I am using a release pipeline to get a valid token, the client secret, and the user password via Azure Key Vault I am getting the client secret, and the user password. I did some tests and saw that the client secret and the user password are correct but the function that retrieves the token fails. I compared the password and noticed that some letters were gone because the $ sign This is the right password:
5p5q6#F2#kv3Iul#Ou0R$NDGGoX*YK8e
This is what the function got:
5p5q6#F2#kv3Iul#Ou0R*YK8e
How should the function be changed to be more robust and handle this $ sign and more characters that should cut the password? Here is the function:
function GetToken ($Username, $Password, $ClientSecret, $ClientId)
{
Write-Host "starting to get the token"
Write-Host "UserName = $Username Password = $Password ClientSecret = $ClientSecret ClientID = $ClientId"
# ToDo: pass tenant as parameter
$uri= "https://login.microsoftonline.com/0450f3eaf-1e2e-5baf-8c3b-e36006ff4ty6/oauth2/v2.0/token"
$body = @{grant_type='password'
client_id= $ClientId
client_secret= "$ClientSecret"
redirect_uri= 'http://localhost:5005/signin-oidc'
scope= 'openid offline_access https://xxx.onmicrosoft.com/f08d4dfc-480f-41a5-91f9-0cd4103dc97f/user_impersonation'
username= $Username
password= $Password
state = '12345'}
$contentType = 'application/x-www-form-urlencoded'
$result = Invoke-WebRequest -Method POST -Uri $uri -body $body -ContentType $contentType
$body = $result.Content | ConvertFrom-Json;
return $body.access_token;
}