dafthack · June 1, 2023 12:34
diff --git a/AzureOAuthTools.ps1 b/AzureOAuthTools.ps1

 ## A few tools for working with Azure OAuth2 Authentication Codes and access_tokens
 ## By Beau Bullock @dafthack

 Function Get-AzureAccessToken{

 Param
 (
    [Parameter(Position = 0, Mandatory = $false)]
    [string]
    $Scope = "openid offline_access email user.read profile",

    [Parameter(Position = 1, Mandatory = $true)]
    [string]
    $ClientID = "",

    [Parameter(Position = 2, Mandatory = $true)]
    [string]
    $ClientSecret = "",

    [Parameter(Position = 3, Mandatory = $true)]
    [string]
    $RedirectUri = "",

    [Parameter(Position = 4, Mandatory = $true)]
    [string]
    $AuthCode = ""
 )

 $body = @{client_id=$ClientID
 scope=$Scope
 code=$AuthCode
 redirect_uri=$RedirectUri
 grant_type="authorization_code"
 client_secret=$ClientSecret
 }

 $request = Invoke-WebRequest -Method POST -ContentType "application/x-www-form-urlencoded" -Uri "https://login.microsoftonline.com/common/oauth2/v2.0/token" -Body $body
 $parsed = $request.Content | ConvertFrom-Json
 Write-Output "---Here is your access token---"
 $parsed.access_token
 Write-Output "---Here is your refresh token---"
 $parsed.refresh_token
 }

 Function Check-MSGraphAccess{
    param(
    [Parameter(Position = 0, Mandatory = $true)]
    [string]
    $access_token = ""
    )

 $request = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/me" -Headers @{"Authorization" = "Bearer $access_token"}
 $out = $request.Content | ConvertFrom-Json
 $out
 }

 Function Get-NewAccessTokenWithRefreshToken{
 Param
 (
    [Parameter(Position = 0, Mandatory = $false)]
    [string]
    $Scope = "openid offline_access email user.read profile",

    [Parameter(Position = 1, Mandatory = $true)]
    [string]
    $ClientID = "",

    [Parameter(Position = 2, Mandatory = $true)]
    [string]
    $ClientSecret = "",

    [Parameter(Position = 3, Mandatory = $true)]
    [string]
    $RedirectUri = "",

    [Parameter(Position = 4, Mandatory = $true)]
    [string]
    $RefreshToken = ""
 )

 $body = @{client_id=$ClientID
 scope=$Scope
 refresh_token=$RefreshToken
 redirect_uri=$RedirectUri
 grant_type="refresh_token"
 client_secret=$ClientSecret
 }

 $request = Invoke-WebRequest -Method POST -ContentType "application/x-www-form-urlencoded" -Uri "https://login.microsoftonline.com/common/oauth2/v2.0/token" -Body $body
 $parsed = $request.Content | ConvertFrom-Json
 Write-Output "---Here is your access token---"
 $parsed.access_token
 Write-Output "---Here is your refresh token---"
 $parsed.refresh_token


 }


 Function Get-AzureADUsers{
    param(
    [Parameter(Position = 0, Mandatory = $true)]
    [string]
    $access_token = ""
    )

 $request = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users" -Headers @{"Authorization" = "Bearer $access_token"}
 $out = $request.Content | ConvertFrom-Json
 Write-Output "---Azure AD User Data---"
 $out.value

 Write-Output "---All Azure AD User Principal Names---"
 $out.value.userPrincipalName
 }

	## A few tools for working with Azure OAuth2 Authentication Codes and access_tokens
	## By Beau Bullock @dafthack

	Function Get-AzureAccessToken{

	Param
	(
	[Parameter(Position = 0, Mandatory = $false)]
	[string]
	$Scope = "openid offline_access email user.read profile",

	[Parameter(Position = 1, Mandatory = $true)]
	[string]
	$ClientID = "",

	[Parameter(Position = 2, Mandatory = $true)]
	[string]
	$ClientSecret = "",

	[Parameter(Position = 3, Mandatory = $true)]
	[string]
	$RedirectUri = "",

	[Parameter(Position = 4, Mandatory = $true)]
	[string]
	$AuthCode = ""
	)

	$body = @{client_id=$ClientID
	scope=$Scope
	code=$AuthCode
	redirect_uri=$RedirectUri
	grant_type="authorization_code"
	client_secret=$ClientSecret
	}

	$request = Invoke-WebRequest -Method POST -ContentType "application/x-www-form-urlencoded" -Uri "https://login.microsoftonline.com/common/oauth2/v2.0/token" -Body $body
	$parsed = $request.Content \| ConvertFrom-Json
	Write-Output "---Here is your access token---"
	$parsed.access_token
	Write-Output "---Here is your refresh token---"
	$parsed.refresh_token
	}

	Function Check-MSGraphAccess{
	param(
	[Parameter(Position = 0, Mandatory = $true)]
	[string]
	$access_token = ""
	)

	$request = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/me" -Headers @{"Authorization" = "Bearer $access_token"}
	$out = $request.Content \| ConvertFrom-Json
	$out
	}

	Function Get-NewAccessTokenWithRefreshToken{
	Param
	(
	[Parameter(Position = 0, Mandatory = $false)]
	[string]
	$Scope = "openid offline_access email user.read profile",

	[Parameter(Position = 1, Mandatory = $true)]
	[string]
	$ClientID = "",

	[Parameter(Position = 2, Mandatory = $true)]
	[string]
	$ClientSecret = "",

	[Parameter(Position = 3, Mandatory = $true)]
	[string]
	$RedirectUri = "",

	[Parameter(Position = 4, Mandatory = $true)]
	[string]
	$RefreshToken = ""
	)

	$body = @{client_id=$ClientID
	scope=$Scope
	refresh_token=$RefreshToken
	redirect_uri=$RedirectUri
	grant_type="refresh_token"
	client_secret=$ClientSecret
	}

	$request = Invoke-WebRequest -Method POST -ContentType "application/x-www-form-urlencoded" -Uri "https://login.microsoftonline.com/common/oauth2/v2.0/token" -Body $body
	$parsed = $request.Content \| ConvertFrom-Json
	Write-Output "---Here is your access token---"
	$parsed.access_token
	Write-Output "---Here is your refresh token---"
	$parsed.refresh_token


	}


	Function Get-AzureADUsers{
	param(
	[Parameter(Position = 0, Mandatory = $true)]
	[string]
	$access_token = ""
	)

	$request = Invoke-WebRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users" -Headers @{"Authorization" = "Bearer $access_token"}
	$out = $request.Content \| ConvertFrom-Json
	Write-Output "---Azure AD User Data---"
	$out.value

	Write-Output "---All Azure AD User Principal Names---"
	$out.value.userPrincipalName
	}