ืืื!
ืืืืจ ืื ืืชืืจ ืืช ืืืืฉืื ืฉื ืืื ืืจืืงืฆืื ืฉื PowerShell ืขื Google API ืืื ืืชืืจื ืืฉืชืืฉื G Suite.
ืื ื ืืฉืชืืฉืื ืืืกืคืจ ืฉืืจืืชื ืคื ืื ืืขื ื ืืจืืื ืืืจืืื. ืืจืื, ืืืจืฉืื ืืื ืืกืชืืืช ืืืืื ืื ื-Active Directory, ืฉืืื ืืื ืื ื ืืื ืืฉืืืจ ืขืืชืง; ืืืชืื, ืืืฉืจ ืขืืื ืืืฉ ืขืืื, ืขืืื ืืืฆืืจ/ืืืคืฉืจ ืืฉืืื ืืฉืชื ืืืขืจืืืช ืืืื. ืืื ืืืคืื ืืช ืืชืืืื ืืืืืืืื, ืืืืื ื ืืืชืื ืกืงืจืืคื ืฉืืืกืฃ ืืืืข ืืฉืืื ืืืชื ืืฉื ื ืืฉืืจืืชืื.
ืืจืฉืื
ืืขืช ืขืจืืืช ืืืจืืฉืืช, ืืืืื ื ืืืฉืชืืฉ ืืื ืืืื ืื ืืฉืืื ืืืืชืืื ืืฆืืจื ืืจืฉืื; ืืืืจ ืืคืฉื ืืช ื ืืชืื ืืคืขืืืืช ืืืงืจื ืฉื ืฉืื ืืืื ืืกืืืืื ืืงืจืืื ืื ืืืืื ืื.
ืืืฉืงื API ืฉื Google ืืฉืชืืฉืื ืืคืจืืืืงืื OAuth 2.0 ืืฆืืจื ืืืืืช ืืืจืฉืื. ืืงืจื ืฉืืืืฉ ืืชืืืืจืื ืืคืืจืืื ืืืชืจ ื ืืชื ืืืฆืื ืืื:
ืืืจืชื ืืกืงืจืืคื ืืืฉืืฉ ืืืจืฉืื ืืืืฉืืื ืฉืืืื ืขืืืื. ืืฉื ื ืื ืืคืฉืจืืช ืืืฉืชืืฉ ืืืฉืืื ืฉืืจืืช, ืฉืืื ื ืืืจืฉ ืืืืฉืชืืฉ ืชื ืืขืืช ืืืืชืจืืช.
ืืชืืื ื ืืืื ืืื ืชืืืืจ ืกืืืื ืฉื ืืชืจืืืฉ ืฉื ืืืจ ืืืฃ Google.
- ืจืืฉืืช, ืื ื ืฉืืืืื ืืช ืืืฉืชืืฉ ืืืฃ ืืืืืืช ืฉื ืืฉืืื Google, ืชืื ืฆืืื ืคืจืืืจื GET:
- ืืืื ืืคืืืงืฆืื
- ืืืืจืื ืฉืืืคืืืงืฆืื ืฆืจืืื ืืืฉื ืืืืื
- ืืืชืืืช ืฉืืืื ืืืคื ื ืืืฉืชืืฉ ืืืืจ ืืฉืืืช ืืืืื
- ืืืจื ืฉืื ื ืขืืื ืืช ืืืกืืืื
- ืงืื ืืืืื
- ืคืืจืื ืฉืืืืจ ืงืื ืืืืืช
- ืืืืจ ืืฉืืืช ืืืจืฉืื, ืืืฉืชืืฉ ืืืคื ื ืืืฃ ืฉืฆืืื ืืืงืฉื ืืจืืฉืื ื, ืขื ืฉืืืื ืื ืงืื ืืจืฉืื ืฉืืืขืืจ ืขื ืืื ืคืจืืืจื GET
- ืืืคืืืงืฆืื (ืกืงืจืืคื) ืชืฆืืจื ืืงืื ืืช ืืคืจืืืจืื ืืืื, ืืื ืืงืื ืืช ืืงืื, ืชืืงืฉ ืืช ืืืงืฉื ืืืื ืืงืืืช ืืกืืืื ืื
- ืื ืืืงืฉื ื ืืื ื, ื-API ืฉื Google ืืืืืจ:
- ืืกืืืื ืืืฉื ืฉืืืืฆืขืืชื ื ืืื ืืืืืฉ ืืงืฉืืช
- ืชืงืืคืช ืืชืืงืฃ ืฉื ืืกืืืื ืื
- ื ืืจืฉ ืจืขื ืื ืืกืืืื ืืื ืืจืขื ื ืืช ืืกืืืื ืืืืฉื.
