Configuring the Secure App Model for PowerShell / API / Graph scripting with GDAP for Partners

jonwbstr24 ,

Yes, I'm not sure I would put much stock in Microsoft's desire (or willingness) to update and support various PowerShell modules these days (with 2 exceptions: the auto/machine-generated MgGraph module, which "works" but isn't really user-friendly. And the ExchangeOnlineManagement module, currently at V3 -- which is generally pretty good) ... the PartnerCenter and other modules are either not maintained or are deprecated (and will likely stop working entirely when AzureAD Graph is retired).

I would suggest making direct REST API calls, which can be done in PowerShell, for example:

$body = @{
	"grant_type"    = "refresh_token"
	"refresh_token" = $RefreshToken
	"client_id"     = $ClientId
	"client_secret" = $ClientSecret
	"resource"      = "https://api.partnercenter.microsoft.com"
}
$response = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/token" -Method Post -Body $body -ContentType "application/x-www-form-urlencoded"

This is how Kelvin's CIPP app works (the source-code for the back-end API will show you some examples using PowerShell - including authenticating to Partner Center, Graph, and even API access to Exch Online. Or you can use any language (I've mainly switched to JavaScript/Node). Nick's T-Minus365 site I linked to above has some examples as well, look for the REST API / Invoke-RestMethod sections. 

Unless the community is going create a module, or fork and maintain existing modules, you're better off making yourself a collection of a few scripts/functions (eg, to redeem an RefreshToken for an AccessToken, make API calls with the AccessToken, and perform a "get-all" for when there's more than one page of results, and some functions to provision the GDAP App Consent, etc) than relying upon a PowerShell module that may work now, but may not in the future...

--Saul