< Back
New-MgaAccessToken
Post
NAME New-MgaAccessToken
SYNOPSIS
Creates an access token for contacting the specified application endpoint
SYNTAX
New-MgaAccessToken [-ClientId <Guid>] [-RedirectUrl <String>] [-ShowLoginWindow] [-IdentityPlatformVersion
<String>] [-Permission <String[]>] [-ResourceUri <String>] [-Tenant <String>] [-Register] [-PassThru]
[<CommonParameters>]
New-MgaAccessToken [-Credential <PSCredential>] [-ClientId <Guid>] [-RedirectUrl <String>]
[-IdentityPlatformVersion <String>] [-Permission <String[]>] [-ResourceUri <String>] [-Tenant <String>]
[-Register] [-PassThru] [<CommonParameters>]
DESCRIPTION
Creates an access token for contacting the specified application endpoint
PARAMETERS
-Credential <PSCredential>
The credentials to use to authenticate the request.
Using this avoids the need to visually interact with the logon screen.
Only works for accounts that have once logged in visually, but can be used from any machine.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ClientId <Guid>
The ID of the client to connect with.
This is the ID of the registered application.
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName MSGraph.Tenant.Application.ClientID -NotNull)
Accept pipeline input? false
Accept wildcard characters? false
-RedirectUrl <String>
Some weird vodoo. Leave it as it is, unless you know better
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName MSGraph.Tenant.Application.RedirectUrl -Fallback
"urn:ietf:wg:oauth:2.0:oob")
Accept pipeline input? false
Accept wildcard characters? false
-ShowLoginWindow [<SwitchParameter>]
Force to show login window with account selection again.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-IdentityPlatformVersion <String>
Specifies the endpoint version of the logon platform (Microsoft identity platform) where to connect for logon.
Use 2.0 if you want to login with a Microsoft Account.
For more information goto
https://docs.microsoft.com/en-us/azure/ ... y-platform
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName
MSGraph.Tenant.Authentiation.IdentityPlatformVersion -Fallback '2.0')
Accept pipeline input? false
Accept wildcard characters? false
-Permission <String[]>
Only applies if IdentityPlatformVersion version 2.0 is used.
Specify the requested permission in the token.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourceUri <String>
The App ID URI of the target web API (secured resource).
It may be https://graph.microsoft.com
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName MSGraph.Tenant.ApiConnection -Fallback
'https://graph.microsoft.com')
Accept pipeline input? false
Accept wildcard characters? false
-Tenant <String>
The entry point to sign into.
The allowed values are common, organizations, consumers.
Required? false
Position? named
Default value common
Accept pipeline input? false
Accept wildcard characters? false
-Register [<SwitchParameter>]
Registers the token, so all subsequent calls to Exchange Online reuse it by default.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Outputs the token to the console, even when the register switch is set
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-MgaAccessToken -Register
For best usage and convinience, mostly, this is what you want to use.
Requires an interactive session with a user handling the web UI.
For addition the aquired token will be registered in the module as default value to use with all the commands.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$token = New-MgaAccessToken
Requires an interactive session with a user handling the web UI.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$token = New-MgaAccessToken -Credential $cred
Generates a token with the credentials specified in $cred.
This is not supported for personal accounts (Micrsoft Accounts).
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>New-MgaAccessToken -Register -ShowLoginWindow -ClientId '4a6acbac-d325-47a3-b59b-d2e9e05a37c1' -RedirectUrl
'urn:ietf:wg:oauth:2.0:oob' -IdentityPlatformVersion '2.0'
Requires an interactive session with a user handling the web UI.
Always prompt for account selection windows.
Connecting against Azure Application with ID '4a6acbac-d325-47a3-b59b-d2e9e05a37c1'.
Specifies RedirectUrl 'urn:ietf:wg:oauth:2.0:oob' (default value for interactive apps).
Use Authentication Plattform 1.0, which only allows AzureAD business accounts to logon.
