PSMSALNet-help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-X509Certificate2</command:name> <command:verb>ConvertTo</command:verb> <command:noun>X509Certificate2</command:noun> <maml:description> <maml:para>This function will output a X509Certificate2 certificate.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Because Linux does not have the Cert: provider (Get-PsProvider), we have to find a way to use the provided certificate on all platforms and X509 is a solution. This function will inject several format (cer,crt,pem,pfx) to expose the result in a standardized way.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-X509Certificate2</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>Specify an access token to contact the associated Key Vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>APIVersion</maml:name> <maml:description> <maml:para>Specify the API version regarding Keyvault API for now the default value is 7.3.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>7.3</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExportPrivateKey</maml:name> <maml:description> <maml:para>Specify you want to extract from Key Vault the certificate with the Private key.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyVaultCertificatePath</maml:name> <maml:description> <maml:para>Specify path of a specific certificate version hosted on Azure Key Vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>ConvertTo-X509Certificate2</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CerPath</maml:name> <maml:description> <maml:para>Specify path of a cer file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>ConvertTo-X509Certificate2</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CrtPath</maml:name> <maml:description> <maml:para>Specify path of a crt file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>ConvertTo-X509Certificate2</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Specify password of a pfx file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PfxPath</maml:name> <maml:description> <maml:para>Specify path of a pfx file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>ConvertTo-X509Certificate2</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PemPath</maml:name> <maml:description> <maml:para>Specify path of a pem file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrivateKeyPath</maml:name> <maml:description> <maml:para>Specify path of a decrypted private key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>Specify an access token to contact the associated Key Vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>APIVersion</maml:name> <maml:description> <maml:para>Specify the API version regarding Keyvault API for now the default value is 7.3.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>7.3</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CerPath</maml:name> <maml:description> <maml:para>Specify path of a cer file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CrtPath</maml:name> <maml:description> <maml:para>Specify path of a crt file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExportPrivateKey</maml:name> <maml:description> <maml:para>Specify you want to extract from Key Vault the certificate with the Private key.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyVaultCertificatePath</maml:name> <maml:description> <maml:para>Specify path of a specific certificate version hosted on Azure Key Vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Specify password of a pfx file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PemPath</maml:name> <maml:description> <maml:para>Specify path of a pem file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PfxPath</maml:name> <maml:description> <maml:para>Specify path of a pfx file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrivateKeyPath</maml:name> <maml:description> <maml:para>Specify path of a decrypted private key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>VERSION HISTORY 1.0 | 2023/10/03 | Francois LEON initial version POSSIBLE IMPROVEMENT -</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>$PubCert = ConvertTo-X509Certificate2 -CerPath ./scomnewbie.cer</dev:code> <dev:remarks> <maml:para>Will generate a X509Certificate2 without private key from a cer file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>$PubCert = ConvertTo-X509Certificate2 -CerPath ./scomnewbie.crt</dev:code> <dev:remarks> <maml:para>Will generate a X509Certificate2 without private key from a crt file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>$PrivCert = ConvertTo-X509Certificate2 -PfxPath ./scomnewbie.pfx -Password $(ConvertTo-SecureString -String "exportpassword" -AsPlainText -Force) $PrivCert.PrivateKey</dev:code> <dev:remarks> <maml:para>Will generate a X509Certificate2 with private key from a pfx file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 4 --------------------------</maml:title> <dev:code>$PrivCert = ConvertTo-X509Certificate2 -PemPath ./scomnewbie2.pem -PrivateKeyPath ./privatekey_rsa.key $PrivCert.PrivateKey</dev:code> <dev:remarks> <maml:para>Will generate a X509Certificate2 with private key from a pem file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 5 --------------------------</maml:title> <dev:code>.vault.azure.net/certificates/test/5d69153b75214245ab72fa21b9c06bfb' $KVToken = (Get-AzAccessToken -Resource "https://vault.azure.net").Token #Once authenticated to Azure ConvertTo-X509Certificate2 -KeyVaultCertificatePath $CertURL -AccessToken $KVToken</dev:code> <dev:remarks> <maml:para>Will generate a X509Certificate2 with public key from a certificate hosted in Key Vault.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 6 --------------------------</maml:title> <dev:code>.vault.azure.net/certificates/test/5d69153b75214245ab72fa21b9c06bfb' $KVToken = (Get-AzAccessToken -Resource "https://vault.azure.net").Token #Once authenticated to Azure ConvertTo-X509Certificate2 -KeyVaultCertificatePath $CertURL -AccessToken $KVToken -ExportPrivateKey</dev:code> <dev:remarks> <maml:para>Will generate a X509Certificate2 with private key from a certificate hosted in Key Vault.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraToken</command:name> <command:verb>Get</command:verb> <command:noun>EntraToken</command:noun> <maml:description> <maml:para>This function will interact with MSAL.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Use this function to generate JWT Entra tokens. By default the token cache will be in memory.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCertificate</maml:name> <maml:description> <maml:para>The ClientCertificate parameter defines the client certificate you want to use in your authentication flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCredentialFlowWithCertificate</maml:name> <maml:description> <maml:para>The ClientCredentialFlowWithCertificate parameter defines you want to generate an entra token with the client credential flow with certificates.