ืจืืฉืืช ืขืืื ืืขืืืจ ืืืกืืฃ Google API:
ืืื ืฉืืืื ื ืื ืืืชืจ ืืงืจืื ืืช ืืืืืจืืชื ืืกืงืจืืคื, ื ืืชื ืืืฆืื ืืช ืืฉืืืื ืืจืืฉืื ืื ืืคืื ืงืฆืื ื ืคืจืืช ืฉืชืืืืจ ืืช Access ืืชืจืขื ื ืืกืืืื ืื ืขืืืจ ืืืคืืืงืฆืื:
$client_secret = 'Our Client Secret'
$client_id = 'Our Client ID'
function Get-GoogleAuthToken {
if (-not [System.Net.HttpListener]::IsSupported) {
"HttpListener is not supported."
exit 1
}
$codeverifier = -join ((65..90) + (97..122) + (48..57) + 45 + 46 + 95 + 126 |Get-Random -Count 60| % {[char]$_})
$hasher = new-object System.Security.Cryptography.SHA256Managed
$hashByteArray = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($codeverifier))
$base64 = ((([System.Convert]::ToBase64String($hashByteArray)).replace('=','')).replace('+','-')).replace('/','_')
$ports = @(10600,15084,39700,42847,65387,32079)
$port = $ports[(get-random -Minimum 0 -maximum 5)]
Write-Host "Start browser..."
Start-Process "https://accounts.google.com/o/oauth2/v2/auth?code_challenge_method=S256&code_challenge=$base64&access_type=offline&client_id=$client_id&redirect_uri=http://localhost:$port&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group"
$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add("http://localhost:"+$port+'/')
try {$listener.Start()} catch {
"Unable to start listener."
exit 1
}
while (($code -eq $null)) {
$context = $listener.GetContext()
Write-Host "Connection accepted" -f 'mag'
$url = $context.Request.RawUrl
$code = $url.split('?')[1].split('=')[1].split('&')[0]
if ($url.split('?')[1].split('=')[0] -eq 'error') {
Write-Host "Error!"$code -f 'red'
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Error!"+$code)
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
exit 1
}
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Now you can close this browser tab.")
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -Body @{
code = $code
client_id = $client_id
client_secret = $client_secret
redirect_uri = 'http://localhost:'+$port
grant_type = 'authorization_code'
code_verifier = $codeverifier
}
$code = $null
ืื ื ืืืืืจืื ืืช ืืืื ืืืงืื ืืืช ืกืื ืืืงืื ืฉืืชืงืืื ืืืืคืืื ื ืืืื ืืืงืื ืฉื OAuth, ืืืืืช ืืงืื ืืื ืืืจืืืช ืฉื 43 ืขื 128 ืชืืืื ืฉืืฉ ืืืคืืง ืืืืคื ืืงืจืื ืืชืืืื ืื ืฉืืืจืื: [AZ] / [az] / [0-9 ] / "-" / "." / "_" / "~".
ืืืืจ ืืื, ืืงืื ืืื ืืฉืืืจ ืฉืื. ืื ืืืื ืืช ืืคืืืขืืช ืฉืื ืชืืงืฃ ืืืื ืืืืจื ืชืืืื ืฉืืืืืจื ืืืคื ืื ืืืืฉ ืืืืจ ืืจืฉืืช ืืฉืชืืฉ.
ื ืืชื ืืฉืืื ืืืืช ืงืื ืืืงืฉื ืื ืืืืืช ืืืงืกื ืืจืืจ (ืื ืฉืืืคื ืืืชื ืืืกืจืช ืืฉืืขืืช - ืื ืืชืืื ืจืง ืืืขืจืืืช ืฉืืื ื ืชืืืืืช ื-SHA256), ืื ืขื ืืื ืืฆืืจืช hash ืืืืฆืขืืช ืืืืืจืืชื SHA256, ืืืชื ืืฉ ืืงืืื ื-BASE64Url (ืฉืื ื ื-Base64 ืขื ืืื ืฉื ื ืชืืื ืืืื) ืืืกืจืช ืกืืืืืช ืฉืืจืช ืืชืืืื: =.
