Create application access token and authorization header
Use case
API Authentication
Build authorization header via PowerShell script
Function Build-AzureADApplicationAccessHeader(){
param(
$tenantid,
$clientid,
$clientSecret,
$refreshtoken
)
$authenticationurl = "https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token"
if($refreshtoken -and $tenantId){
$tokenBodySource = @{
grant_type = "refresh_token"
scope = "https://graph.microsoft.com/.default"
refresh_token = $refreshtoken
}
}
elseif($tenantId -and $clientid -and $clientSecret){
$tokenBodySource = @{
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
client_id = $clientid
client_secret = "$clientSecret"
}
}
else{
Write-Error "Authorization not successful. Not enough information provided."
}
while ([string]::IsNullOrEmpty($AuthResponse.access_token)) {
$AuthResponse = try {
Invoke-RestMethod -Method POST -Uri $authenticationurl -Body $tokenBodySource
}
catch {
$ErrorAuthResponse = $_.ErrorDetails.Message | ConvertFrom-Json
if ($ErrorAuthResponse.error -ne "authorization_pending") {
Write-Error "Authorization not successful. Error while posting body source: $($ErrorAuthResponse.error)"
throw
}
}
}
if($AuthResponse.token_type -and $AuthResponse.access_token){
$global:AzureAdAccessToken = "$($AuthResponse.token_type) $($AuthResponse.access_token)"
$global:Header = @{
"Authorization" = "$global:AzureAdAccessToken"
}
Write-Output "Authorization successful! Token saved in varable."
}
else{
Write-Error "Authorization not successful. Not enough information provided."
}
}
# Authorization Header with ClientId & ClientSecret
$tenantId=""
$ClientId=""
$ClientSecret=""
Build-AzureADApplicationAccessHeader -tenantid $tenantid -clientid $clientid -clientSecret $clientSecret
# Authorization Header with refresh_token
$tenantId=""
$refreshtoken=""
Build-AzureADApplicationAccessHeader -tenantid $tenantid -refreshtoken $refreshtoken
Get Bearer Token via PowerShell script
function Get-AzureADApplicationAccessToken {
param(
$tenantid,
$clientid,
$clientSecret,
$refreshtoken
)
$authenticationurl = "https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token"
if($refreshtoken -and $tenantId){
$tokenBodySource = @{
grant_type = "refresh_token"
scope = "https://graph.microsoft.com/.default"
refresh_token = $refreshtoken
}
}
elseif($tenantId -and $clientid -and $clientSecret){
$tokenBodySource = @{
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
client_id = $clientid
client_secret = "$clientSecret"
}
}
else{
Write-Error "Authorization not successful. Not enough information provided."
}
while ([string]::IsNullOrEmpty($AuthResponse.access_token)) {
$AuthResponse = try {
Invoke-RestMethod -Method POST -Uri $authenticationurl -Body $tokenBodySource
}
catch {
$ErrorAuthResponse = $_.ErrorDetails.Message | ConvertFrom-Json
if ($ErrorAuthResponse.error -ne "authorization_pending") {
Write-Error "Authorization not successful. Error while posting body source: $($ErrorAuthResponse.error)"
}
}
}
if($AuthResponse.token_type -and $AuthResponse.access_token){
$global:AzureAdAccessToken = "$($AuthResponse.token_type) $($AuthResponse.access_token)"
Write-Output "Authorization successful! Token saved in varable."
}
else{
Write-Error "Authorization not successful. Not enough information provided."
}
}
$tenantId=""
$ClientId=""
$ClientSecret=""
Get-AzureADApplicationAccessToken -tenantid $tenantid -clientid $clientid -clientSecret $clientSecret
