Can't get access token with service principal client secret

CravateRouge commented 1 year ago

I'm trying to get a refresh token using a service principal client secret like this:

$secret = Get-Content .\appreg.txt
$secure_secret = $secret | ConvertTo-SecureString -AsPlainText -Force
$pscredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "[ServicePrincipalId]", $secure_secret
 Get-AADIntAccessToken -ClientId "1950a258-227b-4e31-a9cf-717495945fc2" -Resource "https://graph.microsoft.com" -IncludeRefreshToken $true -Credentials $pscredential

But I get the following error:

Get-OAuthInfo : User type  of [ServicePrincipalId] is Unknown!
At AccessToken.ps1:1574 char:38
+ ... OAuthInfo = Get-OAuthInfo -Credentials $Credentials -ClientId $Client ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-OAuthInfo

Could not get OAuthInfo!
At AccessToken.ps1:1586 char:17
+                 throw "Could not get OAuthInfo!"
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Could not get OAuthInfo!:String) [], RuntimeException
    + FullyQualifiedErrorId : Could not get OAuthInfo!

However those credentials work using:

Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant [TenantId]

Is there a way to use AADInternals with service principal credentials?

NestoriSyynimaa commented 1 year ago

Currently no, but lets see what I can do!

hugil commented 1 year ago

Following! also would love to see this

Gerenios / AADInternals

Can't get access token with service principal client secret #49