RELATED LINKS
SYNOPSIS
Creates an access token for contacting the specified application endpoint
SYNTAX
New-MgaAccessToken [-ClientId <Guid>] [-RedirectUrl <String>] [-ShowLoginWindow] [-IdentityPlatformVersion
<String>] [-Permission <String[]>] [-ResourceUri <String>] [-Tenant <String>] [-Register] [-PassThru]
[<CommonParameters>]
New-MgaAccessToken [-Credential <PSCredential>] [-ClientId <Guid>] [-RedirectUrl <String>]
[-IdentityPlatformVersion <String>] [-Permission <String[]>] [-ResourceUri <String>] [-Tenant <String>]
[-Register] [-PassThru] [<CommonParameters>]
DESCRIPTION
Creates an access token for contacting the specified application endpoint
PARAMETERS
-Credential <PSCredential>
The credentials to use to authenticate the request.
Using this avoids the need to visually interact with the logon screen.
Only works for accounts that have once logged in visually, but can be used from any machine.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ClientId <Guid>
The ID of the client to connect with.
This is the ID of the registered application.
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName MSGraph.Tenant.Application.ClientID -NotNull)
Accept pipeline input? false
Accept wildcard characters? false
-RedirectUrl <String>
Some weird vodoo. Leave it as it is, unless you know better
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName MSGraph.Tenant.Application.RedirectUrl -Fallback
"urn:ietf:wg:oauth:2.0:oob")
Accept pipeline input? false
Accept wildcard characters? false
-ShowLoginWindow [<SwitchParameter>]
Force to show login window with account selection again.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-IdentityPlatformVersion <String>
Specifies the endpoint version of the logon platform (Microsoft identity platform) where to connect for logon.
Use 2.0 if you want to login with a Microsoft Account.
For more information goto
https://docs.microsoft.com/en-us/azure/ ... y-platform
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName
MSGraph.Tenant.Authentiation.IdentityPlatformVersion -Fallback '2.0')
Accept pipeline input? false
Accept wildcard characters? false
-Permission <String[]>
Only applies if IdentityPlatformVersion version 2.0 is used.
Specify the requested permission in the token.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourceUri <String>
The App ID URI of the target web API (secured resource).
It may be https://graph.microsoft.com
Required? false
Position? named
Default value (Get-PSFConfigValue -FullName MSGraph.Tenant.ApiConnection -Fallback
'https://graph.microsoft.com')
Accept pipeline input? false
Accept wildcard characters? false
-Tenant <String>
The entry point to sign into.
The allowed values are common, organizations, consumers.
Required? false
Position? named
Default value common
Accept pipeline input? false
Accept wildcard characters? false
-Register [<SwitchParameter>]
Registers the token, so all subsequent calls to Exchange Online reuse it by default.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Outputs the token to the console, even when the register switch is set
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-MgaAccessToken -Register
For best usage and convinience, mostly, this is what you want to use.
Requires an interactive session with a user handling the web UI.
For addition the aquired token will be registered in the module as default value to use with all the commands.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$token = New-MgaAccessToken
Requires an interactive session with a user handling the web UI.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$token = New-MgaAccessToken -Credential $cred
Generates a token with the credentials specified in $cred.
This is not supported for personal accounts (Micrsoft Accounts).
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>New-MgaAccessToken -Register -ShowLoginWindow -ClientId '4a6acbac-d325-47a3-b59b-d2e9e05a37c1' -RedirectUrl
'urn:ietf:wg:oauth:2.0:oob' -IdentityPlatformVersion '2.0'
Requires an interactive session with a user handling the web UI.
Always prompt for account selection windows.
Connecting against Azure Application with ID '4a6acbac-d325-47a3-b59b-d2e9e05a37c1'.
Specifies RedirectUrl 'urn:ietf:wg:oauth:2.0:oob' (default value for interactive apps).
Use Authentication Plattform 1.0, which only allows AzureAD business accounts to logon.
RELATED LINKS