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WithoutCaching</maml:name> <maml:description> <maml:para>The WithoutCaching parameter defines the you want to force a token refresh instead of using the MSAL cache.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCertificate</maml:name> <maml:description> <maml:para>The ClientCertificate parameter defines the client certificate you want to use in your authentication flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OnBehalfFlowWithCertificate</maml:name> <maml:description> <maml:para>The OnBehalfFlowWithCertificate parameter defines you want to generate an entra token with the On behalf flows with certificates.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The Permissions parameter defines the permissions you request. This is usually what is after api://<...>/<Permission> or with Graph API @("User.Read","Group.Read"). the combinaison of Resource and permission create the scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserAssertion</maml:name> <maml:description> <maml:para>The UserAssertion parameter defines the token you want to use in both the OBO flow or the federated credential flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCredentialFlowWithSecret</maml:name> <maml:description> <maml:para>The ClientCredentialFlowWithSecret parameter defines you want to generate an entra token with the client credential flow with secrets.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The ClientSecret parameter defines the client secret you want to use in your authentication flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WithoutCaching</maml:name> <maml:description> <maml:para>The WithoutCaching parameter defines the you want to force a token refresh instead of using the MSAL cache.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtraScopesToConsent</maml:name> <maml:description> <maml:para>The ExtraScopesToConsent parameter defines the extra scopes you need following the Entra limitation where you can call only one resource per call. Thi parameter is useful when you need Graph API and ARM token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The Permissions parameter defines the permissions you request. This is usually what is after api://<...>/<Permission> or with Graph API @("User.Read","Group.Read"). the combinaison of Resource and permission create the scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicAuthorizationCodeFlow</maml:name> <maml:description> <maml:para>The PublicAuthorizationCodeFlow parameter defines you want to generate an entra token with the Authorization Code flow with PKCE. No secrets are required.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RedirectUri</maml:name> <maml:description> <maml:para>The RedirectUri parameter defines the redirect uri required for several public workflow. By default this parameter equal http://localhost.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Uri</command:parameterValue> <dev:type> <maml:name>Uri</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Http://localhost</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceCodeFlow</maml:name> <maml:description> <maml:para>The DeviceCodeFlow parameter defines you want to generate an entra token with the Device code flow. No secrets are required.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtraScopesToConsent</maml:name> <maml:description> <maml:para>The ExtraScopesToConsent parameter defines the extra scopes you need following the Entra limitation where you can call only one resource per call. Thi parameter is useful when you need Graph API and ARM token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The Permissions parameter defines the permissions you request. This is usually what is after api://<...>/<Permission> or with Graph API @("User.Read","Group.Read"). the combinaison of Resource and permission create the scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RedirectUri</maml:name> <maml:description> <maml:para>The RedirectUri parameter defines the redirect uri required for several public workflow. By default this parameter equal http://localhost.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Uri</command:parameterValue> <dev:type> <maml:name>Uri</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Http://localhost</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtraScopesToConsent</maml:name> <maml:description> <maml:para>The ExtraScopesToConsent parameter defines the extra scopes you need following the Entra limitation where you can call only one resource per call. Thi parameter is useful when you need Graph API and ARM token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The Permissions parameter defines the permissions you request. This is usually what is after api://<...>/<Permission> or with Graph API @("User.Read","Group.Read"). the combinaison of Resource and permission create the scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RedirectUri</maml:name> <maml:description> <maml:para>The RedirectUri parameter defines the redirect uri required for several public workflow. By default this parameter equal http://localhost.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Uri</command:parameterValue> <dev:type> <maml:name>Uri</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Http://localhost</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WAMFlow</maml:name> <maml:description> <maml:para>The WAMFlow parameter defines you want to generate an entra token with the Windows WAM (Web Account Manager). No secrets are required.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The ClientSecret parameter defines the client secret you want to use in your authentication flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OnBehalfFlowWithSecret</maml:name> <maml:description> <maml:para>The OnBehalfFlowWithSecret parameter defines you want to generate an entra token with the On behalf flows with secrets.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The Permissions parameter defines the permissions you request. This is usually what is after api://<...>/<Permission> or with Graph API @("User.Read","Group.Read"). the combinaison of Resource and permission create the scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserAssertion</maml:name> <maml:description> <maml:para>The UserAssertion parameter defines the token you want to use in both the OBO flow or the federated credential flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>FederatedCredentialFlowWithAssertion</maml:name> <maml:description> <maml:para>The FederatedCredentialFlowWithAssertion parameter defines you want to generate an entra token with the federated credential authentication method. A token assertion is required.