Public/Get-EdgeRefreshedAdminToken.ps1

Function Get-EdgeRefreshedAdminToken {
    <#
    .SYNOPSIS
        Gets an OAuth token for Edge Administration.

    .DESCRIPTION
        Gets an OAuth token for Edge Administration. This works only with Edge SaaS.
        You must have previously called Set-EdgeConnection to specify the user + password.

    .PARAMETER SsoZone
        Optional. The SSO Zone for your user. By default there is no zone. This value will affect the SSO Login URL.
        If you pass in "zone1" then the login url will become https://zone1.login.apigee.com/ . If you would like
        to explicitly specify the SSO URL, then omit this parameter and set the SsoUrl parameter.
        Specify at most one of SsoZone and SsoUrl.

    .PARAMETER SsoUrl
        Optional. This defaults to 'https://login.apigee.com'. If you are using SAML Sign in, then specify
        https://YOURZONE.login.apigee.com/ for this parameter. Specify at most one of SsoZone and SsoUrl.

    .PARAMETER UserToken
       Required. The user token to refresh.

    .LINK
        Set-EdgeConnection

    .LINK
        Get-EdgeNewAdminToken

    .LINK
        Get-EdgeStashedAdminToken

    .FUNCTIONALITY
        ApigeeEdge

    #>


    [cmdletbinding()]

    PARAM(
        [string]$SsoZone,
        [string]$SsoUrl,
        [System.Management.Automation.PSNoteProperty] $UserToken
    )

    PROCESS {
        if ($PSBoundParameters['Debug']) {
            $DebugPreference = 'Continue'
        }

        if (!$UserToken) {
            throw [System.ArgumentNullException] "You must pass a usertoken [PSNoteProperty]."
        }

        $BaseLoginUrl = $(if ($PSBoundParameters['SsoZone']) {
                            [string]::Format('https://{0}.login.apigee.com/', $SsoZone )
                        }
                        elseif ($PSBoundParameters['SsoUrl']) {
                            $SsoUrl
                        }
                        else {
                            'https://login.apigee.com'
                        })

        $User = $MyInvocation.MyCommand.Module.PrivateData.Connection['User']

        # $MgmtUri = $MyInvocation.MyCommand.Module.PrivateData.Connection['MgmtUri']
        # if (! $MgmtUri.Equals("https://api.enterprise.apigee.com") ) {
        # throw [System.InvalidOperationException] "You can get a token only when connecting to Edge SaaS."
        # }

        $IRMParams = @{
            Uri = $(Join-Parts -Separator '/' -Parts $BaseLoginUrl, 'oauth','token' )
            Method = 'POST'
            Headers = @{
                Accept = 'application/json'
                Authorization = 'Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0'
            }
            Body = @{
                refresh_token = $UserToken.Value.refresh_token
                grant_type = "refresh_token"
            }
        }

        Write-Debug ( "Running $($MyInvocation.MyCommand).`n" +
                      "Invoke-RestMethod parameters:`n$($IRMParams | Format-List | Out-String)" )

        Try {
            $TokenResult = Invoke-RestMethod @IRMParams
            Write-Debug "Raw:`n$($TokenResult | Out-String)"

            Write-Debug ("TokenResult type: " + $TokenResult.GetType().ToString())
            if ($TokenResult -and $TokenResult.psobject -and $TokenResult.psobject.properties) {
                Add-Member -InputObject $TokenResult -MemberType NoteProperty -Name "issued_at" -Value $(Get-NowMilliseconds)
                Write-Debug "Updated:`n$($TokenResult | Out-String)"
                Write-EdgeTokenStash -User $User -NewToken $TokenResult
                $MyInvocation.MyCommand.Module.PrivateData.Connection['MostRecentRefresh'] = $(Get-NowMilliseconds)
            }
        }
        Catch {
            Throw $_
        }
        Finally {
            Remove-Variable UserToken
        }

        Get-EdgeStashedAdminToken
    }
}