Get Graph access token from interactive credentials used to login to Azure-AD with PowerShell

Question

Is it possible to use the Connect-AzureAD cmdlet to get credentials from an interactive user login that contains an access token which can be used in Authorization Bearer headers for Invoke-RestMethod calls to the Graph API? Or is a second call to the Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenAsync command always required to force the user to login again because Graph API calls are a different resource and require a different context?

I know an Azure AD Application Registration can be used but I cannot do that for this script.

score 0 · Answer 1 · answered Sep 27 '21 at 19:15

0

Exposing the Connection token from Connect-AzureAd may answer your question directly, I won't try to steal credit for it, but I want to go a step further.

ADAL, which is the library being used here, has been deprecated in favor of MSAL, and will not be supported at some point in the future. Not telling you that you're wrong to use it, rather just letting everyone who encounters it that changes will be needed down the road.

answered Sep 27 '21 at 19:15

WaitingForGuacamole

3,744
1
8
22

I actually had already tried that approach in your link but I got a 401 Unauthorized with my Graph request – Eric Legault Sep 28 '21 at 01:18

Get Graph access token from interactive credentials used to login to Azure-AD with PowerShell

1 Answers1