Can someone validate my thinking here?
If I wanted to make Application server calls after obtaining a token from Azure, I should be able to use this PowerShell function, right?
<# Code disclaimer - Do not trust this. If you don't understand what I wrote, and why I made those choices, don't just copy and paste. This stuff matters. #> $AppServer = Read-host 'What is the One Identity APP server URL?' $AzureTenant = Read-Host 'What is the azure tenant ID?' $tokenUri = "https://login.microsoftonline.com/$AzureTenant/oauth2/v2.0/token" #Obtain Client ID and Secret from user for testing $ClientCreds = Get-Credential -Message "Enter Client ID and Secret for $AppServer" #Obtain Username and password for Azure AD user with access to application $UserCreds = Get-Credential -Message "Enter username and password for Azure AD Authentication" $Username = $UserCreds.UserName $Password = $UserCreds.GetNetworkCredential().Password $ClientID = $ClientCreds.UserName $ClientSecret = $ClientCreds.GetNetworkCredential().Password function Connect-AzureDirect { param( [parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [String]$tokenUri, [parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [String]$Username, [parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [String]$Password, [parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [String]$ClientID, [parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [String]$ClientSecret ) $headers = @{"Accept" = "application/json"; "Content-Type" = "application/json"} $body = @{ 'grant_type'='password'; 'scope'=".default"; 'client_id'=$ClientID; 'client_secret'=$ClientSecret; 'Username' = $Username; 'Password' = $Password } $tokens = Invoke-RestMethod -Uri "$tokenUri" -Method POST -Body $body return $tokens } $AzureToken = Connect-AzureDirect -tokenUri $tokenUri -Username $Username -Password $Password -ClientID $ClientID -ClientSecret $ClientSecret $headers = @{Accept="application/json";Authorization="Bearer $($AzureToken.access_token)"} $queryObject = Invoke-RestMethod -Uri $($AppServer + "api/entities/Person/count") -Method GET -ContentType application/json -Headers $headers