pnp · erwinvanhunen · Mar 5, 2018 · Mar 5, 2018
diff --git a/Commands/Base/ConnectOnline.cs b/Commands/Base/ConnectOnline.cs
@@ -11,6 +11,9 @@
 using File = System.IO.File;
 using System.Net;
 using Microsoft.Identity.Client;
+#if NETSTANDARD2_0
+using System.IdentityModel.Tokens.Jwt;
+#endif
 #if !ONPREMISES
 using Microsoft.SharePoint.Client.CompliancePolicy;
 #endif
@@ -167,7 +170,7 @@ public class ConnectOnline : PSCmdlet
         [Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_APPONLYAAD, ValueFromPipeline = true, HelpMessage = "The Url of the site collection to connect to.")]
         [Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_APPONLYAADPEM, ValueFromPipeline = true, HelpMessage = "The Url of the site collection to connect to.")]
         [Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_SPOMANAGEMENT, ValueFromPipeline = true, HelpMessage = "The Url of the site collection to connect to.")]
-        [Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_ACCESSTOKEN, ValueFromPipeline = true, HelpMessage = "The Url of the site collection to connect to.")]
+        [Parameter(Mandatory = false, Position = 0, ParameterSetName = ParameterSet_ACCESSTOKEN, ValueFromPipeline = true, HelpMessage = "The Url of the site collection to connect to.")]
         [Parameter(Mandatory = true, Position = 0, ParameterSetName = ParameterSet_DEVICELOGIN, ValueFromPipeline = true, HelpMessage = "The Url of the site collection to connect to.")]
 #endif
 #if ONPREMISES
@@ -506,11 +509,11 @@ protected override void ProcessRecord()
             }
             else if (ParameterSetName == ParameterSet_DEVICELOGIN)
             {
-                    connection = ConnectDeviceLogin();
+                connection = ConnectDeviceLogin();
             }
             else if (ParameterSetName == ParameterSet_GRAPHDEVICELOGIN)
             {
-                connection = ConnectGraphDeviceLogin();
+                connection = ConnectGraphDeviceLogin(null);
             }
             else if (ParameterSetName == ParameterSet_NATIVEAAD)
             {
@@ -545,10 +548,27 @@ protected override void ProcessRecord()
             else if (ParameterSetName == ParameterSet_ACCESSTOKEN)
             {
 #if !NETSTANDARD2_0
-                connection = SPOnlineConnectionHelper.InitiateAccessTokenConnection(new Uri(Url), AccessToken, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, TenantAdminUrl, SkipTenantAdminCheck, AzureEnvironment);
+                var jwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(AccessToken);
 #else
-                throw new NotImplementedException();
+                var jwtToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(AccessToken);
 #endif
+                var aud = jwtToken.Audiences.FirstOrDefault();
+                if (aud != null)
+                {
+                    Url = aud;
+                }
+                if (Url.ToLower() == "https://graph.microsoft.com")
+                {
+                    connection = ConnectGraphDeviceLogin(AccessToken);
+                }
+                else
+                {
+                    //#if !NETSTANDARD2_0
+                    connection = SPOnlineConnectionHelper.InitiateAccessTokenConnection(new Uri(Url), AccessToken, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, TenantAdminUrl, SkipTenantAdminCheck, AzureEnvironment);
+                    //#else
+                    //throw new NotImplementedException();
+                    //#endif
+                }
             }
 #endif
 #if ONPREMISES
@@ -599,9 +619,17 @@ protected override void ProcessRecord()
             }
             if (SPOnlineConnection.CurrentConnection != null)
             {
-                var hostUri = new Uri(SPOnlineConnection.CurrentConnection.Url);
-                Environment.SetEnvironmentVariable("PNPPSHOST", hostUri.Host);
-                Environment.SetEnvironmentVariable("PNPPSSITE", hostUri.LocalPath);
+                if (SPOnlineConnection.CurrentConnection.ConnectionMethod != Model.ConnectionMethod.GraphDeviceLogin)
+                {
+                    var hostUri = new Uri(SPOnlineConnection.CurrentConnection.Url);
+                    Environment.SetEnvironmentVariable("PNPPSHOST", hostUri.Host);
+                    Environment.SetEnvironmentVariable("PNPPSSITE", hostUri.LocalPath);
+                }
+                else
+                {
+                    Environment.SetEnvironmentVariable("PNPPSHOST", "GRAPH");
+                    Environment.SetEnvironmentVariable("PNPPSSITE", "GRAPH");
+                }
             }
             if (ReturnConnection)
             {
@@ -659,16 +687,23 @@ private SPOnlineConnection ConnectDeviceLogin()
             });
         }
 
