The following PowerShell snipped shows how to acquire acces token based on client id/client secret via REST Graph API and list all Azure AD groups in Powershell:
param ( [Parameter(Mandatory=$true)] [string]$Tenant, [Parameter(Mandatory=$true)] [string]$ClientId, [Parameter(Mandatory=$true)] [string]$ClientSecret ) $currentDir = [System.IO.Directory]::GetCurrentDirectory() $dllCommonDir = resolve-path($currentDir + "\..\..\Assemblies\Common\") [System.Reflection.Assembly]::LoadFile([System.IO.Path]::Combine($dllCommonDir, "Microsoft.Identity.Client.dll")) function GetAccessToken($tenant, $clientId, $clientSecret) { $appCredentials = New-Object Microsoft.Identity.Client.ClientCredential -ArgumentList $clientSecret $aadLoginUri = New-Object System.Uri -ArgumentList "https://login.microsoftonline.com/" $authorityUri = New-Object System.Uri -ArgumentList $aadLoginUri, $tenant $authority = $authorityUri.AbsoluteUri $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $clientApplication = New-Object Microsoft.Identity.Client.ConfidentialClientApplication($clientId, $authority, $redirectUri, $appCredentials, $null, $null) [string[]]$defaultScope = @("https://graph.microsoft.com/.default") $authenticationResult = $clientApplication.AcquireTokenForClientAsync($defaultScope).Result return $authenticationResult.AccessToken } function RetrieveGroupsRest($accessToken) { $authHeader = @{ "Content-Type"="application\json" "Authorization"="Bearer " + $accessToken } $uri = "https://graph.microsoft.com/v1.0/groups" $result = @() do{ $objects = Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Get $uri = $objects.'@odata.nextlink' $result = $result + $objects.value }until ($uri -eq $null) return $result } $accessToken = GetAccessToken $Tenant $ClientId $ClientSecret $dataFromGraphAPI = RetrieveGroupsRest $accessToken $dataFromGraphAPI | ft -Property id,displayName
No comments:
Post a Comment