From 60426dde83e2cb168c7e3a2c339d9a74e95b0ba1 Mon Sep 17 00:00:00 2001 From: Olli Janatuinen Date: Wed, 22 Feb 2023 13:27:14 +0100 Subject: [PATCH] Support usage without Azure AD app registration by impersonating as PnP Management Shell --- Get-MicrosoftTeamsChat.ps1 | 4 ++-- .../TelstraPurpleFunctions.psm1 | 21 +++++++++++-------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/Get-MicrosoftTeamsChat.ps1 b/Get-MicrosoftTeamsChat.ps1 index f9252c3..4a2d5a7 100644 --- a/Get-MicrosoftTeamsChat.ps1 +++ b/Get-MicrosoftTeamsChat.ps1 @@ -32,8 +32,8 @@ [cmdletbinding()] Param( [Parameter(Mandatory = $true, HelpMessage = "Export location of where the HTML files will be saved.")] [string] $ExportFolder, - [Parameter(Mandatory = $true, HelpMessage = "The client id of the Azure AD App Registration")] [string] $clientId, - [Parameter(Mandatory = $true, HelpMessage = "The tenant id of the Azure AD environment the user logs into")] [string] $tenantId, + [Parameter(Mandatory = $false, HelpMessage = "The client id of the Azure AD App Registration")] [string] $clientId = "31359c7f-bd7e-475c-86db-fdb8c937548e", + [Parameter(Mandatory = $false, HelpMessage = "The tenant id of the Azure AD environment the user logs into")] [string] $tenantId = "common", [Parameter(Mandatory = $true, HelpMessage = "The domain name of the UPNs for users in your tenant. E.g. contoso.com")] [string] $domain ) diff --git a/functions/TelstraPurpleFunctions/TelstraPurpleFunctions.psm1 b/functions/TelstraPurpleFunctions/TelstraPurpleFunctions.psm1 index c1574a8..9e5b6d9 100644 --- a/functions/TelstraPurpleFunctions/TelstraPurpleFunctions.psm1 +++ b/functions/TelstraPurpleFunctions/TelstraPurpleFunctions.psm1 @@ -9,24 +9,27 @@ function Get-TPASCII() { } function Connect-DeviceCodeAPI ($clientId, $tenantId, $refresh) { - + $scope = "Chat.Read, User.Read, User.ReadBasic.All, offline_access" if ([string]::IsNullOrEmpty($refresh)) { + $contentType = $null $codeBody = @{ - - resource = "https://graph.microsoft.com/" client_id = $clientId - scope = "Chat.Read, User.Read, User.ReadBasic.All, offline_access" - + scope = $scope + } + if ($clientId -eq "31359c7f-bd7e-475c-86db-fdb8c937548e") { + $contentType = "application/x-www-form-urlencoded" + $codeBody = "client_id=$clientID&scope=https%3A%2F%2Fgraph.microsoft.com%2F%2F.default+offline_access+openid+profile" } - $codeRequest = Invoke-RestMethod -Method POST -Uri "https://login.microsoftonline.com/$tenantId/oauth2/devicecode" -Body $codeBody - + $codeRequest = Invoke-RestMethod -Method POST -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/devicecode" -ContentType $contentType -Body $codeBody # Print Code to console Write-Host "`n$($codeRequest.message)" $tokenBody = @{ grant_type = "urn:ietf:params:oauth:grant-type:device_code" code = $codeRequest.device_code + device_code = $codeRequest.device_code + client_info = 1 client_id = $clientId } @@ -34,7 +37,7 @@ function Connect-DeviceCodeAPI ($clientId, $tenantId, $refresh) { else { $tokenBody = @{ grant_type = "refresh_token" - scope = "Chat.Read, User.Read, User.ReadBasic.All, offline_access" + scope = $scope refresh_token = $refresh client_id = $clientId } @@ -45,7 +48,7 @@ function Connect-DeviceCodeAPI ($clientId, $tenantId, $refresh) { # Get OAuth Token while ([string]::IsNullOrEmpty($tokenRequest.access_token)) { $tokenRequest = try { - Invoke-RestMethod -Method POST -Uri "https://login.microsoftonline.com/$tenantId/oauth2/token" -Body $tokenBody + Invoke-RestMethod -Method POST -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $tokenBody } catch {