watahani

# すべてのユーザーに一括して会社電話番号での MFA を設定する
Get-MsolUser -All | ForEach {
    $user = $_
    $mfa = $user.StrongAuthenticationMethod
    
    # MFA が何も設定されていない
    if (-not $mfa) {
        $twoWayOfficeDefaultTrue = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
        $twoWayOfficeDefaultTrue.MethodType = "TwoWayVoiceOffice"
        $twoWayOfficeDefaultTrue.IsDefault = $True

watahani

# debug purpose only. DO NOT USE THIS SAMPL for Production.

$clientId = 'e105c4b1-4dae-457b-a586-a7c0f8d7fb17'
$redirectUri='https://login.microsoftonline.com/tfp/oauth2/nativeclient'
$tenant = "wahaniyab2c"
$policy = "B2C_1A_Susi"
$authority = "https://${tenant}.b2clogin.com/${tenant}.onmicrosoft.com/"
$tokenEndpoint = $authority + "${policy}/oauth2/v2.0/token"

$scope = "openid https://wahaniyab2c.onmicrosoft.com/api/Hello.Read https://wahaniyab2c.onmicrosoft.com/api/user_impersonation offline_access"

watahani

# Use it for debugging purpose only. DO NOT USE THIS SAMPLE for Production.
$clientId = 'cfc03012-2187-4644-8da4-1202c392cad1'
$clientSecret = 'client_secret'
$redirectUri='https://watahani.github.io/aad-playapp/'
$tenantId = "whdv.onmicrosoft.com"
$authorizeEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize"
$tokenEndpont = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$scope = "openid https://graph.microsoft.com/.default offline_access"

$authparams = @{

watahani

function ConvertFrom-CodeVerifier {
    [OutputType([String])]
    param(
        [Parameter(Mandatory = $True, ValueFromPipeline = $True)]
        [String]$codeVerifier,
        [ValidateSet(
            "plain",
            "s256"
        )]$Method = "s256"
    )

watahani

if ($(Get-WindowsFeature -Name Web-Application-Proxy).Installed) {
    $hostName = (New-Object System.UriBuilder -ArgumentList (Get-WebApplicationProxyConfiguration).AdfsUrl).Host
    $currentCertHash = (Get-WebApplicationProxySslCertificate |  Where-Object { $_.HostName -eq $hostName } | Select-Object -First 1 ).CertificateHash
    $currentCert = Get-ChildItem cert:\localmachine\my | Where-Object { $_.Thumbprint -eq $currentCertHash }

    if ($currentCert.NotAfter -lt (Get-Date).AddDays(30)) {
        try {
            $cert = Get-ChildItem cert:\LocalMachine\My\ | Where-Object { $_.Subject -eq "CN=$hostName" } | Sort-Object -Property NotAfter -Descending | Select-Object -First 1 ;
            $certThumbprint = $cert.Thumbprint

watahani

using System;
using System.Net.Http;
using System.Threading.Tasks;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;

namespace console
{

watahani

JWT-Bearer for Azure AD

https://docs.microsoft.com/ja-jp/azure/active-directory/develop/active-directory-certificate-credentials

• client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
• client_assertion: eyJ...

Client Assertion

watahani

<!DOCTYPE html>
<html>
  <head>
  </head>
  <body>
    <div class="">
      <h1> Div id="api" があるパターン </h1>
      <div id="api"></div>
    </div>
  </body>

watahani

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>B2C JavaScript checker</title>
    <script>

      var f = function () {
        var d = document.getElementById("footer-test");

watahani

#!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
    ./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
import logging

class S(BaseHTTPRequestHandler):