $NewClientApplication.ClientId -and $_.AppConfig.ClientSecret -eq $NewClientApplication.AppConfig.ClientSecret -and $_.AppConfig.RedirectUri -eq $NewClientApplication.AppConfig.RedirectUri -and $_.AppConfig.TenantId -eq $NewClientApplication.AppConfig.TenantId } | Select-Object -First 1 break } "ConfidentialClientCertificate" { [Microsoft.Identity.Client.IConfidentialClientApplication] $ClientApplication = $ConfidentialClientApplications | Where-Object { $_.ClientId -eq $NewClientApplication.ClientId -and $_.AppConfig.ClientCredentialCertificate -eq $NewClientApplication.AppConfig.ClientCredentialCertificate -and $_.AppConfig.RedirectUri -eq $NewClientApplication.AppConfig.RedirectUri -and $_.AppConfig.TenantId -eq $NewClientApplication.AppConfig.TenantId } | Select-Object -First 1 break } "ConfidentialClient-InputObject" { if ($NewClientApplication.AppConfig.ClientSecret) { [Microsoft.Identity.Client.IConfidentialClientApplication] $ClientApplication = $ConfidentialClientApplications | Where-Object { $_.ClientId -eq $NewClientApplication.ClientId -and $_.AppConfig.ClientSecret -eq $NewClientApplication.AppConfig.ClientSecret -and $_.AppConfig.RedirectUri -eq $NewClientApplication.AppConfig.RedirectUri -and $_.AppConfig.TenantId -eq $NewClientApplication.AppConfig.TenantId } | Select-Object -First 1 } else { [Microsoft.Identity.Client.IConfidentialClientApplication] $ClientApplication = $ConfidentialClientApplications | Where-Object { $_.ClientId -eq $NewClientApplication.ClientId -and $_.AppConfig.ClientCredentialCertificate -eq $NewClientApplication.AppConfig.ClientCredentialCertificate -and $_.AppConfig.RedirectUri -eq $NewClientApplication.AppConfig.RedirectUri -and $_.AppConfig.TenantId -eq $NewClientApplication.AppConfig.TenantId } | Select-Object -First 1 } break } } if (!$ClientApplication) { if ($CreateIfMissing) { $ClientApplication = $NewClientApplication Write-Verbose ('Adding Application with ClientId [{0}] and RedirectUri [{1}] to cache.' -f $ClientApplication.AppConfig.ClientId, $ClientApplication.AppConfig.RedirectUri) if ($ClientApplication -is [Microsoft.Identity.Client.IPublicClientApplication]) { $PublicClientApplications.Add($ClientApplication) } else { $ConfidentialClientApplications.Add($ClientApplication) } } } else { Write-Debug ('Application with ClientId [{0}] and RedirectUri [{1}] already exists. Using application from cache.' -f $ClientApplication.AppConfig.ClientId, $ClientApplication.AppConfig.RedirectUri) } return $ClientApplication } |