Closed JustinGrote closed 4 months ago
Thanks for the feedback and suggestion! :)
Adding a parameter to customize headers in Invoke-OAuth2TokenEndpoint (token exchange) seems straightforward, as you've mentioned. It mainly involves passing additional arguments to invoke-restmethod
.
However, enabling header customization for obtaining authorization codes (using WebView2) is less clear to me, and I'm unsure how to tackle that issue.
Anyway, I'm away for a bit, but it's on my to-do list. In the meantime, if you have any suggestions or ideas about the WebView2 part, please feel free to share.
It was more for the tokenEndpoint command specifically, once you have the auth code. This is for impersonating SPA apps, in my case https://github.com/JustinGrote/MicrosoftMvp which I worked around just using invoke-restmethod natively.
Just pushed a minor update which should solve this issue.
Example
Invoke-OAuth2TokenEndpoint -uri 'https://login.microsoftonline.com/common/oauth2/v2.0/token' -customHeaders @{ origin = 'https://mvp.microsoft.com'; referer = 'https://mvp.microsoft.com' } @code
Again, thanks for the suggestion. =)
Great Module!
Please add a -Origin parameter or otherwise allow custom headers that get passed to invoke-restmethod to the token fetch so when impersonating a Microsoft SPA you can obtain the token correctly.