ืืืืจ ืืื, ืขืืื ื ืืืชืืื ืืืืืื ื-http ืืืืฉื ืืืงืืื ืขื ืื ืช ืืงืื ืชืืืื ืืืืจ ืืจืฉืื, ืฉืชืืืืจ ืืืคื ืื ืืืืฉ.
ืืฉืืืืช ื ืืืื ืืืืฆืขืืช ืขื ืฉืจืช ืืืืื, ืื ื ืืื ืืฉืืื ืืช ืืืคืฉืจืืช ืฉืืกืคืจ ืื ืืื ืืขืจืืช ืืคืขืืื ืืช ืืกืงืจืืคื ืื ืืื ืืช, ืื ืื ืืืืจ ืืงืจืืืช ืคืืจื ืืืฉืชืืฉ ืื ืืืื, ืืื ืฆืืื ืชื ืคืืจืืื ืืืืืจืื ืืจืืฉ ืืืื ืืฉ ืืืืกืืฃ ืืืชื ืื ืืืืื ืืืกืืฃ ื-API.
access_type=ืื ืืงืืื ืคืืจืืฉื ืฉืืืคืืืงืฆืื ืืืืื ืืขืืื ืืกืืืื ืฉืคื ืชืืงืคื ืืขืฆืื ืืื ืืื ืืจืืงืฆืื ืฉื ืืืฉืชืืฉ ืขื ืืืคืืคื,
response_type=ืงืื ืืืืืจ ืืช ืืคืืจืื ืฉื ืืืืคื ืฉืื ืืงืื ืืืืืจ (ืืคื ืื ืืฉืืืช ืืืจืฉืื ืืืฉื ื, โโืืืฉืจ ืืืฉืชืืฉ ืืขืชืืง ืืช ืืงืื ืืืืคืืคื ืืกืงืจืืคื),
ืืืงืฃ ืืฆืืื ืืช ืืืงืฃ ืืกืื ืืืืฉื. ืืฉ ืืืคืจืื ืืื ืืื ืืจืืืืื ืื %20 (ืขื ืคื ืงืืืื ืืชืืืช ืืืชืจ). ืจืฉืืื ืฉื ืืืืจื ืืืฉื ืขื ืกืืืื ื ืืชื ืืจืืืช ืืื:
ืืืืจ ืงืืืช ืงืื ืืืจืฉืื, ืืืคืืืงืฆืื ืชืืืืจ ืืืืขื ืกืืืจื ืืืคืืคื, ืชืคืกืืง ืืืืืื ืืคืืจื ืืชืฉืื ืืงืฉืช POST ืืงืืืช ืืืกืืืื. ืื ื ืืฆืืื ืื ืื ืืช ืืืืื ืืืกืื ืฉืฆืืื ื ืงืืื ืืื ื-API ืฉื ืืืกืืฃ, ืืืชืืืช ืืืื ืืืคื ื ืืืฉืชืืฉ ื-grant_type ืืืชืื ืืืคืจื ืืคืจืืืืงืื.
ืืชืืืื ื ืงืื ืืกืืืื Access, ืชืงืืคืช ืชืืงืคื ืืฉื ืืืช ื-Refresh token ืฉืืืืฆืขืืชื ื ืืื ืืขืืื ืืช ืืกืืืื ืืืืฉื.
ืขื ืืืคืืืงืฆืื ืืืืกื ืืืงื ืื ืืืงืื ืืืืืื ืขื ืืื ืืืฃ ืืจืืืื, ืืืื ืขื ืฉื ืืื ืืช ืืืืฉื ืฉืืชืงืืื, ืืืคืืืงืฆืื ืื ืชืืืืจ ืืช ืืกืืืื ืืจืขื ืื. ืืกืืฃ, ืืืกืคืชื ืืงืฉื ืืืืืื ืืืกืืืื; ืื ืืืงืฉื ืื ืืืฉืืื ืืืฆืืื ืืืกืืืื ืืจืขื ืื ืื ืืืืืจ, ืืื ืืชืืื ืืช ืืืืื ืืืืฉ (ืืฉืื ื ืฉืื ืื ืืืื ืืืืกื ืืืงื ืื ืืงืืืืช ืืืจืืื ื, ืืื ืื ื ืขืืฉืื ืืืช. ืื ืจืืฆื ืืกืื ืืืจืื ืขื ืงืจืืคืืืืจืคืื ืื ืืคืชืื ืืช ืืืคืืคื ืืขืชืื ืงืจืืืืช).
do {
$token_result = Get-GoogleAuthToken
$token = $token_result.access_token
if ($token_result.refresh_token -eq $null) {
Write-Host ("Session is not destroyed. Revoking token...")
