gscales · September 19, 2019 05:36
diff --git a/gistfile1.txt b/gistfile1.txt
 $ClientId = "12d09d34-c3a3-49fc-bdf7-e059801801ae"
 $MailboxName = "[email protected]"  
 $KeyVaultURL = "https://gspskeys.vault.azure.net/secrets/App1AuthCert/xxx99c5d054f43698f39c51f24440xxx?api-version=7.0"
 Import-Module .\Microsoft.IdentityModel.Clients.ActiveDirectory.dll -Force
 $TenantId = (Invoke-WebRequest -Uri ('https://login.windows.net/' + $MailboxName.Split('@')[1] + '/.well-known/openid-configuration') | ConvertFrom-Json).authorization_endpoint.Split('/')[3]

 $SptokenResult = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Headers @{Metadata="true"}
 $Sptoken = ConvertFrom-Json $SptokenResult.Content
 $headers = @{
    'Content-Type'  = 'application\json'
    'Authorization' = 'Bearer ' + $Sptoken.access_token    
 }
 $Response = (Invoke-WebRequest -Uri $KeyVaultURL  -Headers $headers) 
 $certResponse = ConvertFrom-Json $Response.Content
 $base64Value = $certResponse.value
 $Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
 $Certificate.Import([System.Convert]::FromBase64String($base64Value))

 $Context = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/" + $TenantId)
 $clientCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($ClientId,$Certificate)
 $token = ($Context.AcquireTokenAsync("https://graph.microsoft.com", $clientCredential).Result)
 $Header = @{
       'Content-Type'  = 'application\json'
       'Authorization' = $token.CreateAuthorizationHeader()
 }
 $UserResult = (Invoke-RestMethod -Headers $Header -Uri ("https://graph.microsoft.com/v1.0/users?`$filter=mail eq '" + $MailboxName + "'&`$Select=displayName,businessPhones,mobilePhone,mail,jobTitle,companyName") -Method Get -ContentType "Application/json").value
 return $UserResult
	$ClientId = "12d09d34-c3a3-49fc-bdf7-e059801801ae"
	$MailboxName = "[email protected]"
	$KeyVaultURL = "https://gspskeys.vault.azure.net/secrets/App1AuthCert/xxx99c5d054f43698f39c51f24440xxx?api-version=7.0"
	Import-Module .\Microsoft.IdentityModel.Clients.ActiveDirectory.dll -Force
	$TenantId = (Invoke-WebRequest -Uri ('https://login.windows.net/' + $MailboxName.Split('@')[1] + '/.well-known/openid-configuration') \| ConvertFrom-Json).authorization_endpoint.Split('/')[3]

	$SptokenResult = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Headers @{Metadata="true"}
	$Sptoken = ConvertFrom-Json $SptokenResult.Content
	$headers = @{
	'Content-Type' = 'application\json'
	'Authorization' = 'Bearer ' + $Sptoken.access_token
	}
	$Response = (Invoke-WebRequest -Uri $KeyVaultURL -Headers $headers)
	$certResponse = ConvertFrom-Json $Response.Content
	$base64Value = $certResponse.value
	$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$Certificate.Import([System.Convert]::FromBase64String($base64Value))

	$Context = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/" + $TenantId)
	$clientCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($ClientId,$Certificate)
	$token = ($Context.AcquireTokenAsync("https://graph.microsoft.com", $clientCredential).Result)
	$Header = @{
	'Content-Type' = 'application\json'
	'Authorization' = $token.CreateAuthorizationHeader()
	}
	$UserResult = (Invoke-RestMethod -Headers $Header -Uri ("https://graph.microsoft.com/v1.0/users?`$filter=mail eq '" + $MailboxName + "'&`$Select=displayName,businessPhones,mobilePhone,mail,jobTitle,companyName") -Method Get -ContentType "Application/json").value
	return $UserResult