< Back
Get-ProvAzureAuthContext
Post
NAME Get-ProvAzureAuthContext
SYNOPSIS
Make an HTTP POST request to a token service to obtain an access token.
SYNTAX
Get-ProvAzureAuthContext [-TenantId] <string> [-ClientCredential] <PSCredential> [-Resource <string>]
[<CommonParameters>]
Get-ProvAzureAuthContext [-TenantId] <string> [-UserCredential] <PSCredential> [-Resource <string>]
[<CommonParameters>]
Get-ProvAzureAuthContext [-TenantId] <string> [-OAuth2] <object> [-UserCredential] <PSCredential>
[<CommonParameters>]
DESCRIPTION
This cmdlet can authenticate to Azure and Dynamics 365 (ProvanceITSM) to get an OAuth2 token for further
processing with REST API requests.
It supports 3 different ways to authenticate.
1.) "Client Credential"
The input is a PS Credential object, consisting of ClientID (Azure AppId) and ClientKey(AppKey)
2.) "User Credential"
The input type is a PS Credential object, consisting of Username and Password
3.) "Refresh Token with User Credentials"
When the authentication mechanism is providing a refresh-token, this token can be used in junction with a
PSCredential user object to re-authenticate (does not work with an Appid/AppKey pair)
The Cmdlet generates a PSObject of the type Provance.Azure.Common.OAuth2 with all the properties from the access
token plus the TenantID, to be used in the header of API rest requests to query Azure or Dynamics CRM
PARAMETERS
-TenantId <string>
The GUID of the Azure Active Directory tenant as [GUID] Object. Find the tenant id in https://portal.azure.com
Required? true
Position? 0
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ClientCredential <PSCredential>
The client credential pair (AppID and AppKey) of a Azure AD App as [PSCredential] object
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-UserCredential <PSCredential>
The UserName/Password credential as [PSCredential] object
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OAuth2 <object>
The credential context, used only for refresh token
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Resource <string>
The resource to authenticate with. Defaults to "https://management.core.windows.net/".
When authenticating to a CRM instance, use i.e. "https://youritsminstance.dynamics.com/".
Required? false
Position? named
Default value https://management.core.windows.net/
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Provance.Azure.Common.OAuth2
---------- EXAMPLE 1 ----------
Authenticating with a PScredential object of an Appid/AppKey pair.
$token = Get-ProvAzureAuthContext -TenantId $TenantId -ClientCredential $ClientCred
Parameterset used is "Client Credential" and authentication happens against the default resource
"https://management.core.windows.net/"
First, define values for parameters in the correct type and create a PSCredential object, which you will use later
on in the command.
$tenantId = '86f73a5a-7e3d-4aa7-8f2d-20a69708fbc7'
$ClientId = '0000aaaa-11bb-22cc-33dd-fdcb12345678'
$ClientKey = 'aaaaaaaabbbbbbbbccccccccdddddddd33333333fffff='
$SecClientKey = ConvertTo-SecureString $ClientKey -AsPlainText -Force
$ClientCred = New-Object -TypeName PSCredential -ArgumentList $ClientId,$SecClientKey
$tenantID is the GUID of the Azure Active directory you are going to authenticate to.
$AppIdCred is generated from the AppID and AppKey strings
Then run the command to get the Authorization token, as shown above.
!! Note !! Never store passwords in plaintext in Scripts. Use Assets in Azure automation, Azure Keyvault or
store the Credential object as encrypted CliXML file on a local hard disk or network share
---------- EXAMPLE 2 ----------
Authenticating against Dynamics CRM with UserName and Password.
$token = Get-ProvAzureAuthContext -TenantId $CRMTenantId -UserCredential $CRMUser -Resource $crmUrl -Verbose
In this example, we use the Parameterset "User Credential". Authentication happens against a CRM Instance, stored
in $crmURL
First, define values for parameters in the correct type and create a PSCredential object, which you will use later
on in the command.
