Capturing in script device code from interactive session for ExchangeOnline
We're trying to update several systems running soon to be deprecated code. These systems run powershell scripts in our backend servers on behalf of users that interact with a front-end interface. The scripts help configure the user's Exchange environment. We are using the interactive authentication process by capturing the URL for the MS device login window (https://microsoft.com/devicelogin) and the device code. To do this we are currently using the following (soon to be deprecated code!) ...
$DeviceCodeRequestParams = @{
Method = 'POST'
Uri = "https://login.microsoftonline.com/$customerDomainName/oauth2/devicecode"
Body = @{
client_id = 'a0c73c16-a7e3-4564-9a95-2bdf47383716'
scopes = 'https://outlook.office365.com/.default'
}
}
$DeviceCodeRequest = Invoke-RestMethod @DeviceCodeRequestParams -ev err -ErrorAction SilentlyContinue -SkipCertificateCheck
if (-not [string]::IsNullOrEmpty($err)) {
ExitWithResult "Account error $($err)" 400
}
# Send back authentication code. Client should look for exit_code 102 & auth payload
$result['auth_code'] = $DeviceCodeRequest.user_code
$result['auth_url'] = $DeviceCodeRequest.verification_url
We then send the usercode to the user via our front end so that it can be used in the verification url.
In looking to update this code we were trying to use: Connect-ExchangeOnline -Device
But we are unable to capture the output ...
powershell PS /home/alex> Connect-ExchangeOnline -UserPrincipalName $user -Device
To sign in, use a web browser to open the page https://microsoft.com/devicelogin
and enter the code CGU524ARJ to authenticate.
... much less in a structured way. We tried output redirecting, assigning to a variable, etc. Any idea how we might replace what we were able to do with the legacy code with newer commands?
Thank you in advance!