-        private SPOnlineConnection ConnectGraphDeviceLogin()
+        private SPOnlineConnection ConnectGraphDeviceLogin(string accessToken)
         {
-            return SPOnlineConnectionHelper.InstantiateGraphDeviceLoginConnection(LaunchBrowser, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, (message) =>
+            if (string.IsNullOrEmpty(accessToken))
             {
-                WriteWarning(message);
-            },
-            (progress) =>
+                return SPOnlineConnectionHelper.InstantiateGraphDeviceLoginConnection(LaunchBrowser, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, (message) =>
+                {
+                    WriteWarning(message);
+                },
+                (progress) =>
+                {
+                    Host.UI.Write(progress);
+                });
+            }
+            else
             {
-                Host.UI.Write(progress);
-            });
+                return SPOnlineConnectionHelper.InstantiateGraphAccessTokenConnection(accessToken);
+            }
         }
 
         private void ConnectGraphAAD()

diff --git a/Commands/Base/GetPnPAccessToken.cs → Commands/Base/GetAccessToken.cs b/Commands/Base/GetPnPAccessToken.cs → Commands/Base/GetAccessToken.cs
@@ -1,6 +1,11 @@
 using SharePointPnP.PowerShell.CmdletHelpAttributes;
 using System;
 using System.Collections.Generic;
+#if NETSTANDARD2_0
+using System.IdentityModel.Tokens.Jwt;
+#else
+using System.IdentityModel.Tokens;
+#endif
 using System.Linq;
 using System.Management.Automation;
 using System.Text;
@@ -18,9 +23,19 @@ namespace SharePointPnP.PowerShell.Commands.Base
        SortOrder = 1)]
     public class GetPnPAccessToken : PnPGraphCmdlet
     {
+        [Parameter(Mandatory = false, HelpMessage = "Returns the access token in a decoded manner")]
+        public SwitchParameter Decoded;
         protected override void ExecuteCmdlet()
         {
-            WriteObject(AccessToken);
+            if (Decoded.IsPresent)
+            {
+                var decodedToken = new JwtSecurityToken(AccessToken);
+                WriteObject(decodedToken);
+            }
+            else
+            {
+                WriteObject(AccessToken);
+            }
         }
     }
 }
diff --git a/Commands/Base/PnPGraphCmdlet.cs b/Commands/Base/PnPGraphCmdlet.cs
@@ -72,7 +72,7 @@ protected override void BeginProcessing()
                 }
             }
 #else
-            if (SPOnlineConnection.CurrentConnection != null && SPOnlineConnection.CurrentConnection.ConnectionMethod == Model.ConnectionMethod.GraphDeviceLogin)
+            if (SPOnlineConnection.CurrentConnection != null && (SPOnlineConnection.CurrentConnection.ConnectionMethod == Model.ConnectionMethod.GraphDeviceLogin || SPOnlineConnection.CurrentConnection.ConnectionMethod == Model.ConnectionMethod.AccessToken))
             {
                 // Graph Connection
                 if (string.IsNullOrEmpty(SPOnlineConnection.CurrentConnection.AccessToken))

diff --git a/Commands/Base/SPOnlineConnection.cs b/Commands/Base/SPOnlineConnection.cs
@@ -113,7 +113,7 @@ public SPOnlineConnection(ClientContext context, TokenResult tokenResult, Connec
             };
         }
 
