Update authentication to api

CHANGELOG.md

@@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Added Get-TkMsalToken cmdlet to retrieve an MSAL token using API calls.
+- Added Managed Identity support for  Get-TkMsalToken cmdlet (Needs to be tested).
+- SecureString support for Get-TkMsalToken cmdlet.
+
+### Fixed
+
+- Fixed authentication context for MgGraph.
+
+### Changed
+
+- Updated private function names to be more descriptive.
+- Removed MSAL.PS dependency from Send-TkEmailAppMessage function.
+
+## [0.2.0] - 2025-03-14
+
+### Added
+
 - Updated docs for the module.
 - Release Candidate
 - Update wiki pages.

README.md

@@ -10,7 +10,6 @@ The **GraphAppToolkit** module provides a set of functions and classes to quickl
 - Microsoft.Graph
 - Microsoft.PowerShell.SecretManagement
 - SecretManagement.JustinGrote.CredMan
-- MSAL.PS
 
 ### Requirements
 
@@ -108,7 +107,7 @@ The following Private Functions support the module’s internal processes and ar
 - **Connect-TkMsService**
 - **ConvertTo-ParameterSplat**
 - **Initialize-TkAppAuthCertificate**
-- **Initialize-TkAppSpRegistration**
+- **New-TkAppSpOauth2Registration**
 - **Initialize-TkModuleEnv**
 - **Initialize-TkAppName**
 - **New-TkAppRegistration**
@@ -531,16 +530,16 @@ Send-TkEmailAppMessage -AppId <String> -TenantId <String> -CertThumbprint <Strin
 ### Parameters
 | Name  | Alias  | Description | Required? | Pipeline Input | Default Value |
 | - | - | - | - | - | - |
-| <nobr>AppName</nobr> |  | \\[Vault Parameter Set Only\\] The name of the pre-created Microsoft Graph Email App \(stored in GraphEmailAppLocalStore\\). Used only if the 'Vault' parameter set is chosen. The function retrieves the AppId, TenantId, and certificate thumbprint from the vault entry. | true | false |  |
-| <nobr>AppId</nobr> |  | \\[Manual Parameter Set Only\\] The Azure AD application \(client\\) ID to use for sending the email. Must be used together with TenantId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
-| <nobr>TenantId</nobr> |  | \\[Manual Parameter Set Only\\] The Azure AD tenant ID \(GUID or domain name\\). Must be used together with AppId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
-| <nobr>CertThumbprint</nobr> |  | \\[Manual Parameter Set Only\\] The certificate thumbprint \(in Cert:\\CurrentUser\\My\\) used for authenticating as the Azure AD app. Must be used together with AppId and TenantId in the 'Manual' parameter set. | true | false |  |
+| <nobr>AppName</nobr> |  | \[Vault Parameter Set Only\] The name of the pre-created Microsoft Graph Email App \(stored in GraphEmailAppLocalStore\\). Used only if the 'Vault' parameter set is chosen. The function retrieves the AppId, TenantId, and certificate thumbprint from the vault entry. | true | false |  |
+| <nobr>AppId</nobr> |  | \[Manual Parameter Set Only\] The Azure AD application \(client\\) ID to use for sending the email. Must be used together with TenantId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
+| <nobr>TenantId</nobr> |  | \[Manual Parameter Set Only\] The Azure AD tenant ID \(GUID or domain name\\). Must be used together with AppId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
+| <nobr>CertThumbprint</nobr> |  | \[Manual Parameter Set Only\] The certificate thumbprint \(in Cert:\\CurrentUser\\My\\) used for authenticating as the Azure AD app. Must be used together with AppId and TenantId in the 'Manual' parameter set. | true | false |  |
 | <nobr>To</nobr> |  | The email address of the recipient. | true | false |  |
 | <nobr>FromAddress</nobr> |  | The email address of the sender who is authorized to send email as configured in the Graph Email App. | true | false |  |
 | <nobr>Subject</nobr> |  | The subject line of the email. | true | false |  |
 | <nobr>EmailBody</nobr> |  | The body text of the email. | true | false |  |
 | <nobr>AttachmentPath</nobr> |  | An array of file paths for any attachments to include in the email. Each path must exist as a leaf file. | false | false |  |
-| <nobr>VaultName</nobr> |  | \\[Vault Parameter Set Only\\] The name of the vault to retrieve the GraphEmailApp object. Default is 'GraphEmailAppLocalStore'. | false | false | GraphEmailAppLocalStore |
+| <nobr>VaultName</nobr> |  | \[Vault Parameter Set Only\] The name of the vault to retrieve the GraphEmailApp object. Default is 'GraphEmailAppLocalStore'. | false | false | GraphEmailAppLocalStore |
 | <nobr>WhatIf</nobr> | wi |  | false | false |  |
 | <nobr>Confirm</nobr> | cf |  | false | false |  |
 ### Note

README2.md

@@ -270,16 +270,16 @@ Send-TkEmailAppMessage -AppId <String> -TenantId <String> -CertThumbprint <Strin
 ### Parameters
 | Name  | Alias  | Description | Required? | Pipeline Input | Default Value |
 | - | - | - | - | - | - |
-| <nobr>AppName</nobr> |  | \\[Vault Parameter Set Only\\] The name of the pre-created Microsoft Graph Email App \(stored in GraphEmailAppLocalStore\\). Used only if the 'Vault' parameter set is chosen. The function retrieves the AppId, TenantId, and certificate thumbprint from the vault entry. | true | false |  |
-| <nobr>AppId</nobr> |  | \\[Manual Parameter Set Only\\] The Azure AD application \(client\\) ID to use for sending the email. Must be used together with TenantId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
-| <nobr>TenantId</nobr> |  | \\[Manual Parameter Set Only\\] The Azure AD tenant ID \(GUID or domain name\\). Must be used together with AppId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
-| <nobr>CertThumbprint</nobr> |  | \\[Manual Parameter Set Only\\] The certificate thumbprint \(in Cert:\\CurrentUser\\My\\) used for authenticating as the Azure AD app. Must be used together with AppId and TenantId in the 'Manual' parameter set. | true | false |  |
+| <nobr>AppName</nobr> |  | \[Vault Parameter Set Only\] The name of the pre-created Microsoft Graph Email App \(stored in GraphEmailAppLocalStore\\). Used only if the 'Vault' parameter set is chosen. The function retrieves the AppId, TenantId, and certificate thumbprint from the vault entry. | true | false |  |
+| <nobr>AppId</nobr> |  | \[Manual Parameter Set Only\] The Azure AD application \(client\\) ID to use for sending the email. Must be used together with TenantId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
+| <nobr>TenantId</nobr> |  | \[Manual Parameter Set Only\] The Azure AD tenant ID \(GUID or domain name\\). Must be used together with AppId and CertThumbprint in the 'Manual' parameter set. | true | false |  |
+| <nobr>CertThumbprint</nobr> |  | \[Manual Parameter Set Only\] The certificate thumbprint \(in Cert:\\CurrentUser\\My\\) used for authenticating as the Azure AD app. Must be used together with AppId and TenantId in the 'Manual' parameter set. | true | false |  |
 | <nobr>To</nobr> |  | The email address of the recipient. | true | false |  |
 | <nobr>FromAddress</nobr> |  | The email address of the sender who is authorized to send email as configured in the Graph Email App. | true | false |  |
 | <nobr>Subject</nobr> |  | The subject line of the email. | true | false |  |
 | <nobr>EmailBody</nobr> |  | The body text of the email. | true | false |  |
 | <nobr>AttachmentPath</nobr> |  | An array of file paths for any attachments to include in the email. Each path must exist as a leaf file. | false | false |  |
-| <nobr>VaultName</nobr> |  | \\[Vault Parameter Set Only\\] The name of the vault to retrieve the GraphEmailApp object. Default is 'GraphEmailAppLocalStore'. | false | false | GraphEmailAppLocalStore |
+| <nobr>VaultName</nobr> |  | \[Vault Parameter Set Only\] The name of the vault to retrieve the GraphEmailApp object. Default is 'GraphEmailAppLocalStore'. | false | false | GraphEmailAppLocalStore |
 | <nobr>WhatIf</nobr> | wi |  | false | false |  |
 | <nobr>Confirm</nobr> | cf |  | false | false |  |
 ### Note

help/GraphAppToolkit.md

@@ -26,4 +26,3 @@ Publishes a new MEM (Intune) Policy Manager App in Azure AD with read-only or re
 ### [Send-TkEmailAppMessage](Send-TkEmailAppMessage)
 Sends an email using the Microsoft Graph API, either by retrieving app credentials from a local vault
 or by specifying them manually.
-

help/New-MailEnabledSendingGroup.md

@@ -1,4 +1,4 @@
----
+---
 external help file: GraphAppToolkit-help.xml
 Module Name: GraphAppToolkit
 online version:
@@ -56,47 +56,47 @@ and a primary SMTP address of Senders@customdomain.org.
 
 ## PARAMETERS
 
-### -Name
-The name of the mail-enabled security group to create or retrieve.
-This is also used as
-the alias if no separate Alias parameter is provided.
+### -Alias
+An optional alias for the group.
+If omitted, the group name is used as the alias.
 
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Alias
-An optional alias for the group.
-If omitted, the group name is used as the alias.
+### -DefaultDomain
+(DefaultDomain parameter set) The domain portion to be appended to the group alias (e.g.
+"Alias@DefaultDomain").
+This parameter is mandatory when using the 'DefaultDomain' parameter set.
 
 ```yaml
 Type: String
-Parameter Sets: (All)
+Parameter Sets: DefaultDomain
 Aliases:
 
-Required: False
+Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -PrimarySmtpAddress
-(CustomDomain parameter set) The full SMTP address for the group (e.g.
-"MyGroup@contoso.com").
-This parameter is mandatory when using the 'CustomDomain' parameter set.
+### -Name
+The name of the mail-enabled security group to create or retrieve.
+This is also used as
+the alias if no separate Alias parameter is provided.
 
