Public/Connect-MsftIamApi.ps1
Function Connect-MsftIamApi { <# .SYNOPSIS Authenticates the end user to the Microsoft IAM Api. .DESCRIPTION Current version is focused on user authentication to the IAM Api. I have not yet successfully authenticated a service principal. .PARAMETER TenantId Takes in the tenant ID for the target azure tenant. .INPUTS None. .LINK https://github.com/nouselesstech/MsftIamApi #> param( [Parameter(Mandatory=$True)] [string]$TenantId ) try { # Variables $ApplicationId = '1950a258-227b-4e31-a9cf-717495945fc2' $Negs = @( 'Go on. Do it. I dare you.', 'You can do it!', 'My grandma could have been done by now.', 'What is the matter, Colonel Sanders? Chicken?', 'Do it. Try it.', 'Try it. You will like it.', 'Try not. Do or do not. There is no try.' ) ## Prepare the request information $Headers = @{} $Headers."Content-Type" = "application/x-www-form-urlencoded" $Body = "resource=74658136-14ec-4630-ad9b-26e160ff0fc6" $Body += "&client_id=$ApplicationId" $Url = "https://login.microsoftonline.com/$TenantId/oauth2/devicecode" ## Complete the request $LoginRequest = Invoke-WebRequest ` -Method Post ` -Uri $Url ` -Headers $Headers ` -Body $Body $LoginBody = $LoginRequest | ConvertFrom-Json -Depth 100 ## Prompt the user to login Write-Host $LoginBody.Message ## Wait for the authentication to complete $Body = "" $Body += "tenant=$TenantId" $Body += "&grant_type=urn:ietf:params:oauth:grant-type:device_code" $Body += "&client_id=$ApplicationId" $Body += "&device_code=$($LoginBody.device_code)" $Uri = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" $TokenResponse = $Null While ($Null -eq $TokenResponse) { $NagRequest = (Invoke-WebRequest ` -Uri $Uri ` -Body $Body ` -Headers $Headers ` -Method Post ` -SkipHttpErrorCheck ).Content | ConvertFrom-Json -Depth 100 Switch($NagRequest.Error) { "authorization_pending" {$Negs[(Get-Random -Minimum 0 -Maximum ($Negs.count-1))]} "authorization_declined" {throw "You declined authorization. -_-"} "bad_verification_code" {throw "Bad verification code"} "expired_token" {throw "Device code token is expired. Try again."} default {$TokenResponse = $NagRequest} } Start-Sleep -Seconds 1 } $Global:IamToken = $TokenResponse return $True } catch { Write-Error "Unable to connect to the IAM API. `r`n $_" } } |