One of the previous posts in this blog was to get JWT using the Service principal + certificate combination¹. The Az.Acount PowerShell module was used to achieve the task. That approach signs into Azure as the service principal and generates JWT. This post is to get the JWT without logging in.
MSAL.PS
Microsoft Authentication Library is to interact with the Microsoft security system recently renamed Microsoft Entra².
There are also client-side libraries to interact with it from different languages. MSAL.PS is the library to do the same from PowerShell. Though the MSAL.PS³ is superseded by Azure Az PowerShell SDK⁴, it is still worth giving a try.
The below code shows how we can get the JWT using MSAL.PS.
The code is mostly straightforward but requires some basic understanding of the Azure security model, scope etc.Making HTTP resource calls
Once we have the JWT, it can be used to invoke HTTP calls or to execute a SQL Query.
$token = Get-MsalToken @creds
$reqHeaders = @{
'Authorization' = $token.CreateAuthorizationHeader()
}
$requestUrl = "<YOUR RESOURCE URL>"
Invoke-RestMethod -Uri $requestUrl -Headers $reqHeaders
The interesting thing is that the post published 2 years ago uses the up-to-date and officially supported method.
Happy working with legacy codebase.
References
¹ - https://joymonscode.blogspot.com/2021/09/azure-enterprise-powershell-log-in-as.html
² - https://learn.microsoft.com/en-us/entra/fundamentals/new-name | https://devblogs.microsoft.com/identity/aad-rebrand/
³ - https://github.com/AzureAD/MSAL.PS
⁴ - https://learn.microsoft.com/en-us/powershell/azure/new-azureps-module-az
No comments:
Post a Comment