PSFalcon

1.4.2

oauth2/Get-CsToken.psm1

                                function Get-CsToken {

<#

    .SYNOPSIS

        Request an OAuth2 access token

    .PARAMETER ID

        Client Id

    .PARAMETER SECRET

        Client Secret

    .PARAMETER CID

        Specific CID to target in MSSP configurations

    .PARAMETER CLOUD

        CrowdStrike destination cloud [default: 'US']

    .PARAMETER PROXY

        Web proxy address

#>

    [CmdletBinding()]

    [OutputType([psobject])]

    param(

        [string]

        $Id,

        [string]

        $Secret,

        [string]

        $CID,

        [ValidateSet('EU', 'US', 'US-2', 'USFed')]

        [string]

        $Cloud = 'US',

        [string]

        $Proxy

    )

    begin{

        # Create $Falcon for logging and caching credentials

        if (-not($Falcon)) {

            [System.Collections.Hashtable] $Global:Falcon = @{}

        }

        # Set $Falcon.host based on $Cloud

        switch ($Cloud) {

            'EU' { $Falcon['host'] = 'https://api.eu-1.crowdstrike.com' }

            'US' { $Falcon['host'] = 'https://api.crowdstrike.com' }

            'US-2' { $Falcon['host'] = 'https://api.us-2.crowdstrike.com' }

            'USFed' { $Falcon['host'] = 'https://api.laggar.gcw.crowdstrike.com' }

        }

        # Capture parameter input

        switch ($PSBoundParameters.Keys) {

            'Id' { $Falcon['id'] = $Id }

            'Secret' { $Falcon['secret'] = $Secret | ConvertTo-SecureString -AsPlainText -Force }

            'CID' { $Falcon['cid'] = [string] $CID }

            'Proxy' { $Falcon['proxy'] = $Proxy }

        }

        # If missing, prompt for Id/Secret

        if (-not($Falcon.id)) {

            $Falcon['id'] = Read-Host 'Client Id'

        }

        if (-not($Falcon.secret)) {

            $Falcon['secret'] = Read-Host 'Client Secret' -AsSecureString

        }

        # Clear existing member CID if $CID was not defined

        if ((-not($CID)) -and ($Falcon.cid)) {

            $Falcon.remove('cid')

        }

        # Clear existing proxy if $Proxy was not defined

        if ((-not($Proxy)) -and ($Falcon.proxy)) {

            $Falcon.remove('proxy')

        }

    }

    process{

        # Set base parameters

        $Param = @{

            Uri = '/oauth2/token'

            Method = 'post'

            Header = @{

                accept = 'application/json'

            }

            Body = 'client_id=' + [string] $Falcon.id + '&client_secret='

        }

        # Add secret to token request

        if ($PSVersionTable.PSVersion.Major -ge 7) {

            $Param.Body += ($Falcon.secret | ConvertFrom-SecureString -AsPlainText)

        } else {

            $Param.Body += ([System.Runtime.InteropServices.Marshal]::PtrToStringAuto(

            [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Falcon.secret)))

        }

        # Add member CID, if defined

        if ($Falcon.cid) {

            $Param.Body += '&member_cid=' + [string] $Falcon.cid

        }

        $Request = Invoke-CsAPI @Param

        # Save token and expiration time to $Falcon

        if ($Request.access_token) {

            $Falcon['expires'] = ((Get-Date).addSeconds($Request.expires_in))

            $Falcon['token'] = [string] $Request.token_type + ' ' + [string] $Request.access_token

        }

        else {

            # Erase $Falcon if token request fails

            Remove-Variable -Name Falcon -Scope Global

            # Output error

            if ($Request.errors) {

                $Request.errors

            }

            else {

                $Request

            }

        }

    }

}