Last active
March 13, 2024 20:09
-
-
Save Apurer/764ef757bdd17ff781296e2dc7714282 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Generate-CodeVerifier { | |
| $bytes = New-Object Byte[] 32 | |
| [System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes) | |
| return [System.Convert]::ToBase64String($bytes) -replace '\+', '-' -replace '\/', '_' -replace '=' | |
| } | |
| function Generate-CodeChallenge($verifier) { | |
| $bytes = [System.Text.Encoding]::ASCII.GetBytes($verifier) | |
| $hash = [System.Security.Cryptography.SHA256]::Create().ComputeHash($bytes) | |
| return [System.Convert]::ToBase64String($hash) -replace '\+', '-' -replace '\/', '_' -replace '=' | |
| } | |
| $clientId = "<Your-Client-ID-Here>" | |
| $tenantId = "<Your-Tenant-ID-Here>" # Use "common" for multi-tenant apps | |
| $redirectUri = "<Your-Redirect-URI>" # Must be URL encoded | |
| $scope = "<Your-Scope-Here>" # Example: "https%3A%2F%2Fgraph.microsoft.com%2F.default" | |
| $responseType = "code" | |
| # Generate PKCE code verifier and challenge | |
| $codeVerifier = Generate-CodeVerifier | |
| $codeChallenge = Generate-CodeChallenge -verifier $codeVerifier | |
| # Construct the authorization URL | |
| $authorizationUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize?client_id=$clientId&response_type=$responseType&redirect_uri=$redirectUri&response_mode=query&scope=$scope&state=12345&code_challenge_method=S256&code_challenge=$codeChallenge" | |
| # Open the authorization URL in the default web browser | |
| Start-Process "chrome.exe" $authorizationUrl # Use "chrome.exe", "firefox.exe", etc., or remove the "chrome.exe" to use the default browser | |
| Write-Host "Authorization URL: $authorizationUrl" | |
| Write-Host "Code Verifier: $codeVerifier" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Replace these variables with your actual values | |
| $tenantId = "<Your-Tenant-ID>" | |
| $clientID = "<Your-Client-ID>" | |
| $clientSecret = "<Your-Client-Secret>" # Needed for web applications | |
| $authorizationCode = "<Authorization-Code-You-Received>" | |
| $redirectUri = "<Your-Redirect-URI>" # Must match the redirect URI used in the auth request | |
| $tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" | |
| $body = @{ | |
| client_id = $clientID | |
| scope = "https://graph.microsoft.com/.default" | |
| code = $authorizationCode | |
| redirect_uri = $redirectUri | |
| grant_type = "authorization_code" | |
| client_secret = $clientSecret # For confidential clients. Omit for public clients like mobile/desktop apps. | |
| } | |
| $response = Invoke-RestMethod -Uri $tokenUrl -Method Post -Body $body -ContentType "application/x-www-form-urlencoded" | |
| $accessToken = $response.access_token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $graphApiUrl = "https://graph.microsoft.com/v1.0/me" | |
| # Prepare the header with the access token | |
| $headers = @{ | |
| Authorization = "Bearer $accessToken" | |
| } | |
| # Execute the API request | |
| $userInfo = Invoke-RestMethod -Uri $graphApiUrl -Headers $headers -Method Get | |
| # Display the result | |
| $userInfo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment