internal static PnPConnection InstantiateDeviceLoginConnection(string url, bool launchBrowser, string tenantAdminUrl, PSHost host, bool disableTelemetry, AzureEnvironment azureEnvironment)
{
var connectionUri = new Uri(url);
var scopes = new[] { $"{connectionUri.Scheme}://{connectionUri.Authority}//.default" }; // the second double slash is not a typo.
var context = new ClientContext(url);
GenericToken tokenResult = null;
try
{
tokenResult = GraphToken.AcquireApplicationTokenDeviceLogin(PnPConnection.PnPManagementShellClientId, scopes, PnPConnection.DeviceLoginCallback(host, launchBrowser), azureEnvironment);
}
catch (MsalUiRequiredException ex)
{
if (ex.Classification == UiRequiredExceptionClassification.ConsentRequired)
{
host.UI.WriteLine("You need to provide consent to the PnP Management Shell application for your tenant. The easiest way to do this is by issueing: 'Connect-PnPOnline -Url [yoursiteur] -PnPManagementShell -LaunchBrowser'. Make sure to authenticate as a Azure administrator allowing to provide consent to the application. Follow the steps provided.");
throw ex;
}
}
var spoConnection = new PnPConnection(context, tokenResult, ConnectionType.O365, null, url.ToString(), tenantAdminUrl, PnPPSVersionTag, disableTelemetry, InitializationType.DeviceLogin)
{
//var spoConnection = new PnPConnection(context, ConnectionType.O365, url.ToString(), tenantAdminUrl, PnPPSVersionTag, host, disableTelemetry, InitializationType.DeviceLogin);
Scopes = scopes,
AzureEnvironment = azureEnvironment
};
if (spoConnection != null)
{
spoConnection.ConnectionMethod = ConnectionMethod.DeviceLogin;
}
return(spoConnection);
}
/// <summary>
/// Connect using the parameter set AADWITHSCOPE
/// </summary>
/// <param name="credentials">Credentials to authenticate with for delegated access or NULL for application permissions</param>
/// <returns>PnPConnection based on the parameters provided in the parameter set</returns>
private PnPConnection ConnectAadWithScope(PSCredential credentials, AzureEnvironment azureEnvironment)
{
// Filter out the scopes for the Microsoft Office 365 Management API
var officeManagementApiScopes = Enum.GetNames(typeof(OfficeManagementApiPermission)).Select(s => s.Replace("_", ".")).Intersect(Scopes).ToArray();
// Take the remaining scopes and try requesting them from the Microsoft Graph API
var graphScopes = Scopes.Except(officeManagementApiScopes).ToArray();
PnPConnection connection = null;
// If we have Office 365 scopes, get a token for those first
if (officeManagementApiScopes.Length > 0)
{
var officeManagementApiToken = credentials == null?OfficeManagementApiToken.AcquireApplicationTokenDeviceLogin(PnPConnection.PnPManagementShellClientId, officeManagementApiScopes, PnPConnection.DeviceLoginCallback(this.Host, true), azureEnvironment) : OfficeManagementApiToken.AcquireDelegatedTokenWithCredentials(PnPConnection.PnPManagementShellClientId, officeManagementApiScopes, credentials.UserName, credentials.Password);
connection = PnPConnection.GetConnectionWithToken(officeManagementApiToken, TokenAudience.OfficeManagementApi, InitializationType.InteractiveLogin, credentials, disableTelemetry: NoTelemetry.ToBool());
}
// If we have Graph scopes, get a token for it
if (graphScopes.Length > 0)
{
var graphToken = credentials == null?GraphToken.AcquireApplicationTokenDeviceLogin(PnPConnection.PnPManagementShellClientId, graphScopes, PnPConnection.DeviceLoginCallback(this.Host, true), azureEnvironment) : GraphToken.AcquireDelegatedTokenWithCredentials(PnPConnection.PnPManagementShellClientId, graphScopes, credentials.UserName, credentials.Password, AzureEnvironment);
// If there's a connection already, add the AAD token to it, otherwise set up a new connection with it
if (connection != null)
{
//connection.AddToken(TokenAudience.MicrosoftGraph, graphToken);
}
else
{
connection = PnPConnection.GetConnectionWithToken(graphToken, TokenAudience.MicrosoftGraph, InitializationType.InteractiveLogin, credentials, disableTelemetry: NoTelemetry.ToBool());
}
}
connection.Scopes = Scopes;
return(connection);
}
internal static PnPConnection InstantiateGraphDeviceLoginConnection(bool launchBrowser, PSHost host, bool disableTelemetry, AzureEnvironment azureEnvironment)
{
var tokenResult = GraphToken.AcquireApplicationTokenDeviceLogin(PnPConnection.PnPManagementShellClientId, new[] { "Group.Read.All", "openid", "email", "profile", "Group.ReadWrite.All", "User.Read.All", "Directory.ReadWrite.All" }, PnPConnection.DeviceLoginCallback(host, launchBrowser), azureEnvironment);
var spoConnection = new PnPConnection(tokenResult, ConnectionMethod.GraphDeviceLogin, ConnectionType.O365, PnPPSVersionTag, disableTelemetry, InitializationType.GraphDeviceLogin)
{
Scopes = new[] { "Group.Read.All", "openid", "email", "profile", "Group.ReadWrite.All", "User.Read.All", "Directory.ReadWrite.All" },
AzureEnvironment = azureEnvironment
};
return(spoConnection);
}
