The following PowerShell snipped shows how to acquire acces token based on client id/client secret via REST Graph API and list all Azure AD groups in Powershell:
param
(
[Parameter(Mandatory=$true)]
[string]$Tenant,
[Parameter(Mandatory=$true)]
[string]$ClientId,
[Parameter(Mandatory=$true)]
[string]$ClientSecret
)
$currentDir = [System.IO.Directory]::GetCurrentDirectory()
$dllCommonDir = resolve-path($currentDir + "\..\..\Assemblies\Common\")
[System.Reflection.Assembly]::LoadFile([System.IO.Path]::Combine($dllCommonDir, "Microsoft.Identity.Client.dll"))
function GetAccessToken($tenant, $clientId, $clientSecret)
{
$appCredentials = New-Object Microsoft.Identity.Client.ClientCredential -ArgumentList $clientSecret
$aadLoginUri = New-Object System.Uri -ArgumentList "https://login.microsoftonline.com/"
$authorityUri = New-Object System.Uri -ArgumentList $aadLoginUri, $tenant
$authority = $authorityUri.AbsoluteUri
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$clientApplication = New-Object Microsoft.Identity.Client.ConfidentialClientApplication($clientId, $authority, $redirectUri, $appCredentials, $null, $null)
[string[]]$defaultScope = @("https://graph.microsoft.com/.default")
$authenticationResult = $clientApplication.AcquireTokenForClientAsync($defaultScope).Result
return $authenticationResult.AccessToken
}
function RetrieveGroupsRest($accessToken)
{
$authHeader = @{
"Content-Type"="application\json"
"Authorization"="Bearer " + $accessToken
}
$uri = "https://graph.microsoft.com/v1.0/groups"
$result = @()
do{
$objects = Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Get
$uri = $objects.'@odata.nextlink'
$result = $result + $objects.value
}until ($uri -eq $null)
return $result
}
$accessToken = GetAccessToken $Tenant $ClientId $ClientSecret
$dataFromGraphAPI = RetrieveGroupsRest $accessToken
$dataFromGraphAPI | ft -Property id,displayName
No comments:
Post a Comment