Add Az identity token function

rvdwegen · rvdwegen · commit 4d5c10504ee1 · 2025-12-14T21:17:22.000+01:00
diff --git a/Modules/CIPPCore/Public/Authentication/Get-CIPPAzIdentityToken.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CIPPAzIdentityToken.ps1
@@ -0,0 +1,28 @@
+function Get-CIPPAzIdentityToken {
+    <#
+    .SYNOPSIS
+        Get the Azure Identity token for Managed Identity
+    .DESCRIPTION
+        This function retrieves the Azure Identity token using the Managed Identity endpoint
+    .EXAMPLE
+        Get-CIPPAzIdentityToken
+    #>
+    [CmdletBinding()]
+    param()
+
+    $Endpoint = $env:IDENTITY_ENDPOINT
+    $Secret = $env:IDENTITY_HEADER
+    $ResourceURI = 'https://management.azure.com/'
+
+    if (-not $Endpoint -or -not $Secret) {
+        throw 'Managed Identity environment variables (IDENTITY_ENDPOINT/IDENTITY_HEADER) not found. Is Managed Identity enabled on the Function App?'
+    }
+
+    $TokenUri = "$($Endpoint)?resource=$($ResourceURI)&api-version=2019-08-01"
+    $Headers = @{
+        'X-IDENTITY-HEADER' = $Secret
+    }
+
+    $TokenResponse = Invoke-RestMethod -Method Get -Headers $Headers -Uri $TokenUri
+    return $TokenResponse.access_token
+}
