Functions/Public/New-AzureRmAuthToken.ps1

function New-AzureRmAuthToken
{
    <#
    .SYNOPSIS
        Creates a new authentication token for use against Azure RM REST API operations.
 
    .DESCRIPTION
        Creates a new authentication token for use against Azure RM REST API operations. This uses client/secret auth (not certificate auth).
        The returned output contains the OAuth bearer token and it's properties.
 
    .PARAMETER AadClientAppId
        The AAD client application ID.
 
    .PARAMETER AadClientAppSecret
        The AAD client application secret
 
    .PARAMETER AadTenantId
        The AAD tenant ID.
 
    .EXAMPLE
        C:\> New-AzureRmAuthToken -AadClientAppId <guid> -AadClientAppSecret '<secret>' -AadTenantId <guid>
    #>

    [CmdletBinding()]
    Param
    (
        [Parameter(
            Mandatory=$true,
            HelpMessage='Please provide the AAD client application ID.')]
        [System.String]
        $AadClientAppId,

        [Parameter(
            Mandatory=$true,
            HelpMessage='Please provide the AAD client application secret.')]
        [System.String]
        $AadClientAppSecret,

        [Parameter(
            Mandatory=$true,
            HelpMessage='Please provide the AAD tenant ID.')]
        [System.String]
        $AadTenantId
    )
    Process
    {
        # grab app constants
        $aadUri = $MyInvocation.MyCommand.Module.PrivateData.Constants.AadAuthenticationUri;
        $resource = $MyInvocation.MyCommand.Module.PrivateData.Constants.AadAuthenticationResource;

        # load the web assembly and encode parameters
        $null = [Reflection.Assembly]::LoadWithPartialName('System.Web');
        $encodedClientAppSecret = [System.Web.HttpUtility]::UrlEncode($AadClientAppSecret);
        $encodedResource = [System.Web.HttpUtility]::UrlEncode($Resource);

        # construct and send the request
        $tenantAuthUri = $aadUri -f $AadTenantId;
        $headers = @{
            'Content-Type' = 'application/x-www-form-urlencoded';
        };
        $bodyParams = @(
            "grant_type=client_credentials",
            "client_id=$AadClientAppId",
            "client_secret=$encodedClientAppSecret",
            "resource=$encodedResource"
        );
        $body = [System.String]::Join("&", $bodyParams);

        Invoke-RestMethod -Uri $tenantAuthUri -Method POST -Headers $headers -Body $body;
    }
}