Testing PSMSALNet because MSAL.PS has been archived
Hi All,
Recently i have learned that the MSAL.PS PowerShell Module has been archived.
- GitHub MSAL.PS
- GitHub PSMSALNet Module
- PowerShell Gallery https://www.powershellgallery.com/packages/PSMSALNet
I am using the new PSResourceGet here instead of the PowerShellGet commands.
Find the PSMSALNet PowerShell Module in the PowerShell Gallery.
Import-Module Microsoft.PowerShell.PSResourceGet
Find-PSResource PSMSALNet
Install the Module
Install-PSResource PSMSALNet -Scope AllUsers
Get-InstalledPSResource PSMSALNet -Scope AllUsers
List all Commands of the Module
Get-Command -Module PSMSALNet
Here i declare the Variables that are used in all Scripts
###############################################################################
# Setting up Variables
###############################################################################
Import-Module PSMSALNet
$TenantId = "46bbad84-29f0-4e03-8d34-f6841a5071ad"
$AppID = "c1a5903b-cd73-48fe-ac1f-e71bde968412"
$RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"
Authenticate with AppID and ClientSecret. One thing i don’t like here is that the ClientSecret is passed in Cleartext an not within a SecureString Variable.
###############################################################################
# Authenticate with ClientSecret
###############################################################################
$ClientSecret = "PaZ8Q~-TE92.52FpvTUSXjfUgWUBEOGpud14kbuK"
$HashArguments = @{
ClientId = $AppID
ClientSecret = $ClientSecret
TenantId = $TenantId
Resource = "GraphAPI"
}
$Token = Get-EntraToken -ClientCredentialFlowWithSecret @HashArguments
$AccessToken = $Token.AccessToken
#$AccessToken
Get-JWTDetails -token $AccessToken
Authenticate with AppID and a Certificate
###############################################################################
# Authenticate with Certificate
###############################################################################
$CertificateThumbprint = "07EFF3918F47995EB53B91848F69B5C0E78622FD" #O365Powershell3.cer
$Certificate = Get-ChildItem -Path cert:\CurrentUser\my\$CertificateThumbprint
$HashArguments = @{
ClientId = $AppID
ClientCertificate = $Certificate
TenantId = $TenantId
Resource = "GraphAPI"
}
$Token = Get-EntraToken -ClientCredentialFlowWithCertificate @HashArguments
$AccessToken = $Token.AccessToken
#$AccessToken
Get-JWTDetails -token $AccessToken
Authenticate via DeviceCode
###############################################################################
# DeviceCode
###############################################################################
$HashArguments = @{
ClientId = $AppID
TenantId = $TenantId
Resource = "GraphAPI"
Permissions = @("Mail.ReadWrite", "Mail.Send", "Calendars.ReadWrite", "Contacts.ReadWrite", "Tasks.ReadWrite")
verbose = $true
}
$Token = Get-EntraToken -DeviceCodeFlow @HashArguments
$AccessToken = $Token.AccessToken
#$AccessToken
Get-JWTDetails -token $AccessToken
Authenticate with Authorization code with PKCE
###############################################################################
# Authorization code with PKCE
###############################################################################
$RedirectUri = "http://localhost"
$HashArguments = @{
ClientId = $AppID
TenantId = $TenantId
RedirectUri = $RedirectUri
Resource = 'GraphAPI'
Permissions = @("Mail.ReadWrite", "Mail.Send", "Calendars.ReadWrite", "Contacts.ReadWrite", "Tasks.ReadWrite")
verbose = $false
}
$Token = Get-EntraToken -PublicAuthorizationCodeFlow @HashArguments
$AccessToken = $Token.AccessToken
#$AccessToken
Get-JWTDetails -token $AccessToken
I’ve updated the Scripts with MSAL.PS on my GitHub Repo
Regards
Andres Bohren