Hi @Hil Did you find a way to do that? I'm trying to salve this issue for the last week without success.
Invoke-WebRequest to get access token
Hi,
The problem is similar to https://learn.microsoft.com/en-us/answers/questions/290269/invoke-webrequest-to-get-access-token-for-system-a.html answered by @shiva patpi
I am able to login to the Microsoft site (portal) and get the Access Token. It works fine although this involves manual interaction for entering login /password:
#****** Working Code - Manual Interaction **********
$configRest = Invoke-RestMethod -Uri "https://cqd.teams.microsoft.com/repository/clientconfiguration" -Method Get -SessionVariable WebSession -UserAgent "CQDPowerShell V2.0"
$WebResource = $configRest.AuthLoginResource
$client_id = $configRest.AuthWebAppClientId
$CQDUri = "https://cqd.teams.microsoft.com/spd/"
$V3Token = $true
Add-Type -AssemblyName System.Web
$resourceUrl = $WebResource
$redirectUrl = $CQDUri
$nonce = [guid]::NewGuid().GUID
$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&redirect_uri=" +
[System.Web.HttpUtility]::UrlEncode($redirectUrl) +
"&client_id=$client_id" +
"&prompt=login" + "&nonce=$nonce" + "&resource=" + [System.Web.HttpUtility]::UrlEncode($WebResource)
Add-Type -AssemblyName System.Windows.Forms
$form = New-Object -TypeName System.Windows.Forms.Form -Property @{ Width = 440; Height = 640 }
$web = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{ Width = 420; Height = 600; Url = ($url) }
$DocComp = {
$Global:uri = $web.Url.AbsoluteUri
if ($Global:Uri -match "error=[^&]*|access_token=[^&]*") { $form.Close() }
}
$web.ScriptErrorsSuppressed = $true
$web.Add_DocumentCompleted($DocComp)
$form.Controls.Add($web)
$form.Add_Shown({ $form.Activate() })
$form.ShowDialog() | Out-Null
$Script:Token = [Web.HttpUtility]::ParseQueryString(($web.Url -replace '^.*?(access_token.+)$','$1'))['access_token']
$AADBearerToken = ('Bearer {0}' -f $Script:Token)
$AADBearerToken
Can I get the access token ( $AADBearerToken) a different way so that there is no manual interaction?
I tried passing credentials to Invoke-WebRequest (Similar issue to https://learn.microsoft.com/en-us/answers/questions/290269/invoke-webrequest-to-get-access-token-for-system-a.html), but this did not get the token (in $response.content). What else do I need to add to this code to get the token?
$AdminName = "r987327"
$Pass = Get-Content "encrypted_pass.txt" | ConvertTo-SecureString
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Pass
$configRest = Invoke-RestMethod -Uri "https://cqd.teams.microsoft.com/repository/clientconfiguration" -Method Get -SessionVariable WebSession -UserAgent "CQDPowerShell V2.0"
$WebResource = $configRest.AuthLoginResource
$client_id = $configRest.AuthWebAppClientId
Add-Type -AssemblyName System.Web
$resourceUrl = $WebResource
$redirectUrl = "https://cqd.teams.microsoft.com/spd/"
$nonce = [guid]::NewGuid().GUID
$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&redirect_uri=" + [System.Web.HttpUtility]::UrlEncode($redirectUrl) + "&client_id=$client_id" + "&prompt=login" + "&nonce=$nonce" + "&resource=" + [System.Web.HttpUtility]::UrlEncode($WebResource)
$response = Invoke-WebRequest -Uri $url -Method GET -Headers @{Metadata="true"} -Credential $cred