<# .SYNOPSIS Gets a valid Bearer token for the Ka-Note production API via MSAL.PS. On first run (or after token cache expires): opens browser popup for login. Subsequent runs: silent refresh via cached refresh token. .OUTPUTS Writes the access token string to stdout. #> param() $ErrorActionPreference = 'Stop' $ClientId = '1aba7af7-eec1-4e49-b87e-9f941c0e8630' $TenantId = '94cf90d7-e9ff-49a1-bc3b-a5b94d3cc8ca' $Scopes = "api://$ClientId/access" if (-not (Get-Module -ListAvailable -Name 'MSAL.PS')) { Write-Host " [INFO] Installing MSAL.PS..." -ForegroundColor DarkGray Install-Module -Name 'MSAL.PS' -Scope CurrentUser -Force -AllowClobber } Import-Module MSAL.PS -ErrorAction Stop $p = @{ ClientId = $ClientId; TenantId = $TenantId; Scopes = $Scopes } $r = $null try { $r = Get-MsalToken @p -Silent 2>$null } catch {} if (-not $r) { Write-Host " [AUTH] Opening browser for login..." -ForegroundColor Yellow $r = Get-MsalToken @p -Interactive } if (-not $r?.AccessToken) { Write-Error "Failed to acquire token."; exit 1 } Write-Output $r.AccessToken