From 2eeb4e624380fbbe548f9bc422d0825bfae310a0 Mon Sep 17 00:00:00 2001 From: Oscar Faixat Date: Tue, 6 Jun 2023 15:24:31 -0700 Subject: [PATCH 1/6] Adding AzureRegion parameter --- src/Get-MsalToken.ps1 | 16 +++++++++++++++- src/New-MsalClientApplication.ps1 | 9 +++++++-- src/Select-MsalClientApplication.ps1 | 6 +++++- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/src/Get-MsalToken.ps1 b/src/Get-MsalToken.ps1 index f759ce4..604d36f 100644 --- a/src/Get-MsalToken.ps1 +++ b/src/Get-MsalToken.ps1 @@ -201,7 +201,21 @@ function Get-MsalToken { # Specifies the timeout threshold for MSAL.net operations. [Parameter(Mandatory = $false)] - [timespan] $Timeout + [timespan] $Timeout, + + # Specifies the Azure region to use for token acquisition. + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientClaims', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientAssertion', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret-OnBehalfOf', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-OnBehalfOf', ValueFromPipelineByPropertyName = $true)] + [string] $AzureRegion = [Microsoft.Identity.Client.ConfidentialClientApplication]::AttemptRegionDiscovery ) begin { diff --git a/src/New-MsalClientApplication.ps1 b/src/New-MsalClientApplication.ps1 index 5764cbf..16d7e98 100644 --- a/src/New-MsalClientApplication.ps1 +++ b/src/New-MsalClientApplication.ps1 @@ -81,7 +81,13 @@ function New-MsalClientApplication { [Microsoft.Identity.Client.PublicClientApplicationOptions] $PublicClientOptions, # Confidential client application options [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClient-InputObject', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] - [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions + [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions, + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientClaims', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientAssertion', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClient-InputObject', ValueFromPipelineByPropertyName = $true)] + [string] $AzureRegion = [Microsoft.Identity.Client.ConfidentialClientApplication]::AttemptRegionDiscovery ) switch -Wildcard ($PSCmdlet.ParameterSetName) { @@ -127,7 +133,6 @@ function New-MsalClientApplication { if ($ClientClaims) { [void] $ClientApplicationBuilder.WithClientClaims($ClientCertificate, (ConvertTo-Dictionary $ClientClaims -KeyType ([string]) -ValueType ([string]))) } elseif ($ClientCertificate) { [void] $ClientApplicationBuilder.WithCertificate($ClientCertificate) } if ($RedirectUri) { [void] $ClientApplicationBuilder.WithRedirectUri($RedirectUri.AbsoluteUri) } - $ClientOptions = $ConfidentialClientOptions } "*" { diff --git a/src/Select-MsalClientApplication.ps1 b/src/Select-MsalClientApplication.ps1 index b084789..30fd7ea 100644 --- a/src/Select-MsalClientApplication.ps1 +++ b/src/Select-MsalClientApplication.ps1 @@ -49,7 +49,11 @@ function Select-MsalClientApplication { [Microsoft.Identity.Client.PublicClientApplicationOptions] $PublicClientOptions, # Confidential client application options [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClient-InputObject', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] - [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions + [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions, + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClient-InputObject', ValueFromPipelineByPropertyName = $true)] + [string] $AzureRegion = [Microsoft.Identity.Client.ConfidentialClientApplication]::AttemptRegionDiscovery ) $paramNewMsalClientApplication = Select-PsBoundParameters $PSBoundParameters -CommandName New-MsalClientApplication -ExcludeParameters ErrorAction From 0f49977eb589af4695e541b45d5ff3011991969b Mon Sep 17 00:00:00 2001 From: Oscar Faixat Date: Tue, 6 Jun 2023 15:26:29 -0700 Subject: [PATCH 2/6] invoke withazureregion --- src/New-MsalClientApplication.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/src/New-MsalClientApplication.ps1 b/src/New-MsalClientApplication.ps1 index 16d7e98..aff6c3d 100644 --- a/src/New-MsalClientApplication.ps1 +++ b/src/New-MsalClientApplication.ps1 @@ -133,6 +133,7 @@ function New-MsalClientApplication { if ($ClientClaims) { [void] $ClientApplicationBuilder.WithClientClaims($ClientCertificate, (ConvertTo-Dictionary $ClientClaims -KeyType ([string]) -ValueType ([string]))) } elseif ($ClientCertificate) { [void] $ClientApplicationBuilder.WithCertificate($ClientCertificate) } if ($RedirectUri) { [void] $ClientApplicationBuilder.WithRedirectUri($RedirectUri.AbsoluteUri) } + [void] $ClientApplicationBuilder.WithAzureRegion($AzureRegion) $ClientOptions = $ConfidentialClientOptions } "*" { From 28e0dcb9db30f25c7161eec9ecd3f29bd1510b68 Mon Sep 17 00:00:00 2001 From: Oscar Faixat Date: Tue, 20 Jun 2023 02:20:27 -0700 Subject: [PATCH 3/6] update Msal version --- packages.config | 4 ++-- src/MSAL.PS.psd1 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages.config b/packages.config index ff7cdc2..189c935 100644 --- a/packages.config +++ b/packages.config @@ -1,7 +1,7 @@ - - + + \ No newline at end of file diff --git a/src/MSAL.PS.psd1 b/src/MSAL.PS.psd1 index ff0fc8b..37ce214 100644 --- a/src/MSAL.PS.psd1 +++ b/src/MSAL.PS.psd1 @@ -10,7 +10,7 @@ RootModule = 'MSAL.PS.psm1' # Version number of this module. -ModuleVersion = '4.37.0' +ModuleVersion = '4.54.1' # Supported PSEditions CompatiblePSEditions = 'Core','Desktop' From b230273e313b35e6b06a41f37a20d7734f6c775f Mon Sep 17 00:00:00 2001 From: Oscar Faixat Date: Tue, 20 Jun 2023 02:21:11 -0700 Subject: [PATCH 4/6] Limit region parameter --- src/Get-MsalToken.ps1 | 17 ++++++----------- src/New-MsalClientApplication.ps1 | 2 +- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/Get-MsalToken.ps1 b/src/Get-MsalToken.ps1 index 604d36f..56bfbac 100644 --- a/src/Get-MsalToken.ps1 +++ b/src/Get-MsalToken.ps1 @@ -36,6 +36,7 @@ function Get-MsalToken { [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-AuthorizationCode', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-OnBehalfOf', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-Regional', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [string] $ClientId, # Secure secret of the client requesting the token. @@ -48,6 +49,7 @@ function Get-MsalToken { [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-OnBehalfOf', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-Regional', ValueFromPipelineByPropertyName = $true)] [System.Security.Cryptography.X509Certificates.X509Certificate2] $ClientCertificate, # Specifies if the x5c claim (public key of the certificate) should be sent to the STS. @@ -55,6 +57,7 @@ function Get-MsalToken { [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate')] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-AuthorizationCode')] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-OnBehalfOf')] + [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-Regional')] [switch] $SendX5C, # The authorization code received from service authorization endpoint. @@ -88,6 +91,7 @@ function Get-MsalToken { [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-OnBehalfOf', ValueFromPipelineByPropertyName = $true)] + [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-Regional', ValueFromPipelineByPropertyName = $true)] [uri] $RedirectUri, # Instance of Azure Cloud @@ -205,17 +209,8 @@ function Get-MsalToken { # Specifies the Azure region to use for token acquisition. [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientClaims', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientAssertion', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret-OnBehalfOf', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-AuthorizationCode', ValueFromPipelineByPropertyName = $true)] - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate-OnBehalfOf', ValueFromPipelineByPropertyName = $true)] - [string] $AzureRegion = [Microsoft.Identity.Client.ConfidentialClientApplication]::AttemptRegionDiscovery + [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-Regional', ValueFromPipelineByPropertyName = $true)] + [string] $AzureRegion ) begin { diff --git a/src/New-MsalClientApplication.ps1 b/src/New-MsalClientApplication.ps1 index aff6c3d..215e691 100644 --- a/src/New-MsalClientApplication.ps1 +++ b/src/New-MsalClientApplication.ps1 @@ -133,7 +133,7 @@ function New-MsalClientApplication { if ($ClientClaims) { [void] $ClientApplicationBuilder.WithClientClaims($ClientCertificate, (ConvertTo-Dictionary $ClientClaims -KeyType ([string]) -ValueType ([string]))) } elseif ($ClientCertificate) { [void] $ClientApplicationBuilder.WithCertificate($ClientCertificate) } if ($RedirectUri) { [void] $ClientApplicationBuilder.WithRedirectUri($RedirectUri.AbsoluteUri) } - [void] $ClientApplicationBuilder.WithAzureRegion($AzureRegion) + if ($AzureRegion) { [void] $ClientApplicationBuilder.WithAzureRegion($AzureRegion) } $ClientOptions = $ConfidentialClientOptions } "*" { From dd1e346b6270261792a11a8a6f9c0ea7f43c25c4 Mon Sep 17 00:00:00 2001 From: Oscar Faixat Date: Tue, 20 Jun 2023 03:10:08 -0700 Subject: [PATCH 5/6] confidentialclientsecret not supported in regional --- src/Get-MsalToken.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Get-MsalToken.ps1 b/src/Get-MsalToken.ps1 index 56bfbac..d8e9e50 100644 --- a/src/Get-MsalToken.ps1 +++ b/src/Get-MsalToken.ps1 @@ -208,7 +208,6 @@ function Get-MsalToken { [timespan] $Timeout, # Specifies the Azure region to use for token acquisition. - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClientCertificate-Regional', ValueFromPipelineByPropertyName = $true)] [string] $AzureRegion ) From 31881428dd2273c53b313d9b0d25113ebb4ec968 Mon Sep 17 00:00:00 2001 From: Oscar Faixat Date: Tue, 20 Jun 2023 03:10:55 -0700 Subject: [PATCH 6/6] confidentialclientsecret not supported in regional --- src/New-MsalClientApplication.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/New-MsalClientApplication.ps1 b/src/New-MsalClientApplication.ps1 index 215e691..6a835a1 100644 --- a/src/New-MsalClientApplication.ps1 +++ b/src/New-MsalClientApplication.ps1 @@ -82,12 +82,11 @@ function New-MsalClientApplication { # Confidential client application options [Parameter(Mandatory = $true, ParameterSetName = 'ConfidentialClient-InputObject', Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Microsoft.Identity.Client.ConfidentialClientApplicationOptions] $ConfidentialClientOptions, - [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientSecret', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientCertificate', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientClaims', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClientAssertion', ValueFromPipelineByPropertyName = $true)] [Parameter(Mandatory = $false, ParameterSetName = 'ConfidentialClient-InputObject', ValueFromPipelineByPropertyName = $true)] - [string] $AzureRegion = [Microsoft.Identity.Client.ConfidentialClientApplication]::AttemptRegionDiscovery + [string] $AzureRegion ) switch -Wildcard ($PSCmdlet.ParameterSetName) {