add cmdlet Get-AzAccessToken

Author: erich-wang

src/Accounts/Accounts/Az.Accounts.psd1

@@ -106,7 +106,7 @@ CmdletsToExport = 'Disable-AzDataCollection', 'Disable-AzContextAutosave',
                'Disconnect-AzAccount', 'Get-AzContextAutosaveSetting', 
                'Set-AzDefault', 'Get-AzDefault', 'Clear-AzDefault', 
                'Register-AzModule', 'Enable-AzureRmAlias', 'Disable-AzureRmAlias', 
-               'Uninstall-AzureRm', 'Invoke-AzRestMethod'
+               'Uninstall-AzureRm', 'Invoke-AzRestMethod', 'Get-AzAccessToken'
 
 # Variables to export from this module
 # VariablesToExport = @()

src/Accounts/Accounts/ChangeLog.md

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Add new cmdlet `Get-AzAccessToken`
 * Supported interrupting login by hitting <kbd>CTRL</kbd>+<kbd>C</kbd>
 * Fixed an issue causing `Connect-AzAccount -KeyVaultAccessToken` not working [#13127]
 * Fixed null reference and method case insensitive in `Invoke-AzRestMethod`

src/Accounts/Accounts/Properties/Resources.Designer.cs

@@ -519,4 +519,10 @@
   <data name="SuggestToUseDeviceCodeAuth" xml:space="preserve">
     <value>Please run 'Connect-AzAccount -DeviceCode' if browser is not supported in this session.</value>
   </data>
+  <data name="InvalidResourceTypeName" xml:space="preserve">
+    <value>The specified ResourceTypeName "{0}" is not supported, please provide a valid value. e.g. Arm, AadGraph, etc.</value>
+  </data>
+  <data name="InvalidTenantId" xml:space="preserve">
+    <value>Could not find TenantId "{0}" in logged-in contexts. Please make sure you have logged into the tenant, e.g. Connect-AzAccount -Tenant xxx</value>
+  </data>
 </root>

src/Accounts/Accounts/Properties/Resources.resx

@@ -0,0 +1,131 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using System.Net.Http;
+using System.Threading;
+
+using Microsoft.Azure.Commands.Common.Authentication;
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Azure.Commands.Common.Authentication.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+
+namespace Microsoft.Azure.Commands.Profile.Token
+{
+    [Cmdlet(VerbsCommon.Get, AzureRMConstants.AzureRMPrefix + "AccessToken")]
+    [OutputType(typeof(string))]
+    public class GetAzureRmAccessTokenCommand : AzureRMCmdlet
+    {
+        private const string AuthorizationHeaderName = "Authorization";
+        private const string ResourceUriParameterSet = "ResourceUri";
+        private const string KnownResourceNameParameterSet = "KnownResourceTypeName";
+
+        //TODO: Support ResourceUri directly
+        //[Parameter(ParameterSetName = ResourceUriParameterSet, Mandatory = false)]
+        //public string Resource { get; set; }
+
+        [Parameter(ParameterSetName = KnownResourceNameParameterSet,
+            Mandatory = false,
+            HelpMessage = "Optional resouce type name, supported values: AadGraph, Analysis, Arm, Attest, DataLake, KeyVault, OperationInsights, Synapse. Default value is Arm if not specified.")]
+        [PSArgumentCompleter(
+            SupportedResourceNames.AadGraph,
+            SupportedResourceNames.Analysis,
+            SupportedResourceNames.Arm,
+            SupportedResourceNames.Attest,
+            SupportedResourceNames.DataLake,
+            SupportedResourceNames.KeyVault,
+            SupportedResourceNames.OperationInsights,
+            SupportedResourceNames.Synapse
+            )]
+        public string ResourceTypeName { get; set; }
+
+        //Use tenant in default context if not specified
+        [Parameter(Mandatory = false, HelpMessage = "Optional Tenant Id. Use tenant id of default context if not specified.")]
+        public string TenantId { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+
+            string resourceId = null;
+
+            if (ResourceTypeName == null)
+            {
+                ResourceTypeName = SupportedResourceNames.Arm;
+            }
+            if (!SupportedResourceNames.ResourceNameMap.ContainsKey(ResourceTypeName))
+            {
+                throw new ArgumentException(Properties.Resources.InvalidResourceTypeName.FormatInvariant(ResourceTypeName), nameof(ResourceTypeName));
+            }
+
+            resourceId = SupportedResourceNames.ResourceNameMap[ResourceTypeName];
+
+            resourceId = string.IsNullOrEmpty(resourceId) ? AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId : resourceId;
+
+            IAzureContext context = DefaultContext;
+            if (!string.IsNullOrEmpty(TenantId) && !string.Equals(context.Tenant.Id, TenantId, StringComparison.OrdinalIgnoreCase))
+            {
+                var profile = DefaultProfile as AzureRmProfile;
+                context = profile.Contexts.FirstOrDefault(c =>
+                    string.Equals(c.Value.Tenant.Id, TenantId, StringComparison.OrdinalIgnoreCase)).Value;
+                if (context == null)
+                {
+                    throw new ArgumentException(Properties.Resources.InvalidTenantId.FormatInvariant(TenantId), nameof(TenantId));
+                }
+            }
+            var credential = AzureSession.Instance.AuthenticationFactory.GetServiceClientCredentials(
+                context,
+                resourceId);
+            var requestMessage = new HttpRequestMessage();
+            credential.ProcessHttpRequestAsync(requestMessage, default(CancellationToken)).ConfigureAwait(false).GetAwaiter().GetResult();
+            if (requestMessage.Headers.Contains(AuthorizationHeaderName))
+            {
+                var token = requestMessage.Headers.GetValues(AuthorizationHeaderName)
+                    ?.FirstOrDefault()?.Substring("Bearer ".Length);
+                WriteObject(token);
+            }
+        }
+
+        internal class SupportedResourceNames
+        {
+            //TODO: Support 'Batch' and 'ManagedHsm', need to upate AzureEnvironmentExtensions.GetTokenAudience() to support more endpoints
+
+            public const string Arm = "Arm";
+            public const string AadGraph = "AadGraph";
+            public const string DataLake = "DataLake";
+            public const string KeyVault = "KeyVault";
+
+            public const string Analysis = "Analysis";
+            public const string Attest = "Attest";
+            public const string OperationInsights = "OperationInsights";
+            public const string Synapse = "Synapse";
+
+            internal static Dictionary<string, string> ResourceNameMap = new Dictionary<string, string>()
+            {
+                { Arm, AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId },
+                { AadGraph, AzureEnvironment.Endpoint.Graph}, //Only exception that not using xxxResourceId because of implementation of GetTokenAudience
+                { DataLake, AzureEnvironment.Endpoint.DataLakeEndpointResourceId},
+                { KeyVault, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId},
+                { Analysis, AzureEnvironment.ExtendedEndpoint.AnalysisServicesEndpointResourceId},
+                { Attest, AzureEnvironment.ExtendedEndpoint.AzureAttestationServiceEndpointResourceId },
+                { OperationInsights, AzureEnvironment.ExtendedEndpoint.OperationalInsightsEndpointResourceId},
+                { Synapse, AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId},
+            };
+        }
+    }
+}