 ```yaml
 Type: String
-Parameter Sets: CustomDomain
+Parameter Sets: (All)
 Aliases:
 
 Required: True
@@ -106,14 +106,14 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -DefaultDomain
-(DefaultDomain parameter set) The domain portion to be appended to the group alias (e.g.
-"Alias@DefaultDomain").
-This parameter is mandatory when using the 'DefaultDomain' parameter set.
+### -PrimarySmtpAddress
+(CustomDomain parameter set) The full SMTP address for the group (e.g.
+"MyGroup@contoso.com").
+This parameter is mandatory when using the 'CustomDomain' parameter set.
 
 ```yaml
 Type: String
-Parameter Sets: DefaultDomain
+Parameter Sets: CustomDomain
 Aliases:
 
 Required: True
@@ -123,14 +123,13 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -WhatIf
-Shows what would happen if the cmdlet runs.
-The cmdlet is not run.
+### -ProgressAction
+{{ Fill ProgressAction Description }}
 
 ```yaml
-Type: SwitchParameter
+Type: ActionPreference
 Parameter Sets: (All)
-Aliases: wi
+Aliases: proga
 
 Required: False
 Position: Named
@@ -154,13 +153,14 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ProgressAction
-{{ Fill ProgressAction Description }}
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
 
 ```yaml
-Type: ActionPreference
+Type: SwitchParameter
 Parameter Sets: (All)
-Aliases: proga
+Aliases: wi
 
 Required: False
 Position: Named

help/Publish-TkEmailApp.md

@@ -1,4 +1,4 @@
----
+---
 external help file: GraphAppToolkit-help.xml
 Module Name: GraphAppToolkit
 online version:
@@ -162,26 +162,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -MailEnabledSendingGroup
-The mail-enabled security group.
-Must be a valid email address.
+### -CertPrefix
+Prefix to add to the certificate subject for the existing app.
 
 ```yaml
 Type: String
 Parameter Sets: CreateNewApp
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ExistingAppObjectId
-The AppId of the existing App Registration to which you want to attach a certificate.
-Must be a valid GUID.
-
 ```yaml
 Type: String
 Parameter Sets: UseExistingApp
@@ -194,12 +189,13 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -CertPrefix
-Prefix to add to the certificate subject for the existing app.
+### -CertThumbprint
+The thumbprint of the certificate to be retrieved.
+Must be a valid 40-character hexadecimal string.
 
 ```yaml
 Type: String
-Parameter Sets: CreateNewApp
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -209,28 +205,31 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DoNotUseDomainSuffix
+Switch to add session domain suffix to the app name.
+
 ```yaml
-Type: String
-Parameter Sets: UseExistingApp
+Type: SwitchParameter
+Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
-Default value: None
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -CertThumbprint
-The thumbprint of the certificate to be retrieved.
-Must be a valid 40-character hexadecimal string.
+### -ExistingAppObjectId
+The AppId of the existing App Registration to which you want to attach a certificate.
+Must be a valid GUID.
 
 ```yaml
 Type: String
-Parameter Sets: (All)
+Parameter Sets: UseExistingApp
 Aliases:
 
-Required: False
+Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
@@ -254,18 +253,18 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -VaultName
-If specified, use a custom vault name.
-Otherwise, use the default 'GraphEmailAppLocalStore'.
+### -MailEnabledSendingGroup
+The mail-enabled security group.
+Must be a valid email address.
 
 ```yaml
 Type: String
-Parameter Sets: (All)
+Parameter Sets: CreateNewApp
 Aliases:
 
-Required: False
+Required: True
 Position: Named
-Default value: GraphEmailAppLocalStore
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
@@ -285,23 +284,23 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ReturnParamSplat
-If specified, return the parameter splat for use in other functions.
+### -ProgressAction
+{{ Fill ProgressAction Description }}
 
 ```yaml
-Type: SwitchParameter
+Type: ActionPreference
 Parameter Sets: (All)
-Aliases:
+Aliases: proga
 
 Required: False
 Position: Named
-Default value: False
+Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -DoNotUseDomainSuffix
-Switch to add session domain suffix to the app name.
+### -ReturnParamSplat
+If specified, return the parameter splat for use in other functions.
 
 ```yaml
 Type: SwitchParameter
@@ -315,17 +314,18 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -ProgressAction
-{{ Fill ProgressAction Description }}
+### -VaultName
+If specified, use a custom vault name.
+Otherwise, use the default 'GraphEmailAppLocalStore'.
 
 ```yaml
-Type: ActionPreference
+Type: String
 Parameter Sets: (All)
-Aliases: proga
+Aliases:
 
 Required: False
 Position: Named
-Default value: None
+Default value: GraphEmailAppLocalStore
 Accept pipeline input: False
 Accept wildcard characters: False
 ```