Invoke-WebRequest -Uri ("https://accounts.google.com/o/oauth2/revoke?token="+$token)
}
} while ($token_result.refresh_token -eq $null)
$refresh_token = $token_result.refresh_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Hour)
minute = $minute
}
ืืคื ืฉืืืจ ืฉืืชื ืื, ืืขืช ืืืืื ืืกืืืื, ื ืขืฉื ืฉืืืืฉ ื-Invoke-WebRequest. ืื ืืืื ื-Invoke-RestMethod, ืืื ืืื ื ืืืืืจ ืืช ืื ืชืื ืื ืฉืืชืงืืื ืืคืืจืื ืฉืืืฉ ืืืฆืื ืืช ืกืืืืก ืืืงืฉื.
ืืืืจ ืืื, ืืกืงืจืืคื ืืืงืฉ ืืื ืืืืื ืืช ืืฉื ืืคืจืื ืืฉื ืืืฉืคืื ืฉื ืืืฉืชืืฉ, ืืืืฆืจ ืืชืืืจืืช + ืืืืืื.
ืืงืฉืืช
ืืืงืฉืืช ืืืืืช ืืืื - ืงืืื ืื ืฆืจืื ืืืืืง ืืื ืืืจ ืงืืื ืืฉืชืืฉ ืขื ืืืชื ืื ืืกื ืขื ืื ืช ืืงืื ืืืืื ืขื ืืฆืืจืช ืืืฉ ืื ืืคืขืืช ืื ืืืื.
ืืืืืชื ืืืืฉื ืืช ืื ืืืงืฉืืช ืืคืืจืื ืฉื ืคืื ืงืฆืื ืืืช ืขื ืืืืจื, ืืืืฆืขืืช ืืชื:
function GoogleQuery {
param (
$type,
$query
)
switch ($type) {
"SearchAccount" {
Return Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body @{
domain = 'rocketguys.com'
query = "email:$query"
}
}
"UpdateAccount" {
$body = @{
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Put -Uri ("https://www.googleapis.com/admin/directory/v1/users/"+$query['email']) -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"CreateAccount" {
$body = @{
primaryEmail = $query['email']
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"AddMember" {
$body = @{
userKey = $query['email']
}
$ifrequest = Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/groups" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body $body
$array = @()
foreach ($group in $ifrequest.groups) {$array += $group.email}
if ($array -notcontains $query['groupkey']) {
$body = @{
email = $query['email']
role = "MEMBER"
}
Return Invoke-RestMethod -Method Post -Uri ("https://www.googleapis.com/admin/directory/v1/groups/"+$query['groupkey']+"/members") -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
} else {
Return ($query['email']+" now is a member of "+$query['groupkey'])
}
}
}
}
ืืื ืืงืฉื, ืขืืื ืืฉืืื ืืืชืจืช ืืจืฉืื ืืืืืื ืืช ืกืื ืืืกืืืื ืืืช ืืกืืืื ืืืืฉื ืขืฆืื. ื ืืื ืืขืืฉืื, ืกืื ืืืกืืืื ืืื ืชืืื ื ืืฉื. ืื ืขืืื ื ืืืืืง ืฉืชืืงืฃ ืืืกืืืื ืื ืคื ืืืขืืื ืืืชื ืืืืจ ืฉืขื ืืจืืข ืื ืคืงืชื, ืฆืืื ืชื ืืงืฉื ืืคืื ืงืฆืื ืืืจืช ืฉืืืืืจื ืืกืืืื Access. ืืืชื ืคืืกืช ืงืื ื ืืฆืืช ืืชืืืืช ืืกืงืจืืคื ืืขืช ืงืืืช ืืกืืืื ืืืืฉื ืืจืืฉืื:
function Get-GoogleToken {
if (((Get-date).Hour -gt $token_expire.hour) -or (((Get-date).Hour -ge $token_expire.hour) -and ((Get-date).Minute -gt $token_expire.minute))) {
Write-Host "Token Expired. Refreshing..."
