AcquireTokenAsyn in Azure cloud shell

Question

I'm trying to make some graph API calls from AZure CloudShell. To make the API call I have to acquire a token. I have a 100% working code in Azure Desktop version (PSVersion 5.1) But same code not working in CloudShell, which runs s with (Core - 6.2)

Cloudshell libraries have couple of mismatches with documentations

Im trying to use this version of AcuireTokenAsync.

For which I have to initial PlatmforParameter but when Im getting an error

$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" "Auto" New-Object : Cannot find an overload for "PlatformParameters" and the argument count: "1". At line:1 char:23 + ... arameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirecto ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [New-Object], MethodException + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Seems PlatformParameters accepting no arg constructor

This is my working code in Powershell Desktop 5.1 version

    $clientId = "1950a258-227b-4e31-a9cf-717495945fc2"  # well-known client ID for AzurePowerShell
    $redirectUri = "urn:ietf:wg:oauth:2.0:oob" # redirect URI for Azure PowerShell

    $resourceAppIdURI = "https://graph.windows.net"
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
    $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList 'Auto'
    $authResultTask = $authContext.AcquireTokenAsync($resourceAppIdURI, $clientId, $redirectUri, $platformParameters)
    $authResultTask.Wait()
    $authResult = $authResultTask.Result

But same code doesn't work in CloudShell

Is there any well known variation of acquiring token from Azure Cloud shell

May I know which graph APIs do you want to call? And why do you want to do them in the cloud shell? — Joy Wang, Jul 03 '19 at 05:30
I'm Trying to call https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-beta&tabs=http I am able to create an app using New-AzureRmADApplication cmdlet but need to configure the created app (ex: Assign API permissions, roles etc...) — Anton Sashidharan, Jul 03 '19 at 05:58
No need to to do that, there is a bulit-in command [`Set-AzureADApplication`](https://learn.microsoft.com/en-us/powershell/module/azuread/set-azureadapplication?view=azureadps-2.0) in `AzureAD` module. But I want to know why you want to do that in the cloud shell? — Joy Wang, Jul 03 '19 at 06:03
I wanted to automate the application creation and configuration via powershell script — Anton Sashidharan, Jul 03 '19 at 06:18
@JoyWang any idea on the problem I'm explaining about constructor mismatches (eg: Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters) — Anton Sashidharan, Jul 03 '19 at 06:20
Why don't you use `AzureAD` module? Most things related to Azure AD can be accessed. And you still not tell me why you insist on using cloud shell instead of window powershell in local? — Joy Wang, Jul 03 '19 at 06:25
I already given the reason - "I wanted to automate the application creation and configuration via powershell script" because it is a frequent thing I'm planning to do — Anton Sashidharan, Jul 03 '19 at 06:35

score 1 · Answer 1 · answered Jul 03 '19 at 07:02

I wanted to automate the application creation and configuration via powershell script

As mentioned in the comment, no need to call the MS Graph APIs manually, you can automate them via AzureAD powershell module, which is also available in the cloud shell.

Samples:

1.Create application - New-AzureADApplication

New-AzureADApplication -DisplayName "My new application"  -IdentifierUris "http://mynewapp.contoso.com"

2.Update an application - Set-AzureADApplication

For example, set the API permissions for the application.

$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope"
$acc2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "aaff0dfd-0295-48b6-a5cc-9f465bc87928","Role"
$req.ResourceAccess = $acc1,$acc2
$req.ResourceAppId = "00000002-0000-0000-c000-000000000000"

$reqe = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1e = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "ddb3ca45-a192-477d-acb2-46bf9dc586de","Scope"
$acc2e = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "28379fa9-8596-4fd9-869e-cb60a93b5d84","Role"
$reqe.ResourceAccess = $acc1e,$acc2e
$reqe.ResourceAppId = "00000009-0000-0000-c000-000000000000"

Set-AzureADApplication -ObjectId <ObjectId> -RequiredResourceAccess @($req,$reqe)

I test the script in local and cloud shell, both work fine. If you have other requirements, just look into the Azure AD PowerShell doc, you can do most things related to AAD via this module.

For more details about the sample, you could refer to the two links, 1 and 2.

Thanks @JoyWang I will verify the code and will update the comment section — Anton Sashidharan, Jul 03 '19 at 08:13

AcquireTokenAsyn in Azure cloud shell

1 Answers1