0

I'm trying to make some graph API calls from AZure CloudShell. To make the API call I have to acquire a token. I have a 100% working code in Azure Desktop version (PSVersion 5.1) But same code not working in CloudShell, which runs s with (Core - 6.2)

Cloudshell libraries have couple of mismatches with documentations

Im trying to use this version of AcuireTokenAsync.

For which I have to initial PlatmforParameter but when Im getting an error

$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" "Auto" New-Object : Cannot find an overload for "PlatformParameters" and the argument count: "1". At line:1 char:23 + ... arameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirecto ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [New-Object], MethodException + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Seems PlatformParameters accepting no arg constructor

This is my working code in Powershell Desktop 5.1 version

    $clientId = "1950a258-227b-4e31-a9cf-717495945fc2"  # well-known client ID for AzurePowerShell
    $redirectUri = "urn:ietf:wg:oauth:2.0:oob" # redirect URI for Azure PowerShell

    $resourceAppIdURI = "https://graph.windows.net"
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
    $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList 'Auto'
    $authResultTask = $authContext.AcquireTokenAsync($resourceAppIdURI, $clientId, $redirectUri, $platformParameters)
    $authResultTask.Wait()
    $authResult = $authResultTask.Result

But same code doesn't work in CloudShell

Is there any well known variation of acquiring token from Azure Cloud shell

4

1 回答 1

1

我想通过 powershell 脚本自动创建和配置应用程序

正如评论中提到的,无需手动调用 MS Graph API,您可以通过AzureADpowershell 模块自动化它们,该模块也可在云 shell 中使用。

样品:

1.创建应用程序-New-AzureADApplication

New-AzureADApplication -DisplayName "My new application"  -IdentifierUris "http://mynewapp.contoso.com"

2.更新应用程序-Set-AzureADApplication

例如,设置应用程序的 API 权限。

$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope"
$acc2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "aaff0dfd-0295-48b6-a5cc-9f465bc87928","Role"
$req.ResourceAccess = $acc1,$acc2
$req.ResourceAppId = "00000002-0000-0000-c000-000000000000"

$reqe = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1e = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "ddb3ca45-a192-477d-acb2-46bf9dc586de","Scope"
$acc2e = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "28379fa9-8596-4fd9-869e-cb60a93b5d84","Role"
$reqe.ResourceAccess = $acc1e,$acc2e
$reqe.ResourceAppId = "00000009-0000-0000-c000-000000000000"

Set-AzureADApplication -ObjectId <ObjectId> -RequiredResourceAccess @($req,$reqe)

我在本地和云 shell 中测试脚本,都可以正常工作。如果您有其他要求,只需查看Azure AD PowerShell 文档,您可以通过此模块完成与 AAD 相关的大多数事情。

有关示例的更多详细信息,您可以参考两个链接12

于 2019-07-03T07:02:49.320 回答