Private/Get-AuthToken.ps1
<#
.COPYRIGHT Copyright (c) Office Center Hønefoss AS. All rights reserved. Based on code by Jan Egil Ring (Crayon). Licensed under the MIT license. See https://github.com/officecenter/OCH-Public/blob/master/LICENSE for license information. #> function Get-AuthToken { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthToken Authenticates you with the Graph API interface .NOTES NAME: Get-AuthToken #> [cmdletbinding()] param ( [PSCredential] $Credentials = $global:GraphCredentials ) If (-not ($Credentials)) { $Credentials = Get-Credential -Message 'Enter Intune Graph API Credentials' } If ($authToken) { If ($authToken.ExpiresOn -gt (Get-Date)) { return $authToken } } $userUpn = New-Object -TypeName 'System.Net.Mail.MailAddress' -ArgumentList $Credentials.UserName $tenant = $userUpn.Host Write-Host -Object 'Checking for AzureAD module...' $AadModule = Get-Module -Name 'AzureAD' -ListAvailable if ($AadModule -eq $null) { Write-Host -Object 'AzureAD PowerShell module not found, looking for AzureADPreview' $AadModule = Get-Module -Name 'AzureADPreview' -ListAvailable } if ($AadModule -eq $null) { Write-Host -Object 'AzureAD Powershell module not installed...' -ForegroundColor Red Write-Host -Object "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -ForegroundColor Yellow Write-Host -Object "Script can't continue..." -ForegroundColor Red exit } # Getting path to ActiveDirectory Assemblies # If the module count is greater than 1 find the latest version if($AadModule.count -gt 1) { $Latest_Version = ($AadModule | Select-Object -Property version | Sort-Object)[-1] $AadModule = $AadModule | Where-Object -FilterScript { $_.version -eq $Latest_Version.version } # Checking if there are multiple versions of the same module found if($AadModule.count -gt 1) { $AadModule = $AadModule | Select-Object -Unique } $adal = Join-Path -Path $AadModule.ModuleBase -ChildPath 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' $adalforms = Join-Path -Path $AadModule.ModuleBase -ChildPath 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll' } else { $adal = Join-Path -Path $AadModule.ModuleBase -ChildPath 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' $adalforms = Join-Path -Path $AadModule.ModuleBase -ChildPath 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll' } $null = [System.Reflection.Assembly]::LoadFrom($adal) $null = [System.Reflection.Assembly]::LoadFrom($adalforms) # InTune Graph API Client ID $clientId = 'd1ddf0e4-d672-4dae-b554-9d5bdfd93547' #$redirectUri = 'urn:ietf:wg:oauth:2.0:oob' $resourceAppIdURI = 'https://graph.microsoft.com' $authority = "https://login.microsoftonline.com/$tenant" try { $authContext = New-Object -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' -ArgumentList $authority # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession $platformParameters = New-Object -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters' -ArgumentList 'Auto' $UserID = New-Object -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier' -ArgumentList ($Credentials.Username, 'OptionalDisplayableId') $userCredentials = New-Object -TypeName Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential -ArgumentList $Credentials.Username, $Credentials.Password $authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdURI, $clientId, $userCredentials) # If the accesstoken is valid then create the authentication header if($authResult.Result.AccessToken) { # Creating header for Authorization token $global:authToken = @{ 'Content-Type' = 'application/json' 'Authorization' = 'Bearer ' + $authResult.Result.AccessToken 'ExpiresOn' = $authResult.Result.ExpiresOn } $global:GraphCredentials = $Credentials return $global:authToken } else { Write-Host -Object 'Authorization Access Token is null, please re-run authentication...' -ForegroundColor Red break } } catch { Write-Host -Object $_.Exception.Message -ForegroundColor Red Write-Host -Object $_.Exception.ItemName -ForegroundColor Red break } } |