Update authentication to api

.gitignore

@@ -17,4 +17,5 @@ node_modules
 package-lock.json
 ZZBuild-Help.ps1
 test1.ps1
-helpdoc.ps1
+helpdoc.ps1
+StyleGuide.md

CHANGELOG.md

@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Added Get-TkMsalToken cmdlet to retrieve an MSAL token using API calls.
+- Added Managed Identity support for  Get-TkMsalToken cmdlet (Needs to be tested).
+- SecureString support for Get-TkMsalToken cmdlet.
+- Formatting alignment for cmdlets.
+
+### Fixed
+
+- Fixed authentication context for MgGraph.
+
+### Changed
+
+- Updated private function names to be more descriptive.
+- Removed MSAL.PS dependency from Send-TkEmailAppMessage function.
+- Removed Send-TkEmailAppMessage module install if manual parameters are provided.
+
+## [0.2.0] - 2025-03-14
+
+### Added
+
 - Updated docs for the module.
 - Release Candidate
 - Update wiki pages.

docs/index.html

@@ -2,7 +2,7 @@
 <!--
 <auto-generated>
   <synopsis>
-    This code was generated by a psDoc. on: 03/14/2025 14:18:51
+    This code was generated by a psDoc. on: 03/17/2025 08:59:20
     Get it here: https://github.com/ChaseFlorell/psDoc
   </synopsis>
   <description>
@@ -130,9 +130,9 @@ <h3> Syntax </h3>
                         </div>
 						<div class="panel panel-default">
                             <div class='panel-body'>
-<pre class="brush: ps">New-MailEnabledSendingGroup -Name &lt;String&gt; [-Alias &lt;String&gt;] -PrimarySmtpAddress &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
+<pre class="brush: ps">New-MailEnabledSendingGroup -Name &lt;String&gt; [-Alias &lt;String&gt;] -PrimarySmtpAddress &lt;String&gt; [-LogOutputPath &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
 
-New-MailEnabledSendingGroup -Name &lt;String&gt; [-Alias &lt;String&gt;] -DefaultDomain &lt;String&gt; [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
+New-MailEnabledSendingGroup -Name &lt;String&gt; [-Alias &lt;String&gt;] -DefaultDomain &lt;String&gt; [-LogOutputPath &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
                             </div>
 						</div>
 						<div>
@@ -188,6 +188,15 @@ <h3> Parameters </h3>
 										<td class="visible-lg">false</td>
 										<td class="visible-lg"></td>
 									</tr>
+									<tr>
+										<td><nobr>-LogOutputPath</nobr></td>
+                                        <td class="visible-lg visible-md"></td>
+                                        <td><p>An optional path to output the log file. If not provided, logs will not be written to a file.</p>
+</td>
+										<td class="visible-lg visible-md">false</td>
+										<td class="visible-lg">false</td>
+										<td class="visible-lg"></td>
+									</tr>
 									<tr>
 										<td><nobr>-WhatIf</nobr></td>
                                         <td class="visible-lg visible-md">wi</td>
@@ -262,9 +271,9 @@ <h3> Syntax </h3>
                         </div>
 						<div class="panel panel-default">
                             <div class='panel-body'>
-<pre class="brush: ps">Publish-TkEmailApp [-AppPrefix &lt;String&gt;] -AuthorizedSenderUserName &lt;String&gt; -MailEnabledSendingGroup &lt;String&gt; [-CertPrefix &lt;String&gt;] [-CertThumbprint &lt;String&gt;] [-KeyExportPolicy &lt;String&gt;] [-VaultName &lt;String&gt;] [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [&lt;CommonParameters&gt;]
+<pre class="brush: ps">Publish-TkEmailApp [-AppPrefix &lt;String&gt;] -AuthorizedSenderUserName &lt;String&gt; -MailEnabledSendingGroup &lt;String&gt; [-CertPrefix &lt;String&gt;] [-CertThumbprint &lt;String&gt;] [-KeyExportPolicy &lt;String&gt;] [-VaultName &lt;String&gt;] [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [-LogOutput &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]
 
-Publish-TkEmailApp -ExistingAppObjectId &lt;String&gt; -CertPrefix &lt;String&gt; [-CertThumbprint &lt;String&gt;] [-KeyExportPolicy &lt;String&gt;] [-VaultName &lt;String&gt;] [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [&lt;CommonParameters&gt;]</pre>
+Publish-TkEmailApp -ExistingAppObjectId &lt;String&gt; -CertPrefix &lt;String&gt; [-CertThumbprint &lt;String&gt;] [-KeyExportPolicy &lt;String&gt;] [-VaultName &lt;String&gt;] [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [-LogOutput &lt;String&gt;] [-WhatIf] [-Confirm] [&lt;CommonParameters&gt;]</pre>
                             </div>
 						</div>
 						<div>
@@ -380,6 +389,31 @@ <h3> Parameters </h3>
 										<td class="visible-lg">false</td>
 										<td class="visible-lg">False</td>
 									</tr>
+									<tr>
+										<td><nobr>-LogOutput</nobr></td>
+                                        <td class="visible-lg visible-md"></td>
+                                        <td><p>If specified, log the output to the console.</p>
+</td>
+										<td class="visible-lg visible-md">false</td>
+										<td class="visible-lg">false</td>
+										<td class="visible-lg"></td>
+									</tr>
+									<tr>
+										<td><nobr>-WhatIf</nobr></td>
+                                        <td class="visible-lg visible-md">wi</td>
+                                        <td></td>
+										<td class="visible-lg visible-md">false</td>
+										<td class="visible-lg">false</td>
+										<td class="visible-lg"></td>
+									</tr>
+									<tr>
+										<td><nobr>-Confirm</nobr></td>
+                                        <td class="visible-lg visible-md">cf</td>
+                                        <td></td>
+										<td class="visible-lg visible-md">false</td>
+										<td class="visible-lg">false</td>
+										<td class="visible-lg"></td>
+									</tr>
 								</tbody>
 							</table>
 						</div>

help/GraphAppToolkit.md

@@ -1,4 +1,4 @@
----
+---
 Module Name: GraphAppToolkit
 Module Guid: b5426317-5612-4483-b664-beafc448bc2f
 Download Help Link: {{ Update Download Link }}

help/New-MailEnabledSendingGroup.md

@@ -15,12 +15,12 @@ Creates or retrieves a mail-enabled security group with a custom or default doma
 ### CustomDomain (Default)
 ```
 New-MailEnabledSendingGroup -Name <String> [-Alias <String>] -PrimarySmtpAddress <String>
- [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-LogOutputPath <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### DefaultDomain
 ```
-New-MailEnabledSendingGroup -Name <String> [-Alias <String>] -DefaultDomain <String>
+New-MailEnabledSendingGroup -Name <String> [-Alias <String>] -DefaultDomain <String> [-LogOutputPath <String>]
  [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -123,6 +123,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -LogOutputPath
+An optional path to output the log file.
+If not provided, logs will not be written to a file.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -WhatIf
 Shows what would happen if the cmdlet runs.
 The cmdlet is not run.

help/Publish-TkEmailApp.md

@@ -16,15 +16,16 @@ Publishes a new or existing Graph Email App with specified configurations.
 ```
 Publish-TkEmailApp [-AppPrefix <String>] -AuthorizedSenderUserName <String> -MailEnabledSendingGroup <String>
  [-CertPrefix <String>] [-CertThumbprint <String>] [-KeyExportPolicy <String>] [-VaultName <String>]
- [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [-ProgressAction <ActionPreference>]
- [<CommonParameters>]
+ [-OverwriteVaultSecret] [-ReturnParamSplat] [-DoNotUseDomainSuffix] [-LogOutput <String>]
+ [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### UseExistingApp
 ```
 Publish-TkEmailApp -ExistingAppObjectId <String> -CertPrefix <String> [-CertThumbprint <String>]
  [-KeyExportPolicy <String>] [-VaultName <String>] [-OverwriteVaultSecret] [-ReturnParamSplat]
- [-DoNotUseDomainSuffix] [-ProgressAction <ActionPreference>] [<CommonParameters>]
+ [-DoNotUseDomainSuffix] [-LogOutput <String>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -315,6 +316,51 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -LogOutput
+If specified, log the output to the console.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ProgressAction
 {{ Fill ProgressAction Description }}
 

source/Private/Connect-TkMsService.ps1

@@ -30,17 +30,17 @@ function Connect-TkMsService {
     [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')]
     param (
         [Parameter(
-            HelpMessage = 'Connect to Microsoft Graph.'
+            HelpMessage = 'Switch to connect to Microsoft Graph.'
         )]
         [Switch]
         $MgGraph,
         [Parameter(
-            HelpMessage = 'Graph Scopes.'
+            HelpMessage = 'Array of scopes required for Microsoft Graph authentication.'
         )]
         [String[]]
         $GraphAuthScopes,
         [Parameter(
-            HelpMessage = 'Connect to Exchange Online.'
+            HelpMessage = 'Switch to connect to Exchange Online.'
         )]
         [Switch]
         $ExchangeOnline
@@ -68,14 +68,6 @@ function Connect-TkMsService {
                     Get-MgUser -Top 1 -ErrorAction Stop | Out-Null
                     $ContextMg = Get-MgContext -ErrorAction Stop
                     # Check required scopes
-                    <#
-                        $scopesNeeded = @(
-                            'Application.ReadWrite.All',
-                            'DelegatedPermissionGrant.ReadWrite.All',
-                            'Directory.ReadWrite.All',
-                            'RoleManagement.ReadWrite.Directory'
-                        )
-                    #>
                     $scopesNeeded = $GraphAuthScopes
                     $missing = $scopesNeeded | Where-Object { $ContextMg.Scopes -notcontains $_ }
                     if ($missing) {
@@ -102,16 +94,16 @@ function Connect-TkMsService {
                         # Remove the old context so we can connect fresh
                         Remove-MgContext -ErrorAction SilentlyContinue
                         Write-AuditLog 'Creating a new Microsoft Graph session.'
-                        Connect-MgGraph -Scopes $scopesNeeded `
-                            -ErrorAction Stop
+                        Connect-MgGraph -ContextScope Process -Scopes $scopesNeeded  `
+                            -ErrorAction Stop | Out-Null
                         Write-AuditLog 'Connected to Microsoft Graph.'
                     }
                 }
                 else {
                     # No valid session, so just connect
                     Write-AuditLog 'No valid Microsoft Graph session found. Connecting...'
-                    Connect-MgGraph -Scopes $scopesNeeded `
-                        -ErrorAction Stop
+                    Connect-MgGraph -ContextScope Process -Scopes $scopesNeeded `
+                        -ErrorAction Stop | Out-Null
                     Write-AuditLog 'Connected to Microsoft Graph.'
                 }
             }

source/Private/ConvertTo-ParameterSplat.ps1

@@ -17,16 +17,19 @@
         }
     .NOTES
         Author: DrIOSx
-        Date: YYYY-MM-DD
+        Last Updated: 2025-03-16
 #>
 function ConvertTo-ParameterSplat {
     [CmdletBinding()]
     [OutputType([string])]
     param (
-        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true, HelpMessage = 'The object whose properties will be converted into a parameter splatting hashtable script.')]
+        [ValidateNotNullOrEmpty()]
         [PSObject]$InputObject
     )
     process {
+        Write-AuditLog -Message "Starting ConvertTo-ParameterSplat function." -Severity "Information"
+
         $splatScript = "`$params = @{`n"
         $InputObject.psobject.Properties | ForEach-Object {
             $value = $_.Value
@@ -36,6 +39,8 @@ function ConvertTo-ParameterSplat {
             $splatScript += "    $($_.Name) = $value`n"
         }
         $splatScript += "}"
+
+        Write-AuditLog -Message "Completed ConvertTo-ParameterSplat function." -Severity "Information"
         Write-Output $splatScript
     }
 }

source/Private/Get-TkExistingCert.ps1

@@ -18,11 +18,20 @@
 function Get-TkExistingCert {
     [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')]
     param (
-        [Parameter(Mandatory = $true)]
+        [Parameter(Mandatory = $true, HelpMessage = 'The subject name of the certificate to search for in the current user''s certificate store.')]
         [string]$CertName
     )
+
+    if (-not $script:LogString) {
+        Write-AuditLog -Start
+    }
+    else {
+        Write-AuditLog -BeginFunction
+    }
+
     $ExistingCert = Get-ChildItem -Path Cert:\CurrentUser\My -ErrorAction SilentlyContinue |
     Where-Object { $_.Subject -eq $CertName } -ErrorAction SilentlyContinue
+
     if ( $ExistingCert) {
         $VerbosePreference = 'Continue'
         Write-AuditLog "Certificate with subject '$CertName' already exists in the certificate store."
@@ -31,7 +40,7 @@ function Get-TkExistingCert {
         Write-AuditLog "Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object { `$_.Subject -eq '$CertName' }"
         Write-AuditLog '2. If you are comfortable removing the old certificate, and any duplicates, run the following command:'
         Write-AuditLog "Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object { `$_.Subject -eq '$CertName' } | Remove-Item"
-        Write-AuditLog "If you would like to remove the certificate, confirm the operation when prompted."
+        Write-AuditLog 'If you would like to remove the certificate, confirm the operation when prompted.'
         $shouldProcessOperation = 'Remove-Item'
         $shouldProcessTarget = "Certificate with subject '$CertName' with thumbprint $($ExistingCert.Thumbprint)"
         if ($PSCmdlet.ShouldProcess($shouldProcessTarget, $shouldProcessOperation)) {
@@ -47,4 +56,6 @@ function Get-TkExistingCert {
     else {
         Write-AuditLog "Certificate with subject '$CertName' does not exist in the certificate store. Continuing..."
     }
+
+    Write-AuditLog -EndFunction
 }

source/Private/Get-TkExistingSecret.ps1

@@ -26,12 +26,18 @@ function Get-TkExistingSecret {
         [string]$AppName,
         [string]$VaultName = 'GraphEmailAppLocalStore'
     )
-    $ExistingSecret = Get-Secret -Name "$AppName" -Vault $VaultName -ErrorAction SilentlyContinue
-    if ($ExistingSecret) {
-        return $true
+    Write-AuditLog -BeginFunction
+    try {
+        $ExistingSecret = Get-Secret -Name "$AppName" -Vault $VaultName -ErrorAction SilentlyContinue
+        if ($ExistingSecret) {
+            return $true
+        }
+        else {
+            return $false
+        }
     }
-    else {
-        return $false
+    finally {
+        Write-AuditLog -EndFunction
     }
 }