-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path1. client_secrets.ps1
55 lines (44 loc) · 2.22 KB
/
1. client_secrets.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Install-Module MSAL.PS
# Install-Module AzureAD
$appID = $script:proxyApp.appID
$secret = $script:proxyApp.secret
$sSecret = (ConvertTo-SecureString $secret -AsPlainText -Force)
$tenantID = $script:proxyApp.tenantId
######################
## MSAL ##
######################
Import-Module MSAL.PS
$msalToken = Get-MsalToken -ClientId $appID -ClientSecret $sSecret `
-TenantId $tenantID -Scope 'https://graph.microsoft.com/.default'
Write-Output "[+] Got token using MSAL and client secret: $($msalToken.AccessToken)"
######################
## ADAL ##
######################
if ($PSVersionTable.PSEdition -eq 'Core') {
Write-Error -Message "This does not work on .NET Core"
} else {
$aZADmodulePath = (Get-Module AzureAD -ListAvailable).ModuleBase
$azADdll = Join-Path -Path $aZADmodulePath -ChildPath "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
[void]([System.Reflection.Assembly]::LoadFrom($azADdll))
$authority = "https://login.microsoftonline.com/$($tenantID)"
$authContext = ([Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authority))
$clientCredential = New-Object -TypeName Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential `
-ArgumentList ($appId, $secret)
$authResult = $authContext.AcquireTokenAsync('https://graph.microsoft.com', $clientCredential)
$authResult.Wait()
$adalToken = $authResult.Result
Write-Output "[+] Got token using ADAL and client secret: $($adalToken.AccessToken)"
}
######################
## Using REST ##
######################
$uri = "https://login.microsoftonline.com/$($tenantID)/oauth2/v2.0/token"
$headers = @{'Content-Type' = 'application/x-www-form-urlencoded'}
$response = Invoke-RestMethod -Uri $uri -UseBasicParsing -Method POST -Headers $headers -Body ([ordered]@{
'client_id' = $appID
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $secret
'grant_type' = 'client_credentials'
})
$restToken = $response
Write-Output "[+] Got token using REST and client secret: $($restToken.access_token)"