Hi there,
I'm trying to build a powershell runbook in Azure automation which will make calls to Graph API and especially on intune.
To be able to do that I need of course to get a bearer token, but I tried several way to get it without any succes.
I tried by posting this request to https://login.microsoftonline.com/sartorius.com/oauth2/v2.0/token :
$graphTokenRequestBody = @{
"scope" = "https://graph.microsoft.com/.default";
"grant_type" = "password";
"client_id" = "xxxx-xxxx-....";
"client_secret" = "yyyyyyyyyyy";
"username" = "myAcount";
"password" = "myPassword";
}
But I get "AADSTS50126: Error validating credentials due to invalid username or password." error which is apparently related to ADFS which we use in my company.
I also tried to call ADAL library in my script with this kind of call (and few variants) :
*$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"
$userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId")
$AADCredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $Credentials
$authenticationResult = $authContext.AcquireTokenSilentAsync($resourceAppIdURI, $clientId, $userId, $platformParameters).GetAwaiter().Result;
$token = $authenticationResult.AccessToken*
But then my authenticationResult is always empty.
And I also tried to use the Run as account (according to this https://medium.com/@createdincode/making-azure-management-api-calls-with-azure-automation-runbooks-745c5ba541ee) this way :
$connection = Get-AutomationConnection -Name AzureRunAsConnection
$loginresults=Login-AzureRmAccount -ServicePrincipal -Tenant $connection.TenantID -ApplicationId $connection.ApplicationID -CertificateThumbprint $connection.CertificateThumbprint
$context = Get-AzureRmContext
$SubscriptionId = $context.Subscription
$cache = $context.TokenCache
$cacheItem = $cache.ReadItems()
$AccessToken=$cacheItem[$cacheItem.Count -1].AccessToken
$resourceGroup="MyResourceGroup"
$headerParams = @{'Authorization'="Bearer $AccessToken"}
$url="https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Compute/virtualMachines?api-version=2018-06-01"
$results=Invoke-RestMethod -Uri $url -Headers $headerParams -Method Get
Write-Output $results.value
But in this case it tells me that there is no TokenCache property in my context.
And finally I also tried with a custom PS module from this blog https://msendpointmgr.com/2018/02/26/getting-started-with-microsoft-intune-and-azure-automation/ but It either fail in finding AzureAD mode or when I tweak it I still get an empty response.
So now I'm out of ideas.
Do anyone now how could I get this bearer token from my runbook ?
Thanks by advance