v2025/src/PSSailpoint.V2025/Api/V2025PersonalAccessTokensApi.ps1
|
# # Identity Security Cloud V2025 API # Use these APIs to interact with the Identity Security Cloud platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs. # Version: v2025 # Generated by OpenAPI Generator: https://openapi-generator.tech # <# .SYNOPSIS Create personal access token .DESCRIPTION This creates a personal access token. **expirationDate and userAwareTokenNeverExpires Relationship:** **Important:** When `expirationDate` is `null` or empty (not included in the request body), the token will never expire. **Required Validation:** If `expirationDate` is `null` or empty, `userAwareTokenNeverExpires` must be set to `true`. This is a required validation rule. The valid values for `expirationDate` depend on the value provided for `userAwareTokenNeverExpires`: * **When `userAwareTokenNeverExpires` is `true` (or required to be `true`):** `expirationDate` can be `null` or omitted from the request body. When `expirationDate` is `null` or empty, the token will never expire. This creates a PAT that never expires and serves as an explicit acknowledgment that the user is aware of the security implications of creating a non-expiring token. * **When `userAwareTokenNeverExpires` is `false` or omitted:** `expirationDate` must be provided and must be a valid date-time string representing a future date (there is no upper limit). `expirationDate` cannot be `null` in this case. In this scenario, `userAwareTokenNeverExpires` can be omitted. **Validation Rules:** * **If `expirationDate` is `null` or not included in the request body:** `userAwareTokenNeverExpires` must be set to `true` (required). The token will never expire. * **If `expirationDate` is provided and is not `null`:** `userAwareTokenNeverExpires` can be omitted. **Security Considerations:** The `userAwareTokenNeverExpires` field is designed to ensure that users explicitly acknowledge the security implications of creating tokens that never expire. Setting this field to `true` indicates that the user understands the increased security risks and has made an informed decision to proceed. **Note:** The `userAwareTokenNeverExpires` field indicates that the user acknowledges they are creating a token that will never expire. It does not affect token behavior beyond indicating this acknowledgment. .PARAMETER CreatePersonalAccessTokenRequest Configuration for creating a personal access token, including name, scope, expiration settings, and user acknowledgment of never-expiring tokens. **Important:** See the endpoint description for validation rules regarding the relationship between `expirationDate` and `userAwareTokenNeverExpires`. .PARAMETER WithHttpInfo A switch when turned on will return a hash table of Response, StatusCode and Headers instead of just the Response .OUTPUTS CreatePersonalAccessTokenResponse #> function New-V2025PersonalAccessToken { [CmdletBinding()] Param ( [Parameter(Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $false)] [PSCustomObject] ${CreatePersonalAccessTokenRequest}, [Switch] $WithHttpInfo ) Process { 'Calling method: New-V2025PersonalAccessToken' | Write-Debug $PSBoundParameters | Out-DebugParameter | Write-Debug $LocalVarAccepts = @() $LocalVarContentTypes = @() $LocalVarQueryParameters = @{} $LocalVarHeaderParameters = @{} $LocalVarFormParameters = @{} $LocalVarPathParameters = @{} $LocalVarCookieParameters = @{} $LocalVarBodyParameter = $null # HTTP header 'Accept' (if needed) $LocalVarAccepts = @('application/json') # HTTP header 'Content-Type' $LocalVarContentTypes = @('application/json') $LocalVarUri = '/personal-access-tokens' if (!$CreatePersonalAccessTokenRequest) { throw "Error! The required parameter `CreatePersonalAccessTokenRequest` missing when calling createPersonalAccessToken." } if ($LocalVarContentTypes.Contains('application/json-patch+json') -or ($CreatePersonalAccessTokenRequest -is [array])) { $LocalVarBodyParameter = $CreatePersonalAccessTokenRequest | ConvertTo-Json -AsArray -Depth 100 } else { $LocalVarBodyParameter = $CreatePersonalAccessTokenRequest | ForEach-Object { # Get array of names of object properties that can be cast to boolean TRUE # PSObject.Properties - https://msdn.microsoft.com/en-us/library/system.management.automation.psobject.properties.aspx $NonEmptyProperties = $_.psobject.Properties | Where-Object {$null -ne $_.Value} | Select-Object -ExpandProperty Name # Convert object to JSON with only non-empty properties $_ | Select-Object -Property $NonEmptyProperties | ConvertTo-Json -Depth 100 } } $LocalVarResult = Invoke-V2025ApiClient -Method 'POST' ` -Uri $LocalVarUri ` -Accepts $LocalVarAccepts ` -ContentTypes $LocalVarContentTypes ` -Body $LocalVarBodyParameter ` -HeaderParameters $LocalVarHeaderParameters ` -QueryParameters $LocalVarQueryParameters ` -FormParameters $LocalVarFormParameters ` -CookieParameters $LocalVarCookieParameters ` -ReturnType "CreatePersonalAccessTokenResponse" ` -IsBodyNullable $false if ($WithHttpInfo.IsPresent) { return $LocalVarResult } else { return $LocalVarResult["Response"] } } } <# .SYNOPSIS Delete personal access token .DESCRIPTION This deletes a personal access token. .PARAMETER Id The personal access token id .PARAMETER WithHttpInfo A switch when turned on will return a hash table of Response, StatusCode and Headers instead of just the Response .OUTPUTS None #> function Remove-V2025PersonalAccessToken { [CmdletBinding()] Param ( [Parameter(Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $false)] [String] ${Id}, [Switch] $WithHttpInfo ) Process { 'Calling method: Remove-V2025PersonalAccessToken' | Write-Debug $PSBoundParameters | Out-DebugParameter | Write-Debug $LocalVarAccepts = @() $LocalVarContentTypes = @() $LocalVarQueryParameters = @{} $LocalVarHeaderParameters = @{} $LocalVarFormParameters = @{} $LocalVarPathParameters = @{} $LocalVarCookieParameters = @{} $LocalVarBodyParameter = $null # HTTP header 'Accept' (if needed) $LocalVarAccepts = @('application/json') $LocalVarUri = '/personal-access-tokens/{id}' if (!$Id) { throw "Error! The required parameter `Id` missing when calling deletePersonalAccessToken." } $LocalVarUri = $LocalVarUri.replace('{id}', [System.Web.HTTPUtility]::UrlEncode($Id)) $LocalVarResult = Invoke-V2025ApiClient -Method 'DELETE' ` -Uri $LocalVarUri ` -Accepts $LocalVarAccepts ` -ContentTypes $LocalVarContentTypes ` -Body $LocalVarBodyParameter ` -HeaderParameters $LocalVarHeaderParameters ` -QueryParameters $LocalVarQueryParameters ` -FormParameters $LocalVarFormParameters ` -CookieParameters $LocalVarCookieParameters ` -ReturnType "" ` -IsBodyNullable $false if ($WithHttpInfo.IsPresent) { return $LocalVarResult } else { return $LocalVarResult["Response"] } } } <# .SYNOPSIS List personal access tokens .DESCRIPTION This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. .PARAMETER OwnerId The identity ID of the owner whose personal access tokens should be listed. If ""me"", the caller should have the following right: 'idn:my-personal-access-tokens:read' If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read' .PARAMETER Filters Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **lastUsed**: *le, isnull* .PARAMETER WithHttpInfo A switch when turned on will return a hash table of Response, StatusCode and Headers instead of just the Response .OUTPUTS GetPersonalAccessTokenResponse[] #> function Get-V2025PersonalAccessTokens { [CmdletBinding()] Param ( [Parameter(Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $false)] [String] ${OwnerId}, [Parameter(Position = 1, ValueFromPipelineByPropertyName = $true, Mandatory = $false)] [String] ${Filters}, [Switch] $WithHttpInfo ) Process { 'Calling method: Get-V2025PersonalAccessTokens' | Write-Debug $PSBoundParameters | Out-DebugParameter | Write-Debug $LocalVarAccepts = @() $LocalVarContentTypes = @() $LocalVarQueryParameters = @{} $LocalVarHeaderParameters = @{} $LocalVarFormParameters = @{} $LocalVarPathParameters = @{} $LocalVarCookieParameters = @{} $LocalVarBodyParameter = $null # HTTP header 'Accept' (if needed) $LocalVarAccepts = @('application/json') $LocalVarUri = '/personal-access-tokens' if ($OwnerId) { $LocalVarQueryParameters['owner-id'] = $OwnerId } if ($Filters) { $LocalVarQueryParameters['filters'] = $Filters } $LocalVarResult = Invoke-V2025ApiClient -Method 'GET' ` -Uri $LocalVarUri ` -Accepts $LocalVarAccepts ` -ContentTypes $LocalVarContentTypes ` -Body $LocalVarBodyParameter ` -HeaderParameters $LocalVarHeaderParameters ` -QueryParameters $LocalVarQueryParameters ` -FormParameters $LocalVarFormParameters ` -CookieParameters $LocalVarCookieParameters ` -ReturnType "GetPersonalAccessTokenResponse[]" ` -IsBodyNullable $false if ($WithHttpInfo.IsPresent) { return $LocalVarResult } else { return $LocalVarResult["Response"] } } } <# .SYNOPSIS Patch personal access token .DESCRIPTION This performs a targeted update to the field(s) of a Personal Access Token. Changing scopes for a Personal Access Token does not impact existing bearer tokens. You will need to create a new bearer token to have the new scopes. Please note that it can take up to 20 minutes for scope changes to be seen on new bearer tokens. **expirationDate and userAwareTokenNeverExpires Relationship:** **Important:** When `expirationDate` is `null` or empty (replaced to `null` or omitted from the patch request), the token will never expire. **Required Validation:** If `expirationDate` is being replaced to `null` or is empty, `userAwareTokenNeverExpires` must be set to `true` in