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserAssertion</maml:name> <maml:description> <maml:para>The UserAssertion parameter defines the token you want to use in both the OBO flow or the federated credential flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WithoutCaching</maml:name> <maml:description> <maml:para>The WithoutCaching parameter defines the you want to force a token refresh instead of using the MSAL cache.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserManagedIdentity</maml:name> <maml:description> <maml:para>The UserManagedIdentity parameter defines the token you want to generate an entra token with the user managed identity.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraToken</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzurePublic</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureChina</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureGermany</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AzureUsGovernment</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SystemManagedIdentity</maml:name> <maml:description> <maml:para>The SystemManagedIdentity parameter defines the token you want to generate an entra token with the system managed identity.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AzureCloudInstance</maml:name> <maml:description> <maml:para>The AzureCloudInstance parameter defines the Azure environment you plan to consume. By default, the module target Azure public.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">AzureCloudInstance</command:parameterValue> <dev:type> <maml:name>AzureCloudInstance</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>AzurePublic</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCertificate</maml:name> <maml:description> <maml:para>The ClientCertificate parameter defines the client certificate you want to use in your authentication flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCredentialFlowWithCertificate</maml:name> <maml:description> <maml:para>The ClientCredentialFlowWithCertificate parameter defines you want to generate an entra token with the client credential flow with certificates.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientCredentialFlowWithSecret</maml:name> <maml:description> <maml:para>The ClientCredentialFlowWithSecret parameter defines you want to generate an entra token with the client credential flow with secrets.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The ClientId parameter defines the client Id (application Id) you want to use to generate a token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The ClientSecret parameter defines the client secret you want to use in your authentication flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CustomResource</maml:name> <maml:description> <maml:para>The CustomResource parameter defines your custom resource you exposed in Entra (api://<...>). You have to use it in addition of the Custom Resource parameter value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceCodeFlow</maml:name> <maml:description> <maml:para>The DeviceCodeFlow parameter defines you want to generate an entra token with the Device code flow. No secrets are required.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtraScopesToConsent</maml:name> <maml:description> <maml:para>The ExtraScopesToConsent parameter defines the extra scopes you need following the Entra limitation where you can call only one resource per call. Thi parameter is useful when you need Graph API and ARM token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>FederatedCredentialFlowWithAssertion</maml:name> <maml:description> <maml:para>The FederatedCredentialFlowWithAssertion parameter defines you want to generate an entra token with the federated credential authentication method. A token assertion is required.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OnBehalfFlowWithCertificate</maml:name> <maml:description> <maml:para>The OnBehalfFlowWithCertificate parameter defines you want to generate an entra token with the On behalf flows with certificates.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OnBehalfFlowWithSecret</maml:name> <maml:description> <maml:para>The OnBehalfFlowWithSecret parameter defines you want to generate an entra token with the On behalf flows with secrets.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The Permissions parameter defines the permissions you request. This is usually what is after api://<...>/<Permission> or with Graph API @("User.Read","Group.Read"). the combinaison of Resource and permission create the scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicAuthorizationCodeFlow</maml:name> <maml:description> <maml:para>The PublicAuthorizationCodeFlow parameter defines you want to generate an entra token with the Authorization Code flow with PKCE. No secrets are required.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RedirectUri</maml:name> <maml:description> <maml:para>The RedirectUri parameter defines the redirect uri required for several public workflow. By default this parameter equal http://localhost.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Uri</command:parameterValue> <dev:type> <maml:name>Uri</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Http://localhost</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Resource</maml:name> <maml:description> <maml:para>The Resource parameter defines the resource you want to consume. A scope is composed of a resource and a permission. This parameter is pre-filled with Azure audiences like Graph API, KeyVault or Custom (your API)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SystemManagedIdentity</maml:name> <maml:description> <maml:para>The SystemManagedIdentity parameter defines the token you want to generate an entra token with the system managed identity.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The TenantId parameter defines the Entra tenant Id. If you don't specificy this parameter, the common authority will be used (multi-tenants applications)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserAssertion</maml:name> <maml:description> <maml:para>The UserAssertion parameter defines the token you want to use in both the OBO flow or the federated credential flow.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserManagedIdentity</maml:name> <maml:description> <maml:para>The UserManagedIdentity parameter defines the token you want to generate an entra token with the user managed identity.