src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs

@@ -47,6 +47,9 @@ machine. Data is collected by default unless you explicitly opt out.
 ### [Enable-AzureRmAlias](Enable-AzureRmAlias.md)
 Enables AzureRm prefix aliases for Az modules.
 
+### [Get-AzAccessToken](Get-AzAccessToken.md)
+Get raw access token.
+
 ### [Get-AzContext](Get-AzContext.md)
 Gets the metadata used to authenticate Azure Resource Manager requests.
 
@@ -60,9 +63,6 @@ Get the defaults set by the user in the current context.
 ### [Get-AzEnvironment](Get-AzEnvironment.md)
 Get endpoints and metadata for an instance of Azure services.
 
-### [Get-AzProfile](Get-AzProfile.md)
-Get the service profiles supported by installed modules.
-
 ### [Get-AzSubscription](Get-AzSubscription.md)
 Get subscriptions that the current account can access.
 
@@ -96,9 +96,6 @@ Saves the current authentication information for use in other PowerShell session
 ### [Select-AzContext](Select-AzContext.md)
 Select a subscription and account to target in Azure PowerShell cmdlets
 
-### [Select-AzProfile](Select-AzProfile.md)
-For modules that support multiple service profiles - load the cmdlets corresponding with the given service profile.
-
 ### [Send-Feedback](Send-Feedback.md)
 Sends feedback to the Azure PowerShell team via a set of guided prompts.
 

src/Accounts/Accounts/help/Az.Accounts.md

@@ -0,0 +1,99 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.Accounts.dll-Help.xml
+Module Name: Az.Accounts
+online version:
+schema: 2.0.0
+---
+
+# Get-AzAccessToken
+
+## SYNOPSIS
+Get raw access token
+
+## SYNTAX
+
+### KnownResourceTypeName
+```
+Get-AzAccessToken -ResourceTypeName <String> [-TenantId <String>] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+Get access token
+
+## EXAMPLES
+
+### Example 1 Get raw access token for ARM endpoint
+```powershell
+PS C:\> Get-AzAccessToken
+```
+
+Get access token of ResourceManager endpoint for current account
+
+### Example 2 Get raw access token for AAD graph endpoint
+```powershell
+PS C:\> Get-AzAccessToken -ResourceTypeName AadGraph
+```
+
+Get access token of AAD graph endpoint for current account
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceTypeName
+Optional resouce type name, supported values: AadGraph, Analysis, Arm, Attest, DataLake, KeyVault, OperationInsights, Synapse. Default value is Arm if not specified.
+
+```yaml
+Type: System.String
+Parameter Sets: KnownResourceTypeName
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -TenantId
+Optional Tenant Id. Use tenant id of default context if not specified.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+
+## OUTPUTS
+
+### System.String
+
+## NOTES
+
+## RELATED LINKS