Instantly share code, notes, and snippets.
Last active
May 19, 2020 03:59
-
Star
0
(0)
You must be signed in to star a gist -
Fork
0
(0)
You must be signed in to fork a gist
-
Save watahani/28ede94673c5d4e200cc1d94e6e948aa to your computer and use it in GitHub Desktop.
Azure AD B2C authorize code flow example for development purpose
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # debug purpose only. DO NOT USE THIS SAMPL for Production. | |
| $clientId = 'e105c4b1-4dae-457b-a586-a7c0f8d7fb17' | |
| $redirectUri='https://login.microsoftonline.com/tfp/oauth2/nativeclient' | |
| $tenant = "wahaniyab2c" | |
| $policy = "B2C_1A_Susi" | |
| $authority = "https://${tenant}.b2clogin.com/${tenant}.onmicrosoft.com/" | |
| $tokenEndpoint = $authority + "${policy}/oauth2/v2.0/token" | |
| $scope = "openid https://wahaniyab2c.onmicrosoft.com/api/Hello.Read https://wahaniyab2c.onmicrosoft.com/api/user_impersonation offline_access" | |
| $authorizeEndpoint = $authority + "oauth2/v2.0/authorize" | |
| $authparams = @{ | |
| p=$policy; | |
| client_id=$clientId; | |
| redirect_uri=$redirectUri; | |
| scope=$scope; | |
| nonce="defaultNonce" | |
| response_type="code" | |
| prompt="login" | |
| } | |
| $authqueries = [System.Web.HttpUtility]::ParseQueryString([String]::Empty) | |
| foreach($key in $authparams.Keys){ | |
| $authqueries[$key] = $authparams[$key] | |
| } | |
| $authurl = $authorizeEndpoint + "?" + $authqueries.ToString() | |
| $authurl | clip.exe | |
| Write-Host -ForegroundColor Yellow "Authorize Request URL cpied! Please past to browser and sign in!" | |
| Write-Host "authUrl: $authurl" | |
| $code=Read-Host "Enter Authorize Code" | |
| if(-not $code){ | |
| exit 1 | |
| } | |
| $postParams = @{ | |
| client_id = $clientId; | |
| # client_secret = $clientSecret; | |
| grant_type = 'authorization_code'; | |
| response_type="code"; | |
| scope = $scope; | |
| code = $code; | |
| redirect_uri= $redirectUri | |
| } | |
| $tokenResp = Invoke-WebRequest -Uri $tokenEndpoint -Method POST -ContentType 'application/x-www-form-urlencoded' -Body $postParams | |
| $body = $tokenResp | ConvertFrom-Json | |
| $refreshToken=$body.refresh_token | |
| Get-Date | |
| $jwt = Decode-JWT $body.id_token | |
| $jwt.claims | |
| Write-Host "========================================" | |
| $at = Decode-Jwt $body.access_token | |
| $at.claims | |
| Write-Host "========================================" | |
| for($i=0; $i -lt 10; $i ++){ | |
| Sleep 60 | |
| Get-Date | |
| $body = @{ | |
| client_id = $clientId; | |
| # client_secret = $clientSecret; | |
| redirect_uri = $redirectUri; | |
| grant_type= 'refresh_token'; | |
| refresh_token = $refreshToken; | |
| } | |
| $tokenResp = Invoke-WebRequest -Method POST -ContentType 'application/x-www-form-urlencoded'` -body $body $tokenEndpoint; | |
| $body = ConvertFrom-Json $tokenResp.Content ; | |
| $jwt = Decode-JWT $body.id_token | |
| $jwt.claims | |
| Write-Host "========================================" | |
| $at = Decode-Jwt $body.access_token | |
| $at.claims | |
| Write-Host "========================================" | |
| $refreshToken=$body.refresh_token | |
| } | |
| # https://gallery.technet.microsoft.com/JWT-Token-Decode-637cf001 | |
| function Convert-FromBase64StringWithNoPadding([string]$data) | |
| { | |
| $data = $data.Replace('-', '+').Replace('_', '/') | |
| switch ($data.Length % 4) | |
| { | |
| 0 { break } | |
| 2 { $data += '==' } | |
| 3 { $data += '=' } | |
| default { throw New-Object ArgumentException('data') } | |
| } | |
| return [System.Convert]::FromBase64String($data) | |
| } | |
| function Decode-JWT([string]$rawToken) | |
| { | |
| $parts = $rawToken.Split('.'); | |
| $headers = [System.Text.Encoding]::UTF8.GetString((Convert-FromBase64StringWithNoPadding $parts[0])) | |
| $claims = [System.Text.Encoding]::UTF8.GetString((Convert-FromBase64StringWithNoPadding $parts[1])) | |
| $signature = (Convert-FromBase64StringWithNoPadding $parts[2]) | |
| $customObject = [PSCustomObject]@{ | |
| headers = ($headers | ConvertFrom-Json) | |
| claims = ($claims | ConvertFrom-Json) | |
| signature = $signature | |
| } | |
| Write-Verbose -Message ("JWT`r`n.headers: {0}`r`n.claims: {1}`r`n.signature: {2}`r`n" -f $headers,$claims,[System.BitConverter]::ToString($signature)) | |
| return $customObject | |
| } | |
| function Get-JwtTokenData | |
| { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| # Param1 help description | |
| [Parameter(Mandatory=$true)] | |
| [string] $Token, | |
| [switch] $Recurse | |
| ) | |
| if ($Recurse) | |
| { | |
| $decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Token)) | |
| Write-Host("Token") -ForegroundColor Green | |
| Write-Host($decoded) | |
| $DecodedJwt = Decode-JWT -rawToken $decoded | |
| } | |
| else | |
| { | |
| $DecodedJwt = Decode-JWT -rawToken $Token | |
| } | |
| Write-Host("Token Values") -ForegroundColor Green | |
| Write-Host ($DecodedJwt | Select headers,claims | ConvertTo-Json) | |
| return $DecodedJwt | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment