From a78ad8e4765254cc2520e4c7d928a2796e436f64 Mon Sep 17 00:00:00 2001 From: "Taofeek F. Obafemi-Babatunde" Date: Tue, 20 Jun 2023 12:15:59 -0700 Subject: [PATCH 1/4] Making updates to WAM implementation --- .../Cmdlets/GetMgGraphOption.cs | 36 +++++++++++++++++++ .../Cmdlets/SetMgGraphOption.cs | 3 +- .../Microsoft.Graph.Authentication.psd1 | 2 +- .../Microsoft.Graph.Authentication.Tests.ps1 | 3 +- 4 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs diff --git a/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs new file mode 100644 index 00000000000..9540e9e8f0b --- /dev/null +++ b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs @@ -0,0 +1,36 @@ +// ------------------------------------------------------------------------------ +// Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +// ------------------------------------------------------------------------------ + +using Newtonsoft.Json.Linq; +using System.IO; +using System.Management.Automation; + +namespace Microsoft.Graph.PowerShell.Authentication.Cmdlets +{ + [Cmdlet(VerbsCommon.Get, "MgGraphOption", HelpUri = "")] + public class GetMgGraphOption : PSCmdlet + { + protected override void BeginProcessing() + { + base.BeginProcessing(); + } + + protected override void ProcessRecord() + { + base.ProcessRecord(); + //File.WriteAllText(Constants.GraphOptionsFilePath, JsonConvert.SerializeObject(GraphSession.Instance.GraphOption, Formatting.Indented)); + WriteObject(new PSObject(JObject.Parse(File.ReadAllText(Constants.GraphOptionsFilePath)))); + } + + protected override void EndProcessing() + { + base.EndProcessing(); + } + + protected override void StopProcessing() + { + base.StopProcessing(); + } + } +} \ No newline at end of file diff --git a/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs b/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs index 022effd1dd7..ad4f0f76a11 100644 --- a/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs +++ b/src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs @@ -25,8 +25,7 @@ protected override void ProcessRecord() if (this.IsParameterBound(nameof(EnableLoginByWAM))) { GraphSession.Instance.GraphOption.EnableWAMForMSGraph = EnableLoginByWAM; - var message = $"Signin by Web Account Manager (WAM) is {(EnableLoginByWAM ? "enabled" : "disabled")}."; - WriteObject(message); + WriteDebug($"Signin by Web Account Manager (WAM) is {(EnableLoginByWAM ? "enabled" : "disabled")}."); } File.WriteAllText(Constants.GraphOptionsFilePath, JsonConvert.SerializeObject(GraphSession.Instance.GraphOption, Formatting.Indented)); } diff --git a/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 b/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 index b2284373da9..8ecb4c09f55 100644 --- a/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 +++ b/src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1 @@ -75,7 +75,7 @@ FunctionsToExport = 'Find-MgGraphCommand', 'Find-MgGraphPermission' CmdletsToExport = 'Connect-MgGraph', 'Disconnect-MgGraph', 'Get-MgContext', 'Invoke-MgGraphRequest', 'Add-MgEnvironment', 'Get-MgEnvironment', 'Remove-MgEnvironment', 'Set-MgEnvironment', 'Get-MgRequestContext', - 'Set-MgRequestContext', 'Set-MgGraphOption' + 'Set-MgRequestContext', 'Set-MgGraphOption', 'Get-MgGraphOption' # Variables to export from this module VariablesToExport = '*' diff --git a/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 b/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 index 6eb4488d04b..e53ce9051bb 100644 --- a/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 +++ b/src/Authentication/Authentication/test/Microsoft.Graph.Authentication.Tests.ps1 @@ -51,7 +51,8 @@ Describe "Microsoft.Graph.Authentication module" { "Invoke-MgRestMethod", "Get-MgRequestContext", "Set-MgRequestContext", - "Set-MgGraphOption" + "Set-MgGraphOption", + "Get-MgGraphOption" ) $PSModuleInfo.ExportedCommands.Keys | Should -BeIn $ExpectedCommands From 724b718051751c9d3e419c2022f0edc4bc76b3c9 Mon Sep 17 00:00:00 2001 From: "Taofeek F. Obafemi-Babatunde" <22969702+FehintolaObafemi@users.noreply.github.com> Date: Wed, 21 Jun 2023 07:16:24 -0700 Subject: [PATCH 2/4] Update src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs Co-authored-by: Peter Ombwa --- src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs index 9540e9e8f0b..d2378d0edee 100644 --- a/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs +++ b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs @@ -19,8 +19,7 @@ protected override void BeginProcessing() protected override void ProcessRecord() { base.ProcessRecord(); - //File.WriteAllText(Constants.GraphOptionsFilePath, JsonConvert.SerializeObject(GraphSession.Instance.GraphOption, Formatting.Indented)); - WriteObject(new PSObject(JObject.Parse(File.ReadAllText(Constants.GraphOptionsFilePath)))); + WriteObject(GraphSession.Instance.GraphOption); } protected override void EndProcessing() From 2cdfba326236983a775e69ccb72578ee5fee6d6b Mon Sep 17 00:00:00 2001 From: "Taofeek F. Obafemi-Babatunde" Date: Mon, 26 Jun 2023 09:20:41 -0700 Subject: [PATCH 3/4] Implementing Peter's suggestions v1 --- .../Cmdlets/GetMgGraphOption.cs | 1 + .../test/Get-MgGraphOption.Tests.ps1 | 24 +++++++++++++++ .../test/Set-MgGraphOption.Tests.ps1 | 29 +++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 create mode 100644 src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 diff --git a/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs index d2378d0edee..040277f76aa 100644 --- a/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs +++ b/src/Authentication/Authentication/Cmdlets/GetMgGraphOption.cs @@ -9,6 +9,7 @@ namespace Microsoft.Graph.PowerShell.Authentication.Cmdlets { [Cmdlet(VerbsCommon.Get, "MgGraphOption", HelpUri = "")] + [OutputType(typeof(IGraphOption))] public class GetMgGraphOption : PSCmdlet { protected override void BeginProcessing() diff --git a/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 new file mode 100644 index 00000000000..eafe549ef07 --- /dev/null +++ b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ + +Describe "Get-MgGraphOption Command" { + BeforeAll { + $ModuleName = "Microsoft.Graph.Authentication" + $ModulePath = Join-Path $PSScriptRoot "..\artifacts\$ModuleName.psd1" + Import-Module $ModulePath -Force + } + Context "When executing the command" { + it 'Should have one ParameterSets' { + $GetMgGraphOptionCommand = Get-Command Set-MgGraphOption + $GetMgGraphOptionCommand | Should -Not -BeNullOrEmpty + $GetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1 + $GetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 12 # PS common parameters. + } + + It 'Executes successfully' { + { Get-MgGraphOption -Debug | Out-Null } | Should -Not -Be $null + { Get-MgGraphOption -ErrorAction SilentlyContinue } | Should -Not -Throw + } + } +} \ No newline at end of file diff --git a/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 new file mode 100644 index 00000000000..efeb7b790f2 --- /dev/null +++ b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 @@ -0,0 +1,29 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ + +Describe "Set-MgGraphOption" { + BeforeAll { + $ModuleName = "Microsoft.Graph.Authentication" + $ModulePath = Join-Path $PSScriptRoot "..\artifacts\$ModuleName.psd1" + Import-Module $ModulePath -Force -ErrorAction SilentlyContinue + } + Context "When executing the command" { + it 'Should have one ParameterSets' { + $SetMgGraphOptionCommand = Get-Command Set-MgGraphOption + $SetMgGraphOptionCommand | Should -Not -BeNullOrEmpty + $SetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1 + $SetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 12 # PS common parameters. + } + + It 'Executes successfully whren toggling WAM on' { + { Set-MgGraphOption -EnableLoginByWAM $true -Debug | Out-Null } | Should -Not -Be $null + { Set-MgGraphOption -EnableLoginByWAM $true -ErrorAction SilentlyContinue } | Should -Not -Throw + } + + It 'Executes successfully when toggling WAM off' { + { Set-MgGraphOption -EnableLoginByWAM $false -Debug | Out-Null } | Should -Not -Be $null + { Set-MgGraphOption -EnableLoginByWAM $false -ErrorAction SilentlyContinue } | Should -Not -Throw + } + } +} \ No newline at end of file From 7efe2180bc5b5de189864f168539449fcd127d36 Mon Sep 17 00:00:00 2001 From: "Taofeek F. Obafemi-Babatunde" Date: Wed, 28 Jun 2023 07:40:33 -0700 Subject: [PATCH 4/4] Adding documentation for WAM --- docs/authentication.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/authentication.md b/docs/authentication.md index 6ed593b807e..86c74197086 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -5,6 +5,20 @@ The Microsoft Graph PowerShell module supports two types of authentication: - Delegated Access - App-only Access +## Web Account Manager (WAM) +WAM is a Windows 10+ component that acts as an authentication broker allowing the users of an app benefit from integration with accounts known to Windows, such as the account already signed into an active Windows session. + +Microsoft Graph PowerShell module supports WAM in the following scenraio: + +- To enable WAM on supported devices +```PowerShell +Set-MgGraphOption -EnableLoginByWAM $true +``` + +- To disable WAM on supported devices +```PowerShell +Set-MgGraphOption -EnableLoginByWAM $false +``` ## Delegated Access Delegated access uses a public client to get an access token and consume Microsoft Graph resources on behalf of the signed-in user.