Initial Version

2025-06-12 10:19:06 -07:00 · 2025-06-12 10:19:06 -07:00 · 740994ae40
commit 740994ae40
4 changed files with 217 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*.html
--- a/AppleBusinessManager.psd1
+++ b/AppleBusinessManager.psd1
@ -0,0 +1,132 @@
+#
+# Module manifest for module 'ABMPS'
+#
+# Generated by: Liam Steckler
+#
+# Generated on: 6/11/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'AppleBusinessManager.psm1'
+
+# Version number of this module.
+ModuleVersion = '1.0'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = 'ba7191aa-8343-45d4-941b-52ddc74d7cc7'
+
+# Author of this module
+Author = 'Liam Steckler'
+
+# Company or vendor of this module
+CompanyName = 'Unknown'
+
+# Copyright statement for this module
+Copyright = '(c) Liam Steckler. All rights reserved.'
+
+# Description of the functionality provided by this module
+# Description = ''
+
+# Minimum version of the PowerShell engine required by this module
+PowerShellVersion = '7.0.0'
+
+# Name of the PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# ClrVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+    PSData = @{
+
+        # Tags applied to this module. These help with module discovery in online galleries.
+        # Tags = @()
+
+        # A URL to the license for this module.
+        # LicenseUri = ''
+
+        # A URL to the main website for this project.
+        # ProjectUri = ''
+
+        # A URL to an icon representing this module.
+        # IconUri = ''
+
+        # ReleaseNotes of this module
+        # ReleaseNotes = ''
+
+        # Prerelease string of this module
+        # Prerelease = ''
+
+        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+        # RequireLicenseAcceptance = $false
+
+        # External dependent modules of this module
+        # ExternalModuleDependencies = @()
+
+    } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
--- a/AppleBusinessManager.psm1
+++ b/AppleBusinessManager.psm1
@ -0,0 +1,81 @@
+#Requires -Version 7.0
+#Requires -Module jwtPS
+function Connect-AppleBusinessManager {
+    if (-not $Env:AppleBusinessManagerClientId -or -not $Env:AppleBusinessManagerPrivateKeyId -or -not $Env:AppleBusinessManagerPrivateKey) {
+        throw "Client ID, Private Key ID and Private Key environment variables were not set for Apple Business Manager"
+    }
+    $Script:ClientId = $Env:AppleBusinessManagerClientId
+    $Script:PrivateKey = $Env:AppleBusinessManagerPrivateKey
+    $Script:PrivateKeyId = $Env:AppleBusinessManagerPrivateKeyId
+
+    $Header = @{
+        'kid' = $Script:PrivateKeyId
+    }
+
+    $Payload = @{
+        aud = "https://account.apple.com/auth/oauth2/v2/token" 
+        iss = $Script:ClientId
+        sub = $Script:ClientId
+        iat = ([System.DateTimeOffset]::Now).ToUnixTimeSeconds()
+        exp = ([System.DateTimeOffset]::Now.AddMinutes(15)).ToUnixTimeSeconds()
+        jti = [guid]::NewGuid()
+    }
+
+    $Hashing = [jwtTypes+encryption]::SHA256
+    $Signature = [jwtTypes+algorithm]::ECDsa
+    $Algorithm = [jwtTypes+cryptographyType]::new($Signature, $Hashing)
+    $JWT = New-JWT -Payload $Payload -Algorithm $Algorithm -Secret $Script:PrivateKey -Header $Header
+    Write-Verbose $JWT
+
+    $Script:Body = @{
+        'grant_type'            = 'client_credentials'
+        'client_id'             = $Script:ClientId
+        'client_assertion'      = $JWT
+        'client_assertion_type' = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
+        'scope'                 = 'business.api'
+    }
+
+    $Script:AuthResponse = Invoke-RestMethod -Method Post -Uri 'https://account.apple.com/auth/oauth2/token' -Body $Script:Body -SkipHttpErrorCheck
+    if ($Script:AuthResponse.error) {
+        throw $Script:AuthResponse.Error
+    }
+    $Script:ExpiresAt = (Get-Date).AddSeconds($Script:AuthResponse.expires_in)
+}
+
+function Get-AppleBusinessManagerBearerToken {
+    if (-not $Script:AuthResponse) {
+        try {
+            Connect-AppleBusinessManager
+        }
+        catch {
+            throw "Authorization has not been completed, use Connect-AppleBusinessManager first."
+        }
+    }
+    if ((Get-Date).AddMinutes(1) -ge $Script:ExpiresAt) {
+        # Access token is approaching expiration, get a new access token
+        Connect-AppleBusinessManager
+    }
+
+    return ($Script:AuthResponse.access_token | ConvertTo-SecureString -AsPlainText -Force)
+}
+
+function Invoke-AppleBusinessManagerPagedApiRequest {
+    param (
+        [Parameter(Mandatory = $true)][uri] $Uri
+    )
+    $Results = New-Object System.Collections.ArrayList
+    while ($Uri) {
+        $Result = Invoke-RestMethod $Uri -Authentication Bearer -Token (Get-AppleBusinessManagerBearerToken) -ErrorAction Stop
+        $Uri = $Result.links.next
+        $Results.AddRange($Result.data) | Out-Null
+    }
+    return $Results
+}
+
+function Get-AppleBusinessManagerOrgDevices {
+    return Invoke-AppleBusinessManagerPagedApiRequest -Uri "https://api-business.apple.com/v1/orgDevices"
+}
+
+function Get-AppleBusinessManagerMdmServers {
+    return Invoke-AppleBusinessManagerPagedApiRequest -Uri "https://api-business.apple.com/v1/mdmServers"
+}
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
+# Apple Business Manager API Module for PowerShell
+To use this module, you'll need to convert the private key from Apple to a .NET friendly format:
+```openssl pkcs8 -topk8 -inform PEM -outform PEM -in [path to your key from Apple] -out [path to where you want to save the converted key] -nocrypt```