$CRMtenantid = '95a73f5f-7d3d-4bb7-8f2d-20a63708fea1'
$crmUrl = "https://itsm03.crm3.dynamics.com/"
$crmUser = "yourcrmuser@itsmnn.onmicrosoft.com"
$crmPsw = ConvertTo-SecureString -String "NEVERSTOREPASSWORDSINSCRIPTS" -AsPlainText -Force
$credCRM = New-Object -TypeName PSCredential -ArgumentList $crmU,$crmPsw
Then run the command to get the Authorization token, as shown above.
!! Note !! Never store passwords in plaintext in Scripts. Use Assets in Azure automation, Azure Keyvault or
store the credential object as encrypted CliXML on a local hard disk or network share
---------- EXAMPLE 3 ----------
In this example, we use the Parameterset "Oauth2 Refresh Token With User Credential". Authentication happens
against a CRM Instance, stored in $crmURL.
The difference to example 2 is that we additionally use a refresh token coming from the first authentication.
The refresh token is stored in the $token object from another authentication attempt.
$token = Get-ProvAzureAuthContext -TenantId $crmTenantId -OAuth2 $crmToken -UserCredential $credCRM -Resource
$crmUrl
In this example, we use the Parameterset "User Credential". Authentication happens against a CRM Instance, stored
in $crmURL
First, define values for parameters in the correct type and create a PSCredential object, which you will use later
on in the command.
$CRMtenantid = '95f73a5a-7e3d-4aa7-8f2d-20a69708fbd8'
$crmUrl = "https://itsm03.crm3.dynamics.com/"
$crmUser = "yourcrmuser@itsmnn.onmicrosoft.com"
$crmPsw = ConvertTo-SecureString -String "NEVERSTOREPASSWORDSINSCRIPTS" -AsPlainText -Force
$credCRM = New-Object -TypeName PSCredential -ArgumentList $crmU,$crmPsw
$OAuth2 = $crmtoken
Then run the command to get the Authorization token, as shown above.
!! Note !! Never store passwords in plaintext in Scripts. Use Assets in Azure automation, Azure Keyvault or
store the Credential object as encrypted CliXML on a local hard disk or network share
RELATED LINKS
Provance Technologies Inc. (http://provance.com)
Help (http://help.provance.com)
SYNOPSIS
Make an HTTP POST request to a token service to obtain an access token.
SYNTAX
Get-ProvAzureAuthContext [-TenantId] <string> [-ClientCredential] <PSCredential> [-Resource <string>]
[<CommonParameters>]
Get-ProvAzureAuthContext [-TenantId] <string> [-UserCredential] <PSCredential> [-Resource <string>]
[<CommonParameters>]
Get-ProvAzureAuthContext [-TenantId] <string> [-OAuth2] <object> [-UserCredential] <PSCredential>
[<CommonParameters>]
DESCRIPTION
This cmdlet can authenticate to Azure and Dynamics 365 (ProvanceITSM) to get an OAuth2 token for further
processing with REST API requests.
It supports 3 different ways to authenticate.
1.) "Client Credential"
The input is a PS Credential object, consisting of ClientID (Azure AppId) and ClientKey(AppKey)
2.) "User Credential"
The input type is a PS Credential object, consisting of Username and Password
3.) "Refresh Token with User Credentials"
When the authentication mechanism is providing a refresh-token, this token can be used in junction with a
PSCredential user object to re-authenticate (does not work with an Appid/AppKey pair)
The Cmdlet generates a PSObject of the type Provance.Azure.Common.OAuth2 with all the properties from the access
token plus the TenantID, to be used in the header of API rest requests to query Azure or Dynamics CRM
PARAMETERS
-TenantId <string>
The GUID of the Azure Active Directory tenant as [GUID] Object. Find the tenant id in https://portal.azure.com
Required? true
Position? 0
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ClientCredential <PSCredential>
The client credential pair (AppID and AppKey) of a Azure AD App as [PSCredential] object
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-UserCredential <PSCredential>
The UserName/Password credential as [PSCredential] object
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OAuth2 <object>
The credential context, used only for refresh token
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Resource <string>
The resource to authenticate with. Defaults to "https://management.core.windows.net/".
When authenticating to a CRM instance, use i.e. "https://youritsminstance.dynamics.com/".
Required? false
Position? named
Default value https://management.core.windows.net/
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Provance.Azure.Common.OAuth2
---------- EXAMPLE 1 ----------
Authenticating with a PScredential object of an Appid/AppKey pair.
$token = Get-ProvAzureAuthContext -TenantId $TenantId -ClientCredential $ClientCred
Parameterset used is "Client Credential" and authentication happens against the default resource
"https://management.core.windows.net/"
First, define values for parameters in the correct type and create a PSCredential object, which you will use later
on in the command.
$tenantId = '86f73a5a-7e3d-4aa7-8f2d-20a69708fbc7'
$ClientId = '0000aaaa-11bb-22cc-33dd-fdcb12345678'
$ClientKey = 'aaaaaaaabbbbbbbbccccccccdddddddd33333333fffff='
$SecClientKey = ConvertTo-SecureString $ClientKey -AsPlainText -Force
$ClientCred = New-Object -TypeName PSCredential -ArgumentList $ClientId,$SecClientKey
$tenantID is the GUID of the Azure Active directory you are going to authenticate to.
$AppIdCred is generated from the AppID and AppKey strings
Then run the command to get the Authorization token, as shown above.
!! Note !! Never store passwords in plaintext in Scripts. Use Assets in Azure automation, Azure Keyvault or
store the Credential object as encrypted CliXML file on a local hard disk or network share
---------- EXAMPLE 2 ----------
Authenticating against Dynamics CRM with UserName and Password.
$token = Get-ProvAzureAuthContext -TenantId $CRMTenantId -UserCredential $CRMUser -Resource $crmUrl -Verbose
In this example, we use the Parameterset "User Credential". Authentication happens against a CRM Instance, stored
in $crmURL
First, define values for parameters in the correct type and create a PSCredential object, which you will use later
on in the command.
$CRMtenantid = '95a73f5f-7d3d-4bb7-8f2d-20a63708fea1'
$crmUrl = "https://itsm03.crm3.dynamics.com/"
$crmUser = "yourcrmuser@itsmnn.onmicrosoft.com"
$crmPsw = ConvertTo-SecureString -String "NEVERSTOREPASSWORDSINSCRIPTS" -AsPlainText -Force
$credCRM = New-Object -TypeName PSCredential -ArgumentList $crmU,$crmPsw
Then run the command to get the Authorization token, as shown above.
!! Note !! Never store passwords in plaintext in Scripts. Use Assets in Azure automation, Azure Keyvault or
store the credential object as encrypted CliXML on a local hard disk or network share
---------- EXAMPLE 3 ----------
In this example, we use the Parameterset "Oauth2 Refresh Token With User Credential". Authentication happens
against a CRM Instance, stored in $crmURL.
The difference to example 2 is that we additionally use a refresh token coming from the first authentication.
The refresh token is stored in the $token object from another authentication attempt.
$token = Get-ProvAzureAuthContext -TenantId $crmTenantId -OAuth2 $crmToken -UserCredential $credCRM -Resource
$crmUrl
In this example, we use the Parameterset "User Credential". Authentication happens against a CRM Instance, stored
in $crmURL
First, define values for parameters in the correct type and create a PSCredential object, which you will use later
on in the command.
$CRMtenantid = '95f73a5a-7e3d-4aa7-8f2d-20a69708fbd8'
$crmUrl = "https://itsm03.crm3.dynamics.com/"
$crmUser = "yourcrmuser@itsmnn.onmicrosoft.com"
$crmPsw = ConvertTo-SecureString -String "NEVERSTOREPASSWORDSINSCRIPTS" -AsPlainText -Force
$credCRM = New-Object -TypeName PSCredential -ArgumentList $crmU,$crmPsw
$OAuth2 = $crmtoken
Then run the command to get the Authorization token, as shown above.
!! Note !! Never store passwords in plaintext in Scripts. Use Assets in Azure automation, Azure Keyvault or
store the Credential object as encrypted CliXML on a local hard disk or network share
RELATED LINKS
Provance Technologies Inc. (http://provance.com)
Help (http://help.provance.com)