diff --git a/docs/authentication.md b/docs/authentication.md index 6ed593b807e..86c74197086 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -5,6 +5,20 @@ The Microsoft Graph PowerShell module supports two types of authentication: - Delegated Access - App-only Access +## Web Account Manager (WAM) +WAM is a Windows 10+ component that acts as an authentication broker allowing the users of an app benefit from integration with accounts known to Windows, such as the account already signed into an active Windows session. + +Microsoft Graph PowerShell module supports WAM in the following scenraio: + +- To enable WAM on supported devices +```PowerShell +Set-MgGraphOption -EnableLoginByWAM $true +``` + +- To disable WAM on supported devices +```PowerShell +Set-MgGraphOption -EnableLoginByWAM $false +``` ## Delegated Access Delegated access uses a public client to get an access token and consume Microsoft Graph resources on behalf of the signed-in user. diff --git a/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs new file mode 100644 index 00000000000..040277f76aa --- /dev/null +++ b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs @@ -0,0 +1,36 @@ +// ------------------------------------------------------------------------------ +// Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +// ------------------------------------------------------------------------------ + +using Newtonsoft.Json.Linq; +using System.IO; +using System.Management.Automation; + +namespace Microsoft.Graph.PowerShell.Authentication.Cmdlets +{ + [Cmdlet(VerbsCommon.Get, "MgGraphOption", HelpUri = "")] + [OutputType(typeof(IGraphOption))] + public class GetMgGraphOption : PSCmdlet + { + protected override void BeginProcessing() + { + base.BeginProcessing(); + } + + protected override void ProcessRecord() + { + base.ProcessRecord(); + WriteObject(GraphSession.Instance.GraphOption); + } + + protected override void EndProcessing() + { + base.EndProcessing(); + } + + protected override void StopProcessing() + { + base.StopProcessing(); + } + } +} \ No newline at end of file diff --git a/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs b/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs index 022effd1dd7..ad4f0f76a11 100644 --- a/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs +++ b/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs @@ -25,8 +25,7 @@ protected override void ProcessRecord() if (this.IsParameterBound(nameof(EnableLoginByWAM))) { GraphSession.Instance.GraphOption.EnableWAMForMSGraph = EnableLoginByWAM; - var message = $"Signin by Web Account Manager (WAM) is {(EnableLoginByWAM ? "enabled" : "disabled")}."; - WriteObject(message); + WriteDebug($"Signin by Web Account Manager (WAM) is {(EnableLoginByWAM ? "enabled" : "disabled")}."); } File.WriteAllText(Constants.GraphOptionsFilePath, JsonConvert.SerializeObject(GraphSession.Instance.GraphOption, Formatting.Indented)); } diff --git a/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 b/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 index b2284373da9..8ecb4c09f55 100644 --- a/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 +++ b/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 @@ -75,7 +75,7 @@ FunctionsToExport = 'Find-MgGraphCommand', 'Find-MgGraphPermission' CmdletsToExport = 'Connect-MgGraph', 'Disconnect-MgGraph', 'Get-MgContext', 'Invoke-MgGraphRequest', 'Add-MgEnvironment', 'Get-MgEnvironment', 'Remove-MgEnvironment', 'Set-MgEnvironment', 'Get-MgRequestContext', - 'Set-MgRequestContext', 'Set-MgGraphOption' + 'Set-MgRequestContext', 'Set-MgGraphOption', 'Get-MgGraphOption' # Variables to export from this module VariablesToExport = '*' diff --git a/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 new file mode 100644 index 00000000000..eafe549ef07 --- /dev/null +++ b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ + +Describe "Get-MgGraphOption Command" { + BeforeAll { + $ModuleName = "Microsoft.Graph.Authentication" + $ModulePath = Join-Path $PSScriptRoot "..\artifacts\$ModuleName.psd1" + Import-Module $ModulePath -Force + } + Context "When executing the command" { + it 'Should have one ParameterSets' { + $GetMgGraphOptionCommand = Get-Command Set-MgGraphOption + $GetMgGraphOptionCommand | Should -Not -BeNullOrEmpty + $GetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1 + $GetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 12 # PS common parameters. + } + + It 'Executes successfully' { + { Get-MgGraphOption -Debug | Out-Null } | Should -Not -Be $null + { Get-MgGraphOption -ErrorAction SilentlyContinue } | Should -Not -Throw + } + } +} \ No newline at end of file diff --git a/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 b/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 index 6eb4488d04b..e53ce9051bb 100644 --- a/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 +++ b/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 @@ -51,7 +51,8 @@ Describe "Microsoft.Graph.Authentication module" { "Invoke-MgRestMethod", "Get-MgRequestContext", "Set-MgRequestContext", - "Set-MgGraphOption" + "Set-MgGraphOption", + "Get-MgGraphOption" ) $PSModuleInfo.ExportedCommands.Keys | Should -BeIn $ExpectedCommands diff --git a/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 new file mode 100644 index 00000000000..efeb7b790f2 --- /dev/null +++ b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 @@ -0,0 +1,29 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ + +Describe "Set-MgGraphOption" { + BeforeAll { + $ModuleName = "Microsoft.Graph.Authentication" + $ModulePath = Join-Path $PSScriptRoot "..\artifacts\$ModuleName.psd1" + Import-Module $ModulePath -Force -ErrorAction SilentlyContinue + } + Context "When executing the command" { + it 'Should have one ParameterSets' { + $SetMgGraphOptionCommand = Get-Command Set-MgGraphOption + $SetMgGraphOptionCommand | Should -Not -BeNullOrEmpty + $SetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1 + $SetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 12 # PS common parameters. + } + + It 'Executes successfully whren toggling WAM on' { + { Set-MgGraphOption -EnableLoginByWAM $true -Debug | Out-Null } | Should -Not -Be $null + { Set-MgGraphOption -EnableLoginByWAM $true -ErrorAction SilentlyContinue } | Should -Not -Throw + } + + It 'Executes successfully when toggling WAM off' { + { Set-MgGraphOption -EnableLoginByWAM $false -Debug | Out-Null } | Should -Not -Be $null + { Set-MgGraphOption -EnableLoginByWAM $false -ErrorAction SilentlyContinue } | Should -Not -Throw + } + } +} \ No newline at end of file