Allegis

1.1.12

Public/Get-AllegisIDNOAuthAccessToken.ps1

                                function Get-AllegisIDNOAuthAccessToken {

Param(

    [Parameter(Mandatory=$true, ParameterSetName="client_credentials")]

    [Parameter(Mandatory=$true, ParameterSetName="password")]

    [Parameter(Mandatory=$true, ParameterSetName="refresh_token")]

    [string]$org,

    [Parameter(Mandatory=$true, ParameterSetName="client_credentials")]

    [Parameter(Mandatory=$true, ParameterSetName="password")]

    [Parameter(Mandatory=$true, ParameterSetName="refresh_token")]

    [string]$clientid,

    [Parameter(Mandatory=$true, ParameterSetName="client_credentials")]

    [Parameter(Mandatory=$true, ParameterSetName="password")]

    [Parameter(Mandatory=$true, ParameterSetName="refresh_token")]

    [string]$clientsecret,    

    [Parameter(Mandatory=$true, ParameterSetName="password")]

    [string]$adminusername,

    [Parameter(Mandatory=$true, ParameterSetName="password")]

    [string]$adminpassword,

    [Parameter(Mandatory=$true, ParameterSetName="refresh_token")]

    [string]$refreshtoken

)

    if ($clientID.length -ne 36){Write-Warning "unexpected size for client ID, proceeding"}

    $url="https://$org.api.identitynow.com/oauth/token"

    $Bytes = [System.Text.Encoding]::utf8.GetBytes("$($clientID):$($clientSecret)")

    $encodedAuth = [Convert]::ToBase64String($Bytes)

    $Header = @{Authorization = "Basic $($encodedAuth)"}

    switch ($PsCmdlet.ParameterSetName){

        client_credentials{

            Write-Warning "grant type client_credentials will not always have access to admin functions, you may get 403 depending on what api you use"

            $Token = Invoke-RestMethod -Method Post -Uri "$($url)?grant_type=client_credentials" -Headers $Header

        }

        password{

            $adminusername = $adminusername.ToLower()

            $passwordHash = Get-Hash -Algorithm SHA256 -StringEncoding utf8 -InputObject ($($adminpassword) + (Get-Hash -Algorithm SHA256 -StringEncoding utf8 -InputObject ($adminusername)).HashString.ToLower())

            $adminPWD = $passwordHash.ToString().ToLower()

            $Token = Invoke-RestMethod -Method Post -Uri "$($url)?grant_type=password&username=$($adminusername)&password=$($adminPWD)" -Headers $Header

        }

        refresh_token{

            $Body = @{

            grant_type = $PsCmdlet.ParameterSetName

            client_id = $clientID

            client_secret = [System.Web.HttpUtility]::UrlEncode($clientSecret)

            refresh_token = $refreshtoken

            }

            $Token = Invoke-RestMethod -Method Post -Uri $url -Body $body -UseBasicParsing -ContentType 'application\json'

        }

    }

    return $token

}