public/AuthorizationRule.ps1

# https://developer.okta.com/docs/reference/api/authorization-servers/#policy-rule-operations
Set-StrictMode -Version Latest

function Get-OktaRule
{
    [CmdletBinding()]
    param (
        [Parameter(Mandatory)]
        [string] $AuthorizationServerId,
        [Parameter(Mandatory)]
        [string] $PolicyId,
        [Parameter(Mandatory,ParameterSetName="ById",ValueFromPipeline,ValueFromPipelineByPropertyName)]
        [Alias("Id")]
        [string] $RuleId,
        [Parameter(ParameterSetName="Query")]
        [string] $Query,
        [switch] $Json
    )

    process {
        if ($RuleId) {
            Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId/rules/$RuleId" -Method GET -Json:$Json
        } else {
            Find-InResult -Query $Query -Result (Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId/rules" -Method GET -Json:$Json)
        }

    }
 }

function New-OktaRule
{
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSShouldProcess", "")]
    [CmdletBinding(SupportsShouldProcess)]
    param (
        [Parameter(Mandatory)]
        [string] $AuthorizationServerId,
        [Parameter(Mandatory)]
        [string] $PolicyId,
        [Parameter(Mandatory)]
        [string] $Name,
        [switch] $Inactive,
        [uint32] $Priority = 1,
        [Parameter(Mandatory)]
        [ValidateSet("authorization_code", "password", "refresh_token", "client_credentials", "implicit")]
        [string[]] $GrantTypes,
        [string[]] $Scopes = @('*'),
        [string[]] $UserIds,
        [string[]] $GroupIds = "EVERYONE",
        [ValidateRange(5, 1440)]
        [uint32] $AccessTokenLifetimeMinutes = 60,
        [uint32] $RefreshTokenLifetimeMinutes = 0, # 0 = unlimited
        [ValidateRange(1, 1825)]
        [uint32] $RefreshTokenWindowDays = 7
    )
    $body = @{
        type       = "RESOURCE_ACCESS"
        name       = $Name
        status     = ternary $Inactive "INACTIVE" "ACTIVE"
        priority   = $Priority
        conditions = @{
            people     = @{
                users  = @{
                    include = @()
                    exclude = @()
                }
                groups = @{
                    include = @($GroupIds)
                    exclude = @()
                }
            }
            grantTypes = @{
                include = @($GrantTypes)
            }
            scopes = @{
                include = @()
            }
        }
        actions    = @{
            token = @{
                accessTokenLifetimeMinutes  = $AccessTokenLifetimeMinutes
                refreshTokenLifetimeMinutes = $RefreshTokenLifetimeMinutes
                refreshTokenWindowMinutes   = $RefreshTokenWindowDays*24*60
            }
        }
    }
    if ($Scopes)
    {
        $body.conditions.scopes.include += $Scopes
    }
    if ($UserIds)
    {
        $body.conditions.users.include += $UserIds
    }
    Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId/rules" -Method POST -Body $body
}

function Remove-OktaRule
{
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSShouldProcess", "")]
    [CmdletBinding(SupportsShouldProcess)]
    param (
        [Parameter(Mandatory)]
        [string] $AuthorizationServerId,
        [Parameter(Mandatory)]
        [string] $PolicyId,
        [Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)]
        [Alias("Id")]
        [string] $RuleId
    )

    process {
        Set-StrictMode -Version Latest

        $rule = Get-OktaRule -AuthorizationServerId $AuthorizationServerId -PolicyId $PolicyId -RuleId $RuleId
        if ($rule) {
            if ($PSCmdlet.ShouldProcess($rule.Name,"Remove Rule")) {
                Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId/rules/$RuleId" -Method DELETE
            }
        } else {
            Write-Warning "Rule with id '$RuleId' not found for auth/policy $AuthorizationServerId/$PolicyId "
        }
    }
}

function Set-OktaRule {
    [CmdletBinding(SupportsShouldProcess)]
    param (
        [Parameter(Mandatory)]
        [string] $AuthorizationServerId,
        [Parameter(Mandatory)]
        [string] $PolicyId,
        [PSCustomObject] $Rule
    )

    if ($PSCmdlet.ShouldProcess("$($Rule.Name)","Update Rule")) {
        Invoke-OktaApi -RelativeUri "authorizationServers/$AuthorizationServerId/policies/$PolicyId/rules/$($Rule.id)" -Body $Rule -Method PUT
    }
}