Support Origin Customization

[JustinGrote]

Great Module!

Please add a -Origin parameter or otherwise allow custom headers that get passed to invoke-restmethod to the token fetch so when impersonating a Microsoft SPA you can obtain the token correctly.

[alflokken]

Thanks for the feedback and suggestion! :)

Adding a parameter to customize headers in Invoke-OAuth2TokenEndpoint (token exchange) seems straightforward, as you've mentioned. It mainly involves passing additional arguments to invoke-restmethod.

However, enabling header customization for obtaining authorization codes (using WebView2) is less clear to me, and I'm unsure how to tackle that issue.

Anyway, I'm away for a bit, but it's on my to-do list. In the meantime, if you have any suggestions or ideas about the WebView2 part, please feel free to share.

[JustinGrote]

It was more for the tokenEndpoint command specifically, once you have the auth code. This is for impersonating SPA apps, in my case https://github.com/JustinGrote/MicrosoftMvp which I worked around just using invoke-restmethod natively.

[alflokken]

Just pushed a minor update which should solve this issue.

Example

Invoke-OAuth2TokenEndpoint -uri 'https://login.microsoftonline.com/common/oauth2/v2.0/token' -customHeaders @{ origin  = 'https://mvp.microsoft.com'; referer = 'https://mvp.microsoft.com' } @code

Again, thanks for the suggestion. =)