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WAMFlow</maml:name> <maml:description> <maml:para>The WAMFlow parameter defines you want to generate an entra token with the Windows WAM (Web Account Manager). No secrets are required.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WithoutCaching</maml:name> <maml:description> <maml:para>The WithoutCaching parameter defines the you want to force a token refresh instead of using the MSAL cache.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Identity.Client.AuthenticationResult</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>VERSION HISTORY 2023/09/23 | Francois LEON initial version</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>$HashArguments = @{ ClientId = $clientId ClientSecret = $ClientSecret TenantId = $TenantId Resource = 'GraphAPI' } Get-EntraToken -ClientCredentialFlowWithSecret @HashArguments</dev:code> <dev:remarks> <maml:para>This command will generate a token to access Graph API scope with all application permissions assign to this app registration. The token is stored in memory cache managed by MSAL.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>$HashArguments = @{ ClientId = $clientId TenantId = $TenantId RedirectUri = 'http://localhost' Resource = 'GraphAPI' Permissions = @('user.read','group.read.all') ExtraScopesToConsent = @('https://management.azure.com/user_impersonation') verbose = $true }</dev:code> <dev:remarks> <maml:para>Get-EntraToken -PublicAuthorizationCodeFlow @HashArguments</maml:para> <maml:para>This command will generate a token to access Graph API scope with all application permissions added in the request. In addition, the request will do a second call to Entra to generate a token to access the ARM resource. The token is stored in memory cache managed by MSAL.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>Get-EntraToken -DeviceCodeFlow -ClientId $ClientId -TenantId $TenantId -Resource GraphAPI -Permissions @('user.read')</dev:code> <dev:remarks> <maml:para>This command will generate a token to access Graph API (user.read) scope with the default redirect uri value which is 'http://localhost'</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 4 --------------------------</maml:title> <dev:code>Get-EntraToken -WAMFlow -ClientId $clientId -TenantId $tenantId -RedirectUri 'ms-appx-web://Microsoft.AAD.BrokerPlugin/9f0...8f01' -Resource Custom -CustomResource api://AADToken-WebAPI-back-OBO -Permissions access_asuser</dev:code> <dev:remarks> <maml:para>This command (Windows only) use the Web Account MAnager component to communicate with Entra. In this case we request a token to access a custom API protected by entra. The redirect uri is not configured to use localhost as usual.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 5 --------------------------</maml:title> <dev:code>$X509 = ConvertTo-X509Certificate2 -PfxPath C:\TEMP\newcert.pfx -Password $(ConvertTo-SecureString -String '{myPassword}' -AsPlainText -Force) -Verbose Get-EntraToken -OnBehalfFlowWithCertificate -ClientCertificate $X509 -UserAssertion $FrontEndClientToken.accesstoken -ClientId $BackendClientId -TenantId $tenantId -Resource GraphAPI -Permissions 'User.read' | % AccessToken</dev:code> <dev:remarks> <maml:para>This command, executed from a backend api will generate a tokens using the OBO flow with certificate.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-KVCertificateWithPrivateKey</command:name> <command:verb>Get</command:verb> <command:noun>KVCertificateWithPrivateKey</command:noun> <maml:description> <maml:para>This is a function to download certificate information from Azure KeyVault and export the private key as well.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This is a function to download certificate information from Azure KeyVault and export the private key as well.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-KVCertificateWithPrivateKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>KeyVaultCertificatePath</maml:name> <maml:description> <maml:para>The KeyVaultCertificatePath parameter is the path of the Keyvault certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>The AccessToken parameter is the JWT you have to provide to do the action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>APIVersion</maml:name> <maml:description> <maml:para>The APIVersion parameter is the version of the Keyvault API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>7.3</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>The AccessToken parameter is the JWT you have to provide to do the action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>APIVersion</maml:name> <maml:description> <maml:para>The APIVersion parameter is the version of the Keyvault API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>7.3</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>KeyVaultCertificatePath</maml:name> <maml:description> <maml:para>The KeyVaultCertificatePath parameter is the path of the Keyvault certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>TODO: Write examples</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-KVCertificateWithPublicKey</command:name> <command:verb>Get</command:verb> <command:noun>KVCertificateWithPublicKey</command:noun> <maml:description> <maml:para>This is a function to download certificate information from Azure KeyVault.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This is a function to download certificate information from Azure KeyVault.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-KVCertificateWithPublicKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>KeyVaultCertificatePath</maml:name> <maml:description> <maml:para>The KeyVaultCertificatePath parameter is the path of the Keyvault certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>The AccessToken parameter is the JWT you have to provide to do the action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>APIVersion</maml:name> <maml:description> <maml:para>The APIVersion parameter is the version of the Keyvault API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>7.3</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>The AccessToken parameter is the JWT you have to provide to do the action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>APIVersion</maml:name> <maml:description> <maml:para>The APIVersion parameter is the version of the Keyvault API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>7.3</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>KeyVaultCertificatePath</maml:name> <maml:description> <maml:para>The KeyVaultCertificatePath parameter is the path of the Keyvault certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>TODO: Write examples</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> </helpItems> |