Forum Discussion
Authentication inside scripts - user login or application
Hello
I am enthusiastic about MS Graph and perform administrative operations with PS.
For the login I used my user data until now. Now I want to share the scripts, so that other users can run the reports.
For this I have a question, how would you make the authentication?
I am thinking about whether I authorize the executor of the script and you can execute the script with the login data.
Or whether I, from me preferred solution, an App in the AAD create and this with the appropriate authorization provide. Then the app can be stored in the script.
How would you proceed?
Many greetings and thanks for your support
Stefan
1 Reply
- Creating an app registration is highly privileged operation, and it's unlikely that many orgs out there will be willing to run a script that does that. Similarly, consenting to third-party apps is also something that's getting increasingly more scrutiny. For me personally, the best option is to leave the authentication part to whoever will be running the script. Make sure you detail the required permissions/scopes and if you believe it's necessary, include instructions on how to create an app, configure authentication and permissions, consent where needed, etc.
Alternatively, consider reworking the script to use the Microsoft Graph SDK for PowerShell instead of direct Graph API queries, which makes it easier to share, or at least to detail the requirements.
