Functions/New-GSuiteEndpointConfiguration.ps1

<#
.SYNOPSIS
    This function creates a GSuite Endpoint Configuration given a GSuite application id, client secret and refresh tokens.
#>

function New-GSuiteEndpointConfiguration {
    [CmdletBinding(PositionalBinding=$true)]
    [OutputType([Object])]
    param (
        # The username to be stored in the new endpoint.
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string]$gSuiteApplicationID,

        # The client secret of the GSuite application.
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string]$gSuiteClientSecret,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.user'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$userRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.group'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$groupRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.orgunit'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$organizationalUnitRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.userschema'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$userSchemaRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.device.mobile'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$mobileDeviceRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.user.security'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$securityRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.customer'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$customerRefreshToken,

        # The refresh token which has a scope of 'https://www.googleapis.com/auth/admin.directory.domain'
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [String]$domainRefreshToken
    )

    # Initialize the password
    $gSuitePassword = "ClientSecret:$($gSuiteClientSecret)"

    # Declare the scopes for refresh tokens
    $refreshTokenScopes = @(
        "User",
        "Group",
        "OrganizationalUnit",
        "UserSchema",
        "MobileDevice",
        "Security",
        "Customer",
        "Domain"
    )

    # Append the refresh tokens to the client secret
    foreach ($scope in $refreshTokenScopes) {
        $refreshToken = Invoke-Expression ("`$" + (Invoke-Expression "`$scope") + "RefreshToken")
        if (![String]::IsNullOrWhiteSpace($refreshToken)){
            $gSuitePassword += " $($scope):$($refreshToken)"
        }
    }

    # Initialize a configuration for GSuite
    $importConfiguration = New-Object -TypeName ManagementProxy.ManagementService.GenericConfiguration -Property @{
        "Url"                          = "https://admin.google.com";
        "Username"                     = $gSuiteApplicationID;
        "Password"                     = $gSuitePassword;
        "UseAdministrativeCredentials" = $true;
    }

    return $importConfiguration
}