Public/new-IDNauthHeader.ps1
|
# # create_IDNauthHeader.ps1 # function new-IDNauthHeader { param( [parameter(Mandatory=$true, parametersetname='AccessToken')][string]$accesstoken, [Parameter(Mandatory=$true, ParameterSetName='APIv3 client_credentials')] [Parameter(Mandatory=$true, ParameterSetName='APIv3 password')] [Parameter(Mandatory=$true, ParameterSetName='APIv3 refresh_token')] [string]$org, [Parameter(Mandatory=$true, ParameterSetName='APIv3 client_credentials')] [Parameter(Mandatory=$true, ParameterSetName='APIv3 password')] [Parameter(Mandatory=$true, ParameterSetName='APIv3 refresh_token')] [parameter(Mandatory=$true, parametersetname='APIv2')] [string]$clientID, [parameter(Mandatory=$true, parametersetname='APIv2')][string]$clientKey, [Parameter(Mandatory=$true, ParameterSetName='APIv3 client_credentials')] [Parameter(Mandatory=$true, ParameterSetName='APIv3 password')] [Parameter(Mandatory=$true, ParameterSetName='APIv3 refresh_token')] [string]$clientsecret, [Parameter(Mandatory=$true, ParameterSetName='APIv3 password')] [string]$adminusername, [Parameter(Mandatory=$true, ParameterSetName='APIv3 password')] [string]$adminpassword, [Parameter(Mandatory=$true, ParameterSetName='APIv3 refresh_token')] [string]$refreshtoken, [Parameter(ParameterSetName='APIv3 client_credentials')] [Parameter(ParameterSetName='APIv3 password')] [Parameter(ParameterSetName='APIv3 refresh_token')] [switch]$headeronly ) $oauthurl="https://$org.api.identitynow.com/oauth/token" switch ($PsCmdlet.ParameterSetName){ AccessToken {return @{Authorization = "Bearer $accesstoken"}} APIv2 { $bytes =[system.text.encoding]::UTF8.GetBytes("$($clientID):$clientkey") $encodedauth = [convert]::ToBase64String($bytes) return @{Authorization = "Basic $encodedauth"} } 'APIv3 client_credentials'{ if ($clientID.length -ne 36){Write-Warning "unexpected size for client ID, proceeding"} $bytes =[system.text.encoding]::UTF8.GetBytes("$($clientID):$clientsecret") $encodedauth = [convert]::ToBase64String($bytes) $Header = @{Authorization = "Basic $encodedauth"} Write-Warning "grant type client_credentials will not always have access to admin functions, you may get 403 depending on what api you use" $Token = Invoke-RestMethod -Method Post -Uri "$($oauthurl)?grant_type=client_credentials" -Headers $Header if ($headeronly){ return @{Authorization = "Bearer $($token.access_token)"} }else{ return @{Authorization = "Bearer $($token.access_token)"},$token } } 'APIv3 password'{ if ($clientID.length -ne 36){Write-Warning "unexpected size for client ID, proceeding"} $bytes =[system.text.encoding]::UTF8.GetBytes("$($clientID):$clientsecret") $encodedauth = [convert]::ToBase64String($bytes) $Header = @{Authorization = "Basic $encodedauth"} $adminusername = $adminusername.ToLower() $passwordHash = Get-Hash -Algorithm SHA256 -StringEncoding utf8 -InputObject ($($adminpassword) + (Get-Hash -Algorithm SHA256 -StringEncoding utf8 -InputObject ($adminusername)).HashString.ToLower()) $adminPWD = $passwordHash.ToString().ToLower() $Token = Invoke-RestMethod -Method Post -Uri "$($oauthurl)?grant_type=password&username=$($adminusername)&password=$($adminPWD)" -Headers $Header if ($headeronly){ return @{Authorization = "Bearer $($token.access_token)"} }else{ return @{Authorization = "Bearer $($token.access_token)"},$token } } 'APIv3 refresh_token'{ $Body = @{ grant_type = 'refresh_token' client_id = $clientID client_secret = [System.Web.HttpUtility]::UrlEncode($clientSecret) refresh_token = $refreshtoken } $Token = Invoke-RestMethod -Method Post -Uri $oauthurl -Body $body if ($headeronly){ return @{Authorization = "Bearer $($token.access_token)"} }else{ return @{Authorization = "Bearer $($token.access_token)"},$token } } } } |