Add isolated MSAL WAM authentication (#42)

* Update curated website materials

* Add isolated MSAL WAM authentication

* Address WAM review feedback

* Address WAM login hint review

* Skip signing when build certificate is unavailable

* Prompt when WAM account is ambiguous

* Clarify settings example wording

* Address WAM cache reuse feedback

* Fix WAM tenant-scoped broker cache

* Refactor nested helpers into private functions

* Simplify signing certificate build config

* Use direct signing configuration

* Use refresh-only PSD1 build mode

Author: PrzemyslawKlys

Build/BuildModule.ps1

@@ -76,19 +76,26 @@
     New-ConfigurationFormat -ApplyTo 'DefaultPSD1', 'OnMergePSD1' -PSD1Style 'Minimal'
 
     # configuration for documentation, at the same time it enables documentation processing
-    New-ConfigurationDocumentation -Enable:$false -StartClean -UpdateWhenNew -PathReadme 'Docs\Readme.md' -Path 'Docs'
+    New-ConfigurationDocumentation -Enable:$false -PathReadme 'Docs\Readme.md' -Path 'Docs'
 
-    New-ConfigurationImportModule -ImportSelf -ImportRequiredModules
+    New-ConfigurationImportModule -ImportSelf -ImportRequiredModules -SkipBinaryConflictAnalysis
 
     $newConfigurationBuildSplat = @{
         Enable                            = $true
         SignModule                        = $true
+        CertificateThumbprint             = '483292C9E317AA13B07BB7A96AE9D1A5ED9E7703'
         DeleteTargetModuleBeforeBuild     = $true
         MergeModuleOnBuild                = $true
-        CertificateThumbprint             = '483292C9E317AA13B07BB7A96AE9D1A5ED9E7703'
         DoNotAttemptToFixRelativePaths    = $true
         MergeFunctionsFromApprovedModules = $true
         RefreshPSD1Only                   = $true
+        NETProjectPath                    = "$PSScriptRoot\..\Sources\O365Essentials.Auth\O365Essentials.Auth.csproj"
+        NETProjectName                    = 'O365Essentials.Auth'
+        NETFramework                      = @('net8.0')
+        NETBinaryModule                   = @('O365Essentials.Auth.dll')
+        NETBinaryModuleCmdletScanDisabled = $true
+        NETAssemblyLoadContext            = $true
+        NETHandleRuntimes                 = $true
     }
     New-ConfigurationBuild @newConfigurationBuildSplat
 
@@ -98,4 +105,4 @@
     # global options for publishing to github/psgallery
     #New-ConfigurationPublish -Type PowerShellGallery -FilePath 'C:\Support\Important\PowerShellGalleryAPI.txt' -Enabled:$true
     #New-ConfigurationPublish -Type GitHub -FilePath 'C:\Support\Important\GitHubAPI.txt' -UserName 'EvotecIT' -Enabled:$true
-} -ExitCode
+} -ExitCode

O365Essentials.psd1

@@ -0,0 +1,17 @@
+function Add-CookieMapToSession {
+    [cmdletbinding()]
+    param(
+        [Parameter(Mandatory)][Microsoft.PowerShell.Commands.WebRequestSession] $Session,
+        [Parameter(Mandatory)][System.Collections.IDictionary] $CookieMap,
+        [Parameter(Mandatory)][string] $Domain
+    )
+
+    foreach ($Entry in @($CookieMap.GetEnumerator())) {
+        $CookieName = [string] $Entry.Key
+        $CookieValue = [string] $Entry.Value
+        if ([string]::IsNullOrWhiteSpace($CookieName) -or [string]::IsNullOrWhiteSpace($CookieValue)) {
+            continue
+        }
+        Add-CookieToSession -Session $Session -Name $CookieName -Value $CookieValue -Domain $Domain
+    }
+}

Private/Add-CookieMapToSession.ps1

@@ -0,0 +1,12 @@
+function Add-CookieToSession {
+    [cmdletbinding()]
+    param(
+        [Parameter(Mandatory)][Microsoft.PowerShell.Commands.WebRequestSession] $Session,
+        [Parameter(Mandatory)][string] $Name,
+        [Parameter(Mandatory)][string] $Value,
+        [Parameter(Mandatory)][string] $Domain
+    )
+
+    $Cookie = [System.Net.Cookie]::new($Name, $Value, '/', $Domain)
+    $Session.Cookies.Add($Cookie)
+}

Private/Add-CookieToSession.ps1

@@ -0,0 +1,20 @@
+function Convert-CookieHeaderToMap {
+    [cmdletbinding()]
+    param(
+        [Parameter(Mandatory)][string] $Header
+    )
+
+    $Parsed = [ordered] @{}
+    foreach ($Pair in ($Header -split ';')) {
+        $TrimmedPair = $Pair.Trim()
+        if ([string]::IsNullOrWhiteSpace($TrimmedPair)) {
+            continue
+        }
+        $KeyValue = $TrimmedPair -split '=', 2
+        if ($KeyValue.Count -lt 2) {
+            continue
+        }
+        $Parsed[$KeyValue[0].Trim()] = $KeyValue[1].Trim()
+    }
+    $Parsed
+}

Private/Convert-CookieHeaderToMap.ps1

@@ -0,0 +1,22 @@
+function Convert-CookieListToMap {
+    [cmdletbinding()]
+    param(
+        [Parameter(Mandatory)][System.Collections.IEnumerable] $Cookies
+    )
+
+    $Parsed = [ordered] @{}
+    foreach ($Cookie in $Cookies) {
+        if ($null -eq $Cookie) {
+            continue
+        }
+
+        $CookieName = Get-MappedPortalValue -Source $Cookie -Names @('Name', 'name')
+        if ([string]::IsNullOrWhiteSpace($CookieName)) {
+            continue
+        }
+
+        $CookieValue = Get-MappedPortalValue -Source $Cookie -Names @('Value', 'value')
+        $Parsed[$CookieName] = $CookieValue
+    }
+    $Parsed
+}

Private/Convert-CookieListToMap.ps1

@@ -0,0 +1,24 @@
+function Convert-PortalSourceToMap {
+    [cmdletbinding()]
+    param(
+        [Parameter(Mandatory)] $Source
+    )
+
+    $Parsed = [ordered] @{}
+    if ($Source -is [System.Collections.IDictionary]) {
+        foreach ($Key in $Source.Keys) {
+            $Parsed[[string] $Key] = $Source[$Key]
+        }
+        return $Parsed
+    }
+
+    if ($Source.PSObject -and $Source.PSObject.Properties) {
+        foreach ($Property in $Source.PSObject.Properties) {
+            if ($Property.MemberType -notin 'NoteProperty', 'Property') {
+                continue
+            }
+            $Parsed[$Property.Name] = $Property.Value
+        }
+    }
+    $Parsed
+}

Private/Convert-PortalSourceToMap.ps1

@@ -0,0 +1,17 @@
+function ConvertTo-BoolOrDefault {
+    [cmdletbinding()]
+    param(
+        [string] $Value,
+        [bool] $Default = $false
+    )
+
+    if ([string]::IsNullOrWhiteSpace($Value)) {
+        return $Default
+    }
+
+    switch -Regex ($Value.Trim()) {
+        '^(1|true|yes|y|on)$' { return $true }
+        '^(0|false|no|n|off)$' { return $false }
+        default { return $Default }
+    }
+}

Private/ConvertTo-BoolOrDefault.ps1

@@ -0,0 +1,12 @@
+function ConvertTo-MicrosoftEdgeDeviceSummary {
+    [cmdletbinding()]
+    param(
+        [Parameter(Mandatory)] $DeviceResult
+    )
+
+    [PSCustomObject] @{
+        Count       = $DeviceResult.'@odata.count'
+        Sample      = @($DeviceResult.value)
+        RawSettings = $DeviceResult
+    }
+}

Private/ConvertTo-MicrosoftEdgeDeviceSummary.ps1

@@ -0,0 +1,14 @@
+function Copy-AuthorizationState {
+    [cmdletbinding()]
+    param(
+        [System.Collections.IDictionary] $Source
+    )
+
+    $Clone = [ordered] @{}
+    if ($Source) {
+        foreach ($Entry in @($Source.GetEnumerator())) {
+            $Clone[$Entry.Key] = $Entry.Value
+        }
+    }
+    $Clone
+}