classes/auth/TssSession.class.ps1

class TssSession {
    [string]
    $SecretServer

    [string]
    $SecretServerVersion

    [string]
    $ApiVersion = 'api/v1'

    hidden
    [string]
    $WindowsAuth = 'winauthwebservices'

    [string]
    $ApiUrl

    [string]
    $AccessToken

    [string]
    $RefreshToken

    [string]
    $TokenType

    [int]
    $ExpiresIn

    [datetime]
    $StartTime

    [datetime]
    $TimeOfDeath

    [int]
    $Take = [int]::MaxValue

    [boolean]
    IsValidSession() {
        if ([string]::IsNullOrEmpty($this.AccessToken) -and $this.StartTime -eq '0001-01-01 00:00:00') {
            return $false
        } elseif ($this.TokenType -in ('WindowsAuth','SdkClient')) {
            return $true
        } else {
            return $true
        }
    }

    [boolean]
    IsValidToken() {
        if ([string]::IsNullOrEmpty($this.AccessToken)) {
            Write-Warning 'No valid token found for current TssSession object'
            return $false
        } elseif ([datetime]::Now -lt $this.TimeOfDeath -and ($this.TokenType -notin ('ExternalToken','SdkClient'))) {
            return $true
        } elseif ([datetime]::Now -gt $this.TimeOfDeath -and ($this.TokenType -notin ('ExternalToken','SdkClient'))) {
            Write-Warning 'Token is not valid and has exceeded TimeOfDeath'
            return $false
        } elseif ($this.TokenType -eq 'ExternalToken') {
            Write-Warning 'Token was provided through external source, unable to validate'
            return $true
        } elseif ($this.TokenType -in ('WindowsAuth','SdkClient')) {
            Write-Verbose "$($this.TokenType) being used, no validation required"
            return $true
        } else {
            return $true
        }
    }

    [boolean]
    CheckTokenTtl([string]$Unit, [int]$Value) {
        if (($this.TimeOfDeath - [datetime]::Now).$Unit -le $Value) {
            return $true
        } else {
            return $false
        }
    }

    [boolean]
    SessionExpire() {
        $url = $this.ApiUrl, 'oauth-expiration' -join '/'
        try {
            if ($this.TokenType -notin ('WindowsAuth','SdkClient')) {
                Invoke-TssRestApi -Uri $url -Method Post -PersonalAccessToken $this.AccessToken
                return $true
            } else {
                Write-Warning "$($this.TokenType) being used, SessionExpire is not required"
                return $false
            }
        } catch {
            return $false
        }
    }

    [boolean]
    SessionRefresh() {
        if ($this.TokenType -eq 'ExternalToken') {
            Write-Warning 'Token was provided through external source, SessionRefresh is not supported'
            return $false
        }
        if ($this.TokenType -in ('WindowsAuth','SdkClient')) {
            Write-Warning "$($this.TokenType) being used, SessionRefresh is not supported or required"
            return $false
        }
        try {
            $url = $this.SecretServer, 'oauth2', 'token' -join '/'
            $body = @{
                refresh_token = $this.RefreshToken
                grant_type    = 'refresh_token'
            }
            $response = Invoke-TssRestApi -Uri $url -Method Post -Body $body -ErrorAction Stop

            $this.AccessToken = $response.access_token
            $this.RefreshToken = $response.refresh_token
            $this.ExpiresIn = $response.expires_in
            $this.TokenType = $response.token_type
            $this.StartTime = [datetime]::Now
            $this.TimeOfDeath = [datetime]::Now.Add([timespan]::FromSeconds($response.expires_in))
            return $true
        } catch {
            throw $_
        }
    }
}