$request = (Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -ContentType 'application/x-www-form-urlencoded' -Body @{
client_id = $client_id
client_secret = $client_secret
refresh_token = $refresh_token
grant_type = 'refresh_token'
})
$token = $request.access_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$script:token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Hour)
minute = $minute
}
}
return $token
}
ืืืืงืช ืืชืืืจืืช ืืงืืืื:
function Check_Google {
$query = (GoogleQuery 'SearchAccount' $username)
if ($query.users -ne $null) {
$user = $query.users[0]
Write-Host $user.name.fullName' - '$user.PrimaryEmail' - suspended: '$user.Suspended
$GAresult = $user
}
if ($GAresult) {
$return = $GAresult
} else {$return = 'gg'}
return $return
}
ืืงืฉืช ืืืืืืื:$query ืชืืงืฉ ืื-API ืืืคืฉ ืืฉืชืืฉ ืขื ืืืืืืื ืืื ืืืืืง, ืืืื ืืื ืืืื. ืืชื ืืืื ืื ืืืฉืชืืฉ ืืชื ืืืื: =, :, :{PREFIX}*.
ืืื ืืงืื ื ืชืื ืื, ืืฉืชืืฉื ืืฉืืืช ืืงืฉืช GET, ืืืื ืกืช ื ืชืื ืื (ืืฆืืจืช ืืฉืืื ืื ืืืกืคืช ืืืจ ืืงืืืฆื) - POST, ืืขืืืื ื ืชืื ืื ืงืืืืื - PUT, ืืืืืงืช ืจืฉืืื (ืืืืืื, ืืืจ ืืงืืืฆื) - ืึดืึฐืืึนืง.
ืืชืกืจืื ืืืงืฉ ืื ืืกืคืจ ืืืคืื (ืืืจืืืช ืื ืืืืืชืช) ืืืืืื ืืงืืืฆืช ืืคืฆื ืืืืจืืช. ืืื ืืืืื ืืืื ืืืืื ืืจืืื ืืช ืฆืจืืื ืืืืืช ืืืฉืชืืฉ ืืืชืืกืก ืขื ื-Active Directory OU ืฉื ืืืจ ืืืืืข ืขื ืกืืกืื:
do {
$phone = Read-Host "ะขะตะปะตัะพะฝ ะฒ ัะพัะผะฐัะต +7ั
ั
ั
ั
ั
ั
ั
ั
"
} while (-not $phone)
do {
$moscow = Read-Host "ะ ะะพัะบะพะฒัะบะธะน ะพัะธั? (y/n) "
} while (-not (($moscow -eq 'y') -or ($moscow -eq 'n')))
$orgunit = '/'
if ($OU -like "*OU=Delivery,OU=Users,OU=ROOT,DC=rocket,DC=local") {
Write-host "ะัะดะตั ัะพะทะดะฐะฝะฐ ะฒ /Team delivery"
$orgunit = "/Team delivery"
}
$Password = -join ( 48..57 + 65..90 + 97..122 | Get-Random -Count 12 | % {[char]$_})+"*Ba"
ืืื ืืื ืืชืืื ืืชืืจื ืืช ืืืฉืืื:
$query = @{
email = $email
givenName = $firstname
familyName = $lastname
password = $password
phone = $phone
orgunit = $orgunit
}
if ($GMailExist) {
Write-Host "ะะฐะฟััะบะฐะตะผ ะธะทะผะตะฝะตะฝะธะต ะฐะบะบะฐัะฝัะฐ" -f mag
(GoogleQuery 'UpdateAccount' $query) | fl
write-host "ะะต ะทะฐะฑัะดั ะฟัะพะฒะตัะธัั ะณััะฟะฟั ั ะฒะบะปััะตะฝะฝะพะณะพ $Username ะฒ Google."
} else {
Write-Host "ะะฐะฟััะบะฐะตะผ ัะพะทะดะฐะฝะธะต ะฐะบะบะฐัะฝัะฐ" -f mag
(GoogleQuery 'CreateAccount' $query) | fl
}
if ($moscow -eq "y"){
write-host "ะะพะฑะฐะฒะปัะตะผ ะฒ ะณััะฟะฟั moscowoffice"
$query = @{
groupkey = '[email protected]'
email = $email
}
(GoogleQuery 'AddMember' $query) | fl
}
ืืคืื ืงืฆืืืช ืืขืืืื ืืืฆืืจืช ืืฉืืื ืืฉ ืชืืืืจ ืืืื; ืื ืื ืืฉืืืช ืื ืืกืคืื ื ืืจืฉืื; ืืืืง ืขื ืืกืคืจื ืืืคืื ืืฉ ืืฆืืื ืืขืจื ืฉืืืื ืืืืื ืขื ืจืฉืืื ืืืช ืขื ืืืกืคืจ ืืกืืื.
