Invoke-WebRequest to get access token

Hil 106 Reputation points
2021-07-27T15:38:31.293+00:00

Hi,

The problem is similar to https://learn.microsoft.com/en-us/answers/questions/290269/invoke-webrequest-to-get-access-token-for-system-a.html answered by @shiva patpi

I am able to login to the Microsoft site (portal) and get the Access Token. It works fine although this involves manual interaction for entering login /password:

#****** Working Code - Manual Interaction **********  
$configRest = Invoke-RestMethod -Uri "https://cqd.teams.microsoft.com/repository/clientconfiguration" -Method Get -SessionVariable WebSession -UserAgent "CQDPowerShell V2.0"  
$WebResource = $configRest.AuthLoginResource  
$client_id = $configRest.AuthWebAppClientId  
$CQDUri = "https://cqd.teams.microsoft.com/spd/"  
$V3Token = $true  
Add-Type -AssemblyName System.Web  
$resourceUrl = $WebResource  
$redirectUrl = $CQDUri  
$nonce = [guid]::NewGuid().GUID  
$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&redirect_uri=" +  
[System.Web.HttpUtility]::UrlEncode($redirectUrl) +  
"&client_id=$client_id" +  
"&prompt=login" + "&nonce=$nonce" + "&resource=" + [System.Web.HttpUtility]::UrlEncode($WebResource)  
Add-Type -AssemblyName System.Windows.Forms  
$form = New-Object -TypeName System.Windows.Forms.Form -Property @{ Width = 440; Height = 640 }  
$web = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{ Width = 420; Height = 600; Url = ($url) }  
$DocComp = {  
  $Global:uri = $web.Url.AbsoluteUri  
  if ($Global:Uri -match "error=[^&]*|access_token=[^&]*") { $form.Close() }  
  }  
$web.ScriptErrorsSuppressed = $true  
$web.Add_DocumentCompleted($DocComp)  
$form.Controls.Add($web)  
$form.Add_Shown({ $form.Activate() })  
$form.ShowDialog() | Out-Null  
$Script:Token = [Web.HttpUtility]::ParseQueryString(($web.Url -replace '^.*?(access_token.+)$','$1'))['access_token']  
$AADBearerToken = ('Bearer {0}' -f $Script:Token)  
$AADBearerToken  

Can I get the access token ( $AADBearerToken) a different way so that there is no manual interaction?
I tried passing credentials to Invoke-WebRequest (Similar issue to https://learn.microsoft.com/en-us/answers/questions/290269/invoke-webrequest-to-get-access-token-for-system-a.html), but this did not get the token (in $response.content). What else do I need to add to this code to get the token?

$AdminName = "r987327"  
$Pass = Get-Content "encrypted_pass.txt" | ConvertTo-SecureString  
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Pass  
$configRest = Invoke-RestMethod -Uri "https://cqd.teams.microsoft.com/repository/clientconfiguration" -Method Get -SessionVariable WebSession -UserAgent "CQDPowerShell V2.0"  
$WebResource = $configRest.AuthLoginResource  
$client_id = $configRest.AuthWebAppClientId  
Add-Type -AssemblyName System.Web  
$resourceUrl = $WebResource  
$redirectUrl = "https://cqd.teams.microsoft.com/spd/"  
$nonce = [guid]::NewGuid().GUID  
$url = "https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&redirect_uri=" + [System.Web.HttpUtility]::UrlEncode($redirectUrl) + "&client_id=$client_id" + "&prompt=login" + "&nonce=$nonce" + "&resource=" + [System.Web.HttpUtility]::UrlEncode($WebResource)  
$response = Invoke-WebRequest -Uri $url -Method GET -Headers @{Metadata="true"}  -Credential $cred  
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,401 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,576 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Javier Trujillo Lopez 1 Reputation point
    2021-08-04T16:55:26.067+00:00

    Hi @Hil Did you find a way to do that? I'm trying to salve this issue for the last week without success.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.