Get token for OAuth2 protected API in PowerShell

Question

When I use a browser I use this endpoint to authorize:

https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=<client_id>&response_type=code&redirect_uri=<redirect_uri>&scope=email+offline_access+openid+profile&state=&prompt=select_account

then I log in to my Microsoft account, and it redirects me to my application.

How I can log in to get a token from PowerShell? I need it for test automation. I found something like this (https://github.com/shawntabrizi/Microsoft-Authentication-with-PowerShell-and-MSAL/tree/master/Authorization%20Code%20Grant%20Flow) but I'm not sure if it is a good solution for my case.

Appreciate any help.

EDIT:

I don't know how to automate this step:

juunas juunas · Accepted Answer · 2020-08-18T13:54:28

If you want your test to call the API as an app, you can use client credentials flow.

If on the other hand you want to call the API on behalf of a user, you might need to use resource owner password credentials grant flow: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

Note that the user should usually be a local account in that AAD tenant (no external user/Microsoft account/on-prem AD account) with no MFA. Take this into account and store the user credentials securely. And do use a test AAD tenant for this so the credentials don't have access to any production environments.

Get token for OAuth2 protected API in PowerShell

2 Answers