ืขื ืื ืช ืื ืืงืื ืฉืืืื ืืขืช ืืืกืคืช ืืฉืชืืฉ ืืงืืืฆื, ื ืืื ืืืืืง ืชืืืื ืืื ืืื ืืืจ ืืืจ ืืงืืืฆื ืื ืขื ืืื ืงืืืช ืจืฉืืืช ืืืจื ืงืืืฆื ืื ืืจืื ืืืืฉืชืืฉ ืขืฆืื.
ืฉืืืืชืช ืืืืจืืช ืืงืืืฆื ืฉื ืืฉืชืืฉ ืกืคืฆืืคื ืื ืชืืื ืจืงืืจืกืืืืช ืืชืฆืื ืจืง ืืืจืืช ืืฉืืจื. ืืืืืช ืืฉืชืืฉ ืืงืืืฆืช ืื ืฉืืืจ ืืฉ ืื ืงืืืฆืช ืืื ืฉืืืฉืชืืฉ ืืืจ ืื ืชืฆืืื.
ืืกืงื ื
ืื ืฉื ืืชืจ ืืื ืืฉืืื ืืืฉืชืืฉ ืืช ืืกืืกืื ืืืฉืืื ืืืืฉ. ืื ื ืขืืฉืื ืืืช ืืืืฆืขืืช SMS, ืืฉืืืืื ืืืืข ืืืื ืขื ืื ืืืืช ืืื ืืกื ืืืืื ืืืฉื, ืืฉืจ ืืื ืขื ืืกืคืจ ืืืคืื ื ืืกืจ ืืืืืงืช ืืืืืก. ืืืืืคื, ืืชื ืืืื ืืืกืื ืืกืฃ ืืืฉืืื ืืช ืืกืืกืื ืฉืื ืืฆ'ืื ืืืืจื ืกืืื, ืฉืืืื ืืืืืฉื ืื ืืืืจื ืืฉื ื (ืืงืืืงืื ืืืื ืืจืืืื).
ืชืืื ืฉืงืจืืช ืขื ืืกืืฃ. ืืฉืื ืืจืืืช ืืฆืขืืช ืืฉืืคืืจ ืกืื ืื ืืชืืืช ืืืืจืื ืืืืืืช ืื ืืชืคืืก ืคืืืช ืฉืืืืืช ืืืชืืืช ืกืงืจืืคืืื =)
ืจืฉืืืช ืงืืฉืืจืื ืฉืขืฉืืืื ืืืืืช ืฉืืืืฉืืื ืืืืื ื ื ืืฉืืืช ืื ืคืฉืื ืืขื ืืช ืขื ืฉืืืืช:
OAuth 2.0 ืืืคืืืงืฆืืืช ืื ืืื ืืืฉืืืื ืืขืืืื ืฉืืืืฉ ื-OAuth 2.0 ืขืืืจ ืืืฉืืื ืฉืจืช ืืื ืืจื ื ืืคืชื ืืืืื ืืืืืคืช ืงืืืื ืขื ืืื ืืงืืืืช ืฆืืืืจืืื ืฉื OAuth ืฆืืจ ืืืชืืืช ืืงืจืืืืช ืขื PowerShell ืืืื ืืชืืืืจ ืฉื ASCII PowerShell: ืงืืืช ืขืจื ื-hash ืขืืืจ ืืืจืืืช ืงืืืื/ืคืขื ืื Base64Url ืงืืืื Base64 ืืขืืืช ืงืืืื Base64url Invoke-RestMethod ื-PowerShell 5.1 ืื ืืงืื ืืกืืืื ืจืขื ืื ืืืจืืช ืฉ-access_type ืื ืืงืืื ืืฉืื 1 ืืืืืช ืืคืขืืื ืืฉืืืื Directory API: ืืฉืืื ืืช ืืฉืชืืฉืื ืืคืฉ ืืฉืชืืฉืื API ืฉื ืกืคืจืืืช: ืงืืืฆืืช ืืืคืื ืืฉืืืืืช ืขืืืจ Invoke-RestMethod - Powershell
ืืงืืจ: www.habr.com