CODEWITHSUNDEEP
powershellazureazure-ad-graph-api
Brandon McClure
Brandon McClure

Reputation: 1390

Authenticate to Microsoft Graph api using powershell

*Update - Hacking away this afternoon and I discovered that I was trying to authenticate using ADAL authentication when I should be using MSAL. I changed my approach to use MSAL, and have been successful, but this question still stands for ADAL auth.

I have been having a difficult time being able to authenticate with the graph API using powershell. My end goal is to be able to query some of my OneNote pages, and I am able to use the graph explorer to authenticate using my personal Microsoft account.

I have been following this blog, and this more recent one.

I registered my app at https://apps.dev.microsoft.com and I have a application ID which I have plugged into the PS script as the $clientID and when I run the script I get an error: Method invocation failed because [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext] does not contain a method named 'AcquireToken'.

Looking at the .net documentation for the Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext class there is no method named AcquireToken, but there are a few similarly named ones, although I cannot figure out which one I need to use. Ideally I would like my script to prompt the user for their credentials similar to how the AzureRM module's Login-AzureRmAccount function does. If that is not possible than I could use guidance on how to rework the code below to use Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenASync

function Get-AuthToken
{

     param
         (
         [Parameter(Mandatory=$true)]
         $TenantName
         )
     Import-Module Azure
     $clientId = "00d16af4-d0c7-460a-a9dc-fd350eb4b100" 
     $redirectUri = "urn:ietf:wg:oauth:2.0:oob"
     $resourceAppIdURI = "https://graph.microsoft.com"
     $authority = "https://login.microsoftonline.com/$TenantName"
     $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$Credential = Get-Credential
     $AADCredential = New-Object   "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList   $credential.UserName,$credential.Password
     $authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId,$AADCredential)
     return $authResult

 }
 Get-AuthToken -TenantName "common"

Upvotes: 4

Views: 4235

Answers (1)

Brandon McClure
Brandon McClure

Reputation: 1390

I believe for ADAL you would pass a value from [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior] into the AcquireTokenASync method in addition to the clientID, my apps' redirect URI, and the resource id "https://graph.microsoft.com". This code prompts me for credentials, but because I am not using Azure AD I can't get pass that point. 

function Get-AuthToken{
    param([Parameter(Mandatory=$true)] $TenantName)

    $clientId = "00d16af4-d0c7-460a-a9dc-fd350eb4b100" 
    $redirectUri = "urn:ietf:wg:oauth:2.0:oob"
    $resourceAppIdURI = "https://graph.microsoft.com"
    $authority = "https://login.microsoftonline.com/$TenantName"
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
    $promptBehaviour = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto
    $authParam = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList $promptBehaviour
    $authenticationTask = $authContext.AcquireTokenASync($resourceAppIdURI, $clientId,$redirectUri,$authParam)
    $authenticationTask.Wait()
    $authenticationResult = $authenticationTask.Result
    return $authResult
}

Get-AuthToken -TenantName "common"

For MSAL I found the MSAL.PS module's Get-MSALToken function which prompted me and returned a valid token that I could use. 

Get-MSALToken -Scopes "Notes.Read" -ClientId "00d16af4-d0c7-460a-a9dc-fd350eb4b100" -RedirectUri "urn:ietf:wg:oauth:2.0:oob"

Upvotes: 4

Related Questions