the patch request. This is a required validation rule. When patching `expirationDate` and `userAwareTokenNeverExpires`, the valid values for `expirationDate` depend on the value provided for `userAwareTokenNeverExpires`: * **When `userAwareTokenNeverExpires` is being set to `true` (or required to be `true`):** `expirationDate` can be replaced to `null` or omitted from the patch request. When `expirationDate` is `null` or empty, the token will never expire. This sets the PAT to never expire and serves as an explicit acknowledgment that the user is aware of the security implications of creating a non-expiring token. * **When `userAwareTokenNeverExpires` is `false` or omitted:** `expirationDate` must be provided and must be a valid date-time string representing a future date (there is no upper limit). `expirationDate` cannot be `null` in this case. In this scenario, `userAwareTokenNeverExpires` can be omitted. **Validation Rules:** * **If `expirationDate` is being replaced to `null`:** `userAwareTokenNeverExpires` must also be present in the patch request with a value of `true` (required). The token will never expire. * **If `expirationDate` is not being replaced to `null` (i.e., set to a future date):** `userAwareTokenNeverExpires` can be omitted. **Security Considerations:** The `userAwareTokenNeverExpires` field is designed to ensure that users explicitly acknowledge the security implications of creating tokens that never expire. Setting this field to `true` indicates that the user understands the increased security risks and has made an informed decision to proceed. **Note:** The `userAwareTokenNeverExpires` field indicates that the user acknowledges they are creating a token that will never expire. It does not affect token behavior beyond indicating this acknowledgment. .PARAMETER Id The Personal Access Token id .PARAMETER JsonPatchOperation A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * scope * expirationDate * userAwareTokenNeverExpires **Important:** See the endpoint description for validation rules regarding the relationship between `expirationDate` and `userAwareTokenNeverExpires`. .PARAMETER WithHttpInfo A switch when turned on will return a hash table of Response, StatusCode and Headers instead of just the Response .OUTPUTS GetPersonalAccessTokenResponse #> function Update-V2025PersonalAccessToken { [CmdletBinding()] Param ( [Parameter(Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $false)] [String] ${Id}, [Parameter(Position = 1, ValueFromPipelineByPropertyName = $true, Mandatory = $false)] [PSCustomObject[]] ${JsonPatchOperation}, [Switch] $WithHttpInfo ) Process { 'Calling method: Update-V2025PersonalAccessToken' | Write-Debug $PSBoundParameters | Out-DebugParameter | Write-Debug $LocalVarAccepts = @() $LocalVarContentTypes = @() $LocalVarQueryParameters = @{} $LocalVarHeaderParameters = @{} $LocalVarFormParameters = @{} $LocalVarPathParameters = @{} $LocalVarCookieParameters = @{} $LocalVarBodyParameter = $null # HTTP header 'Accept' (if needed) $LocalVarAccepts = @('application/json') # HTTP header 'Content-Type' $LocalVarContentTypes = @('application/json-patch+json') $LocalVarUri = '/personal-access-tokens/{id}' if (!$Id) { throw "Error! The required parameter `Id` missing when calling patchPersonalAccessToken." } $LocalVarUri = $LocalVarUri.replace('{id}', [System.Web.HTTPUtility]::UrlEncode($Id)) if (!$JsonPatchOperation) { throw "Error! The required parameter `JsonPatchOperation` missing when calling patchPersonalAccessToken." } if ($LocalVarContentTypes.Contains('application/json-patch+json') -or ($JsonPatchOperation -is [array])) { $LocalVarBodyParameter = $JsonPatchOperation | ConvertTo-Json -AsArray -Depth 100 } else { $LocalVarBodyParameter = $JsonPatchOperation | ForEach-Object { # Get array of names of object properties that can be cast to boolean TRUE # PSObject.Properties - https://msdn.microsoft.com/en-us/library/system.management.automation.psobject.properties.aspx $NonEmptyProperties = $_.psobject.Properties | Where-Object {$null -ne $_.Value} | Select-Object -ExpandProperty Name # Convert object to JSON with only non-empty properties $_ | Select-Object -Property $NonEmptyProperties | ConvertTo-Json -Depth 100 } } $LocalVarResult = Invoke-V2025ApiClient -Method 'PATCH' ` -Uri $LocalVarUri ` -Accepts $LocalVarAccepts ` -ContentTypes $LocalVarContentTypes ` -Body $LocalVarBodyParameter ` -HeaderParameters $LocalVarHeaderParameters ` -QueryParameters $LocalVarQueryParameters ` -FormParameters $LocalVarFormParameters ` -CookieParameters $LocalVarCookieParameters ` -ReturnType "GetPersonalAccessTokenResponse" ` -IsBodyNullable $false if ($WithHttpInfo.IsPresent) { return $LocalVarResult } else { return $LocalVarResult["Response"] } } } |