The following PowerShell snipped shows how to acquire acces token based on client id/client secret via REST Graph API and list all Azure AD groups in Powershell:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | param( [Parameter(Mandatory=$true)] [string]$Tenant, [Parameter(Mandatory=$true)] [string]$ClientId, [Parameter(Mandatory=$true)] [string]$ClientSecret)$currentDir = [System.IO.Directory]::GetCurrentDirectory()$dllCommonDir = resolve-path($currentDir + "\..\..\Assemblies\Common\")[System.Reflection.Assembly]::LoadFile([System.IO.Path]::Combine($dllCommonDir, "Microsoft.Identity.Client.dll"))function GetAccessToken($tenant, $clientId, $clientSecret){ $appCredentials = New-Object Microsoft.Identity.Client.ClientCredential -ArgumentList $clientSecret $aadLoginUri = New-Object System.Uri -ArgumentList "https://login.microsoftonline.com/" $authorityUri = New-Object System.Uri -ArgumentList $aadLoginUri, $tenant $authority = $authorityUri.AbsoluteUri $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $clientApplication = New-Object Microsoft.Identity.Client.ConfidentialClientApplication($clientId, $authority, $redirectUri, $appCredentials, $null, $null) [string[]]$defaultScope = @("https://graph.microsoft.com/.default") $authenticationResult = $clientApplication.AcquireTokenForClientAsync($defaultScope).Result return $authenticationResult.AccessToken}function RetrieveGroupsRest($accessToken){ $authHeader = @{ "Content-Type"="application\json" "Authorization"="Bearer " + $accessToken } $uri = "https://graph.microsoft.com/v1.0/groups" $result = @() do{ $objects = Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Get $uri = $objects.'@odata.nextlink' $result = $result + $objects.value }until ($uri -eq $null) return $result}$accessToken = GetAccessToken $Tenant $ClientId $ClientSecret$dataFromGraphAPI = RetrieveGroupsRest $accessToken$dataFromGraphAPI | ft -Property id,displayName |
No comments:
Post a Comment