3.0 - Access Token cmdlets related changes. (#4398)

Co-authored-by: Gautam Sheth <[email protected]>

CHANGELOG.md

@@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Added `-X509KeyStorageFlags` parameter to `Connect-PnPOnline` cmdlet which allows setting of how private keys are to be imported. [#4324](https://github.com/pnp/powershell/pull/4324)
 - Added `-RestrictContentOrgWideSearch` parameter to `Set-PnPSite` which allows for applying the Restricted Content Discoverability (RCD) setting to a site [#4335](https://github.com/pnp/powershell/pull/4335)
 - Added `-LaunchBrowser` parameter to `Register-PnPEntraIDAppForInteractiveLogin` and `Register-PnPEntraIDApp` cmdlets to open browser and continue app registration in the browser. [#4347](https://github.com/pnp/powershell/pull/4347) & [#4348](https://github.com/pnp/powershell/pull/4348)
+- Added `-Scopes` parameter to `Get-PnPAccessToken` cmdlet to retrieve access token with specific scopes.
 
 ### Changed
 
@@ -56,6 +57,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Removed `Set-PnPLabel` and `Reset-PnPLabel` aliases. You need to use `Set-PnPRetentionLabel` and `Reset-PnPRetentionLabel` respectively. [#4387](https://github.com/pnp/powershell/pull/4387)
 - Removed `Get-PnPPowerPlatformConnector` alias. You need to use `Get-PnPPowerPlatformCustomConnector`. [#4387](https://github.com/pnp/powershell/pull/4387)
 - Removed `-IsFavoriteByDefault` parameter from `Add-PnPTeamsChannel` cmdlet. It was obsolete and not supported by Graph API. [#4387](https://github.com/pnp/powershell/pull/4387)
+- Removed `Get-PnPAppAuthAccessToken` , `Remove-PnPGraphAccessToken` and `Request-PnPAccessToken` cmdlets. Use `Get-PnPAccessToken` instead. 
 
 ### Contributors
 

MIGRATE-2.0-to-3.0.md

@@ -51,6 +51,9 @@ Recommend referring to these 2 links:
 | Set-PnPLabel | Use `Set-PnPRetentionLabel` |
 | Reset-PnPLabel | Use `Reset-PnPRetentionLabel` |
 | Add-PnPTeamsChannel | The parameter `IsFavoriteByDefault` has been removed as it was not supported by Graph API |
+| Get-PnPAppAuthAccessToken | It has been deleted. Use `Get-PnPAccessToken -ResourceTypeName SharePoint` instead to get SharePoint access token. |
+| Request-PnPAccessToken | It has been deleted. Use `Get-PnPAccessToken` instead. |
+| Get-PnPGraphAccessToken | It has been deleted. Use `Get-PnPAccessToken` instead. |
 
 ## Other notable changes
 

documentation/Get-PnPAccessToken.md

@@ -16,11 +16,11 @@ If a Resource Type Name or Resource URL is specified, it will fetch the access t
 ## SYNTAX
 
 ```powershell
-Get-PnPAccessToken [-ResourceTypeName] [-ResourceUrl] [-Decoded] [-Connection <PnPConnection>]
+Get-PnPAccessToken [-ResourceTypeName] [-ResourceUrl] [-Decoded] [-Scopes] [-Connection <PnPConnection>]
 ```
 
 ## DESCRIPTION
-Gets the OAuth 2.0 Access Token to consume the Microsoft Graph API. Doesn't work with all Connect-PnPOnline options. To retrieve the SharePoint Online access token, you can also use `Get-PnPAppAuthAccessToken`.
+Gets the OAuth 2.0 Access Token.
 
 ## EXAMPLES
 
@@ -118,6 +118,20 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Scopes
+The scopes to retrieve the token for. Defaults to AllSites.FullControl
+
+```yaml
+Type: String[]
+Parameter Sets: (All)
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ## RELATED LINKS
 
 [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

src/Commands/Base/GetAccessToken.cs

@@ -1,13 +1,14 @@
-using PnP.PowerShell.Commands.Enums;
+using Microsoft.SharePoint.Client;
+using PnP.PowerShell.Commands.Enums;
 using PnP.PowerShell.Commands.Utilities.Auth;
 using System;
 using System.Management.Automation;
 
 namespace PnP.PowerShell.Commands.Base
 {
     [Cmdlet(VerbsCommon.Get, "PnPAccessToken", DefaultParameterSetName = ResourceTypeParam)]
-    [OutputType(typeof(Microsoft.IdentityModel.JsonWebTokens.JsonWebToken), ParameterSetName = new[] { ResourceTypeParam_Decoded, ResourceUrlParam_Decoded })]
-    [OutputType(typeof(string), ParameterSetName = new[] { ResourceTypeParam, ResourceUrlParam })]
+    [OutputType(typeof(Microsoft.IdentityModel.JsonWebTokens.JsonWebToken), ParameterSetName = [ResourceTypeParam_Decoded, ResourceUrlParam_Decoded])]
+    [OutputType(typeof(string), ParameterSetName = [ResourceTypeParam, ResourceUrlParam])]
     public class GetPnPAccessToken : PnPGraphCmdlet
     {
         private const string ResourceTypeParam = "Resource Type Name";
@@ -27,6 +28,12 @@ public class GetPnPAccessToken : PnPGraphCmdlet
         [Parameter(Mandatory = true, ParameterSetName = ResourceTypeParam_Decoded)]
         [Parameter(Mandatory = true, ParameterSetName = ResourceUrlParam_Decoded)]
         public SwitchParameter Decoded;
+
+        [Parameter(Mandatory = false, ParameterSetName = ResourceTypeParam)]
+        [Parameter(Mandatory = false, ParameterSetName = ResourceTypeParam_Decoded)]
+        [Parameter(Mandatory = false, ParameterSetName = ResourceUrlParam)]
+        [Parameter(Mandatory = false, ParameterSetName = ResourceUrlParam_Decoded)]
+        public string[] Scopes = ["AllSites.FullControl"];
         protected override void ExecuteCmdlet()
         {
             string accessTokenValue = null;
@@ -57,6 +64,12 @@ protected override void ExecuteCmdlet()
                 accessTokenValue = TokenHandler.GetAccessToken(this, ResourceUrl, Connection);
             }
 
+            if (ParameterSpecified(nameof(Scopes)))
+            {
+                var authManager = Connection.Context.GetContextSettings().AuthenticationManager;
+                accessTokenValue = authManager.GetAccessTokenAsync(Scopes).GetAwaiter().GetResult();
+            }
+
             if (accessTokenValue == null)
             {
                 WriteError(new PSArgumentException("Unable to retrieve access token"), ErrorCategory.InvalidResult);