Ever found yourself pulling your hair out trying to issue Microsoft Identity Tokens (login.microsoftonline.com)? Well, stress no more! OAuth Tokencopter 3000 is here to save your day (and your hair)!
OAuth Tokencopter 3000 is a PowerShell-based lifesaver that makes REST API requests to the Microsoft Identity Provider and delivers tokens for a variety of occasions. Whether you have a refresh token or just credentials, OAuth Tokencopter 3000 has got you covered. You can also provide resources like graph.microsoft.com, management.azure.com, api.partnercenter.microsoft.com etc., and it will return tokens. It's like a token vending machine!
Before you start, make sure you have PowerShell version 7 installed on your machine. If you don't, you can download it from here.
- Clone this repository to your local machine.
- Run the PowerShell script.
- Follow the prompts to input your refresh token or credentials, and specify the resources you need.
Here's how to use OAuth Tokencopter 3000:
- Run the PowerShell script.
- Input your refresh token or credentials when prompted.
- Specify the resources you need.
- Sit back and watch as your tokens are delivered!
Tip
💡 Pro Tip: You can retrieve the details of tokenPayload from an EntraID App Registration. Check out the quickstart guide for more information.
Usage Preparation
Import-Module .\New-MSToken.psm1 -Force
$tokenPayload = @{
ClientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
ClientSecret = "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
TenantId = "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz"
}Tip
💡 Pro Tip: You can configure the permissions of your tokenPayload in an EntraID App Registration. Learn how to add permissions to your app registration in this configuration guide.
Request Token Example #1
grant_type: This is set toclient_credentialswhen a refresh token is not provided.Issuer URL Version: This is set to2.Resource: This is set toMicrosoft Graph API.
$MSGraphTokenBasedOnClientSecret = New-MSToken `
-ClientId $tokenPayload.ClientId `
-ClientSecret $tokenPayload.ClientSecret `
-TokenIssuerURL "https://login.microsoftonline.com/$($tokenPayload.TenantId)/oauth2/v2.0/token" `
-Resource "https://graph.microsoft.com/.default" 
You may ask yourself "What can i do with that token?". Let's get some Entra Groups Guide
$headers = @{
"Authorization" = "Bearer $MSGraphTokenBasedOnClientSecret"
}
$response = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/groups" -Method Get -Headers $headers
$response.value
Note
Additional function call examples can be found in examples.md
OAuth Tokencopter 3000 is a community project. I encourage you to pitch in! If you've got a feature request, bug report, or if you'd like to contribute code, please feel free to do so.
OAuth Tokencopter 3000 is licensed under the MIT License. See LICENSE for more information.
This project uses Microsoft Authentication to generate tokens. All rights to Microsoft Authentication services and APIs belong to Microsoft. This project does not claim ownership of any third-party services or APIs used.
No more token troubles! With OAuth Tokencopter 3000, issuing Microsoft Identity Tokens is as easy as pie. Enjoy your worry-free token issuing experience!