Change approach for determining Graph API access

This is due to changes in the Az.Accounts module where the TokenCache is no longer popoulated. Ref: Azure/azure-powershell#13337
corvus-dotnet · Nov 12, 2020 · 2e7563f · 2e7563f
1 parent 210f041
commit 2e7563f
Showing 1 changed file with 12 additions and 7 deletions.
diff --git a/module/functions/azure/aad/Test-AzureGraphAccess.ps1 b/module/functions/azure/aad/Test-AzureGraphAccess.ps1
@@ -19,13 +19,18 @@ function Test-AzureGraphAccess
     (
     )
 
-    # perform an arbitrary AAD operation to force getting a graph api token, in case don't yet have one
-    Get-AzADApplication -ApplicationId (New-Guid).Guid -ErrorAction SilentlyContinue | Out-Null
-
-    if ( !(Get-AzureAdGraphToken) ) {
-        return $False
+    # perform an arbitrary AAD operation to see if we have read access to the graph API
+    try {
+        Get-AzADApplication -ApplicationId (New-Guid).Guid -ErrorAction Stop
     }
-    else {
-        return $True
+    catch {
+        if ($_.Exception.Message -match "Insufficient privileges") {
+            return $False
+        }
+        else {
+            throw $_
+        }
     }
+
+    return $True
 }