{"id":20899202,"url":"https://github.com/geekzter/azure-active-directory-client","last_synced_at":"2026-04-26T09:32:25.263Z","repository":{"id":115961762,"uuid":"605927410","full_name":"geekzter/azure-active-directory-client","owner":"geekzter","description":"Demonstrates the use of device code sign in from PowerShell script","archived":false,"fork":false,"pushed_at":"2023-05-22T08:15:46.000Z","size":870,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-26T20:57:55.279Z","etag":null,"topics":["azure-active-directory","azure-devops","oauth2","powershell","terraform"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/geekzter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-24T07:49:55.000Z","updated_at":"2023-07-16T09:01:24.000Z","dependencies_parsed_at":"2023-05-23T04:15:23.802Z","dependency_job_id":null,"html_url":"https://github.com/geekzter/azure-active-directory-client","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/geekzter/azure-active-directory-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekzter%2Fazure-active-directory-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekzter%2Fazure-active-directory-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekzter%2Fazure-active-directory-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekzter%2Fazure-active-directory-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/geekzter","download_url":"https://codeload.github.com/geekzter/azure-active-directory-client/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekzter%2Fazure-active-directory-client/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32292845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T08:29:33.829Z","status":"ssl_error","status_checked_at":"2026-04-26T08:29:18.366Z","response_time":129,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure-active-directory","azure-devops","oauth2","powershell","terraform"],"created_at":"2024-11-18T11:13:26.458Z","updated_at":"2026-04-26T09:32:25.245Z","avatar_url":"https://github.com/geekzter.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure Active Directory PowerShell Client\n\nThis repo demonstrates the use of AAD sign in from PowerShell script, leveraging [device authorization grant flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-device-code). See [Azure DevOps](https://github.com/microsoft/azure-devops-auth-samples/tree/master/ManagedClientConsoleAppSample) and other [headless](https://learn.microsoft.com/azure/active-directory/develop/sample-v2-code#headless) samples for C#, Java, Python flavors.\n\n## Setup\nThis repo contains Terraform templates to create the [multi-tenant](https://learn.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant) AAD application needed to perform authentication, and PowerShell scripts to handle the authentication flow itself.\n\n### Create AAD application with Terraform\nSpecific [settings](terraform/modules/application/main.tf) that make device code flow work are:\n\n```hcl\n  fallback_public_client_enabled = true \n  identifier_uris              = [\"api://${data.azuread_domains.tenant_domain.domains[0].domain_name}/${random_uuid.app_uri_identifier.result}\"]\n  public_client {\n    redirect_uris              = [\n      \"https://login.microsoftonline.com/common/oauth2/nativeclient\"\n    ]\n  }\n  required_resource_access {\n    # App id of the resource you want to access once logged in\n    # e.g. 499b84ac-1321-427f-aa17-267ca6975798 for Azure DevOps\n    resource_app_id            = var.resource_app_id\n    resource_access {\n      # e.g. ee69721e-6c3a-468f-a9ec-302d16a4c599 for user_impersonation\n      id                       = var.resource_access_id\n      type                     = \"Scope\"\n    }\n  }\n  required_resource_access {\n    resource_app_id            = \"00000003-0000-0000-c000-000000000000\" # Microsoft Graph\n    resource_access {\n      id                       = \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\" # User.Read\n      type                     = \"Scope\"\n    }\n  }\n  sign_in_audience             = \"AzureADandPersonalMicrosoftAccount\"\n```\nWhich will show up in the portal as:\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"visuals/public-client.png\" width=\"689\"\u003e\n\u003c/p\u003e   \nAnd:\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"visuals/api-permissions.png\" width=\"1033\"\u003e\n\u003c/p\u003e   \nSteps:  \n\n- Set the `tenant_id` Terraform variable or `ARM_TENANT_ID` environment variable to a tenant you have [permission to consent applications](consent.md) in\n- Set the `resource_application_name` Terraform variable to a well known application you want to sign in to, see [`application_published_app_ids`](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application_published_app_ids) data source. You can also uncomment the `microsoft_applications` output to list well known application names.\n- Initialize workspace with `terraform init`\n- Provision resources with `terraform apply` or running [`deploy.ps1`](scripts/deploy.ps1)\n\n### Login with PowerShell\nOnce the AAD application is provisioned, run [`login.ps1`](scripts/login.ps1) to get an AAD token for the resource configured. This script will propagate the appId of the AAD application created.\n\n### End-to-end demo\nYou can run AAD application provisioning and login using a single script: [`demo.ps1`](scripts/demo.ps1). If you provision the AAD application and then immediately try to log in, you may enter a race condition where the AAD application is not fully available yet.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeekzter%2Fazure-active-directory-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeekzter%2Fazure-active-directory-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeekzter%2Fazure-active-directory-client/lists"}