msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

[FEATURE REQUEST] Add Connect-Graph -AzContext Option

Open JustinGrote opened this issue 3 years ago • 3 comments

Since as stated the audience expected for the module is primarily Az users, now that Az allows exporting the access tokens, it is recommended to add a -AzContext (or -CurrentAzContext) switch that would fetch the access token via:

Get-AzAccessToken -ResourceUrl 'graph.microsoft.com').token and then execute a connect-graph -accesstoken token

Here is a simple helper function as a stopgap for users until this is implemented. If tagged as up-for-grabs I may attempt a PR.

using namespace Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core
using namespace Microsoft.Graph.PowerShell.Authentication
function Connect-MgGraphAz {
    <#
    .SYNOPSIS
    Connect to Microsoft Graph using an "Az" powershell module context
    .DESCRIPTION
    This function saves you from logging in twice to both mggraph and the az powershell module by fetching a token using your azure context.
    .EXAMPLE
    Connect-MgGraphAz

    Connects with your current default Azure context
    .EXAMPLE
    $context = get-azcontext -ListAvailable | where name -match 'Development' | select -first 1
    Connect-MgGraphAz -DefaultProfile $context

    Connects to Microsoft Graph using the first profile in your context list that matches the name 'Development'
    .EXAMPLE
    get-azcontext -ListAvailable | where name -match 'Development' | select -first 1 | Connect-MgGraphAz

    Uses the pipeline to connect to Microsoft Graph using the first profile in your context list that matches the name 'Development'
    #>

    [CmdletBinding()]
    param (
        #The Az Module Context to use for the connection. You can get a list with Get-AzContext -ListAvailable. Note this parameter only accepts one context and if multiple are supplied it will only connect to the last one supplied
        [Parameter(ValueFromPipeline)][IAzureContextContainer]$DefaultProfile,
        #Specify Process to use this token to authenticate just this process, or CurrentUser for all sessions started by this user
        [ContextScope]$ContextScope
    )
    $ErrorActionPreference = 'Stop'

    [String]$accessToken = $(
        if ($DefaultProfile) {
            Get-AzAccessToken -DefaultProfile $DefaultProfile -ResourceUrl 'https://graph.microsoft.com'
        } else { 
            Get-AzAccessToken -ResourceUrl 'https://graph.microsoft.com'
        }
    ).Token
    
    $connectMgParams = @{
        AccessToken = $accessToken
    }
    if ($contextScope) {
        $connectMgParams.ContextScope = $ContextScope
    }

    Connect-MgGraph @connectMgParams
}

AB#7710

JustinGrote avatar Jan 22 '21 01:01 JustinGrote

@JustinGrote We would be glad to receive your PR on this.

georgend avatar May 20 '21 10:05 georgend

As noted in https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/669, we should also document the use Connect-MgGraph -AccessToken and Get-AzAccessToken.

peombwa avatar May 21 '21 18:05 peombwa

@georgend is this still on for this sprint?

ddyett avatar Oct 21 '21 20:10 ddyett

This sounds like a great opportunity for a community contribution as a separate module that would ensure availability of both Az and Mg modules. I would not include this as part of the Mg modules to decrease the dependencies list but I get the use case.

For now I'd close as not planned, but absolutely welcome either:

  • A new community-provided module that provides this functionality
  • A documentation article in the Graph docs to provide a sample function (like the one @JustinGrote provided)

sebastienlevert avatar Feb 29 '24 15:02 sebastienlevert