-        public SPOnlineConnection(TokenResult tokenResult, ConnectionType connectionType, int minimalHealthScore, int retryCount, int retryWait, string pnpVersionTag)
+        public SPOnlineConnection(TokenResult tokenResult, ConnectionMethod connectionMethod, ConnectionType connectionType, int minimalHealthScore, int retryCount, int retryWait, string pnpVersionTag)
         {
             TokenResult = tokenResult;
             var coreAssembly = Assembly.GetExecutingAssembly();
@@ -123,7 +123,7 @@ public SPOnlineConnection(TokenResult tokenResult, ConnectionType connectionType
             RetryCount = retryCount;
             RetryWait = retryWait;
             PnPVersionTag = pnpVersionTag;
-            ConnectionMethod = ConnectionMethod.GraphDeviceLogin;
+            ConnectionMethod = ConnectionMethod;
         }
 
 

diff --git a/Commands/Base/SPOnlineConnectionHelper.cs b/Commands/Base/SPOnlineConnectionHelper.cs
@@ -146,6 +146,19 @@ internal static SPOnlineConnection InstantiateDeviceLoginConnection(string url,
                 });
 #else
                 OpenBrowser(returnData["verification_url"]);
+                messageCallback(returnData["message"]);
+
+                var tokenResult = GetTokenResult(connectionUri, returnData, messageCallback, progressCallback);
+
+                if (tokenResult != null)
+                {
+                    progressCallback("Token received");
+                    spoConnection = new SPOnlineConnection(context, tokenResult, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, null, url.ToString(), tenantAdminUrl, PnPPSVersionTag);
+                }
+                else
+                {
+                    progressCallback("No token received.");
+                }
 #endif
             }
             else
@@ -155,11 +168,28 @@ internal static SPOnlineConnection InstantiateDeviceLoginConnection(string url,
                 {
                     progressCallback("Token received");
                     spoConnection = new SPOnlineConnection(context, tokenResult, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, null, url.ToString(), tenantAdminUrl, PnPPSVersionTag);
-                } else
+                }
+                else
                 {
                     progressCallback("No token received.");
                 }
             }
+            spoConnection.ConnectionMethod = ConnectionMethod.DeviceLogin;
+            return spoConnection;
+        }
+
+        internal static SPOnlineConnection InstantiateGraphAccessTokenConnection(string accessToken)
+        {
+#if NETSTANDARD2_0
+            var jwtToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(accessToken);
+#else
+            var jwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(accessToken);
+#endif
+            var tokenResult = new TokenResult();
+            tokenResult.AccessToken = accessToken;
+            tokenResult.ExpiresOn = jwtToken.ValidTo;
+            var spoConnection = new SPOnlineConnection(tokenResult, ConnectionMethod.AccessToken, ConnectionType.O365, 0, 0, 0, PnPPSVersionTag);
+            spoConnection.ConnectionMethod = ConnectionMethod.GraphDeviceLogin;
             return spoConnection;
         }
 
@@ -185,7 +215,7 @@ internal static SPOnlineConnection InstantiateGraphDeviceLoginConnection(bool la
                         if (tokenResult != null)
                         {
                             progressCallback("Token received");
-                            spoConnection = new SPOnlineConnection(tokenResult, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, PnPPSVersionTag);
+                            spoConnection = new SPOnlineConnection(tokenResult, ConnectionMethod.GraphDeviceLogin, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, PnPPSVersionTag);
                         }
                         else
                         {
@@ -202,7 +232,7 @@ internal static SPOnlineConnection InstantiateGraphDeviceLoginConnection(bool la
                 if (tokenResult != null)
                 {
                     progressCallback("Token received");
-                    spoConnection = new SPOnlineConnection(tokenResult, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, PnPPSVersionTag);
+                    spoConnection = new SPOnlineConnection(tokenResult, ConnectionMethod.GraphDeviceLogin, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, PnPPSVersionTag);
                 }
                 else
                 {
@@ -220,13 +250,14 @@ internal static SPOnlineConnection InstantiateGraphDeviceLoginConnection(bool la
                 if (tokenResult != null)
                 {
                     progressCallback("Token received");
-                    spoConnection = new SPOnlineConnection(tokenResult, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, PnPPSVersionTag);
+                    spoConnection = new SPOnlineConnection(tokenResult, ConnectionMethod.GraphDeviceLogin, ConnectionType.O365, minimalHealthScore, retryCount, retryWait, PnPPSVersionTag);
                 }
                 else
                 {
                     progressCallback("No token received.");
                 }
             }
+            spoConnection.ConnectionMethod = ConnectionMethod.GraphDeviceLogin;
             return spoConnection;
         }
 
@@ -363,7 +394,9 @@ internal static SPOnlineConnection InitiateAzureADAppOnlyConnection(Uri url, str
             }
             return new SPOnlineConnection(context, connectionType, minimalHealthScore, retryCount, retryWait, null, url.ToString(), tenantAdminUrl, PnPPSVersionTag);
         }
-
+#endif
+#endif
+#if !ONPREMISES
         internal static SPOnlineConnection InitiateAccessTokenConnection(Uri url, string accessToken, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, bool skipAdminCheck = false, AzureEnvironment azureEnvironment = AzureEnvironment.Production)
         {
             var authManager = new OfficeDevPnP.Core.AuthenticationManager();
@@ -381,7 +414,6 @@ internal static SPOnlineConnection InitiateAccessTokenConnection(Uri url, string
             return spoConnection;
         }
 #endif
-#endif
 
 #if !NETSTANDARD2_0
         internal static SPOnlineConnection InstantiateWebloginConnection(Uri url, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, bool skipAdminCheck = false)

diff --git a/Commands/Graph/NewUnifiedGroup.cs b/Commands/Graph/NewUnifiedGroup.cs
@@ -41,7 +41,7 @@ public class NewPnPUnifiedGroup : PnPGraphCmdlet
         [Parameter(Mandatory = true, HelpMessage = "The Description of the Office 365 Group.")]
         public String Description;
 
-        [Parameter(Mandatory = true, HelpMessage = "The Mail Nickname of the Office 365 Group.")]
+        [Parameter(Mandatory = true, HelpMessage = "The Mail Nickname of the Office 365 Group. Cannot contain spaces.")]
         public String MailNickname;
 
         [Parameter(Mandatory = false, HelpMessage = "The array UPN values of the group's owners.")]
@@ -61,6 +61,10 @@ public class NewPnPUnifiedGroup : PnPGraphCmdlet
 
         protected override void ExecuteCmdlet()
         {
+            if(MailNickname.Contains(" "))
+            {
+                throw new ArgumentException("MailNickname cannot contain spaces.");
+            }
             bool forceCreation;
 
             if (!Force)

diff --git a/Commands/Model/ConnectionMethod.cs b/Commands/Model/ConnectionMethod.cs
@@ -8,12 +8,14 @@ namespace SharePointPnP.PowerShell.Commands.Model
 {
     public enum ConnectionMethod
     {
+        Unspecified,
         WebLogin,
         Credentials,
         AccessToken,
         AzureADAppOnly,
         AzureADNativeApplication,
         ADFS,
-        GraphDeviceLogin
+        GraphDeviceLogin,
+        DeviceLogin
     }
 }
diff --git a/Commands/PnPPowerShell.csproj b/Commands/PnPPowerShell.csproj
@@ -19,6 +19,7 @@
     <PackageReference Include="Microsoft.Identity.Client" Version="1.1.2-preview0008" />
     <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
     <PackageReference Include="PowerShellStandard.Library" Version="3.0.0-preview-01" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.2.1" />
     <PackageReference Include="System.Reflection.Emit" Version="4.3.0" />
   </ItemGroup>
 

diff --git a/Commands/SharePointPnP.PowerShell.Commands.csproj b/Commands/SharePointPnP.PowerShell.Commands.csproj
@@ -435,6 +435,7 @@
     <Compile Include="Admin\RemoveStorageEntity.cs" />
     <Compile Include="Admin\RemoveTenantTheme.cs" />
     <Compile Include="Base\AddStoredCredential.cs" />
+    <Compile Include="Base\GetAccessToken.cs" />
     <Compile Include="Base\GetAzureCertificate.cs" />
     <Compile Include="Base\NewAzureCertificate.cs" />
     <Compile Include="Base\RemoveStoredCredential.cs" />
@@ -539,7 +540,6 @@
       <SubType>Code</SubType>
     </Compile>
     <Compile Include="Apps\UninstallAppInstance.cs" />
-    <Compile Include="Base\GetPnPAccessToken.cs" />
     <Compile Include="Base\GetProperty.cs" />
     <Compile Include="Base\GetAuthenticationRealm.cs" />
     <Compile Include="Base\Constants.cs" />