• State Not Answered
  • Replies 0 replies
  • Subscribers 93 subscribers
  • Views 73 views
  • Users 0 members are here
Options
Related

OAuth PowerShell One Identity App server call

jkangas
1 month ago

Can someone validate my thinking here?

If I wanted to make Application server calls after obtaining a token from Azure, I should be able to use this PowerShell function, right?

<# Code disclaimer - Do not trust this. If you don't understand what I wrote, and why I made those choices, don't just copy and paste. This stuff matters. #>

$AppServer = Read-host 'What is the One Identity APP server URL?'

$AzureTenant = Read-Host 'What is the azure tenant ID?'
$tokenUri = "https://login.microsoftonline.com/$AzureTenant/oauth2/v2.0/token" 

#Obtain Client ID and Secret from user for testing
$ClientCreds = Get-Credential -Message "Enter Client ID and Secret for $AppServer"

#Obtain Username and password for Azure AD user with access to application
$UserCreds = Get-Credential -Message "Enter username and password for Azure AD Authentication"

$Username = $UserCreds.UserName
$Password = $UserCreds.GetNetworkCredential().Password
$ClientID = $ClientCreds.UserName
$ClientSecret = $ClientCreds.GetNetworkCredential().Password

function Connect-AzureDirect {
	param(
		[parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
		[ValidateNotNullOrEmpty()]
		[String]$tokenUri,

		[parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
		[ValidateNotNullOrEmpty()]
		[String]$Username,

		[parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
		[ValidateNotNullOrEmpty()]
		[String]$Password,
					
		[parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
		[ValidateNotNullOrEmpty()]
		[String]$ClientID,				
				
		[parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
		[ValidateNotNullOrEmpty()]
		[String]$ClientSecret				
				
	)
            
		$headers = @{"Accept" = "application/json"; "Content-Type" = "application/json"}
		$body = @{
				'grant_type'='password';
                'scope'=".default";
				'client_id'=$ClientID;
				'client_secret'=$ClientSecret;
                'Username' = $Username;
                'Password' = $Password
			}

		$tokens = Invoke-RestMethod -Uri "$tokenUri" -Method POST -Body $body 
        return $tokens
}


$AzureToken = Connect-AzureDirect -tokenUri $tokenUri -Username $Username -Password $Password -ClientID $ClientID -ClientSecret $ClientSecret

$headers = @{Accept="application/json";Authorization="Bearer $($AzureToken.access_token)"}
$queryObject = Invoke-RestMethod -Uri $($AppServer + "api/entities/Person/count") -Method GET -ContentType application/json -Headers $headers