Public/Revoke-TppToken.ps1
<#
.SYNOPSIS Revoke a token .DESCRIPTION Revoke a token and invalidate the refresh token if provided/available. This could be an access token retrieved from this module or from other means. .PARAMETER AuthServer Server name or URL for the vedauth service .PARAMETER AccessToken Access token to be revoked .PARAMETER TppToken Token object obtained from New-TppToken .PARAMETER TppSession Session object created from New-TppSession method. The value defaults to the script session object $TppSession. .INPUTS TppToken .OUTPUTS Version .EXAMPLE Revoke-TppToken Revoke token stored in session variable from New-TppSession .EXAMPLE Revoke-TppToken -AuthServer venafi.company.com -AccessToken x7xc8h4387dkgheysk Revoke a token obtained from TPP, not necessarily via VenafiTppPS .LINK http://venafitppps.readthedocs.io/en/latest/functions/Revoke-TppToken/ .LINK https://github.com/gdbarron/VenafiTppPS/blob/main/VenafiTppPS/Code/Public/Revoke-TppToken.ps1 .LINK https://docs.venafi.com/Docs/20.1SDK/TopNav/Content/SDK/AuthSDK/r-SDKa-GET-Revoke-Token.php?tocpath=Auth%20SDK%20reference%20for%20token%20management%7C_____13 #> function Revoke-TppToken { [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High', DefaultParameterSetName = 'Session')] param ( [Parameter(Mandatory, ParameterSetName = 'AccessToken')] [ValidateScript( { if ( $_ -match '^(https?:\/\/)?(((?!-))(xn--|_{1,1})?[a-z0-9-]{0,61}[a-z0-9]{1,1}\.)*(xn--)?([a-z0-9][a-z0-9\-]{0,60}|[a-z0-9-]{1,30}\.[a-z]{2,})$' ) { $true } else { throw 'Please enter a valid server, https://venafi.company.com or venafi.company.com' } } )] [string] $AuthServer, [Parameter(Mandatory, ParameterSetName = 'AccessToken')] [string] $AccessToken, [Parameter(Mandatory, ParameterSetName = 'TppToken', ValueFromPipeline)] [pscustomobject] $TppToken, [Parameter(ParameterSetName = 'Session')] [TppSession] $TppSession = $Script:TppSession ) begin { $params = @{ Method = 'Get' UriRoot = 'vedauth' UriLeaf = 'Revoke/Token' } } process { Write-Verbose ('Parameter set: {0}' -f $PSCmdlet.ParameterSetName) switch ($PsCmdlet.ParameterSetName) { 'Session' { $params.TppSession = $TppSession $target = $TppSession.ServerUrl } 'AccessToken' { $AuthUrl = $AuthServer # add prefix if just server was provided if ( $AuthServer -notlike 'https://*') { $AuthUrl = 'https://{0}' -f $AuthUrl } $params.ServerUrl = $target = $AuthUrl $params.Header = @{'Authorization' = 'Bearer {0}' -f $AccessToken } } 'TppToken' { if ( -not $TppToken.AuthUrl -or -not $TppToken.AccessToken ) { throw 'Not a valid TppToken' } $params.ServerUrl = $target = $TppToken.AuthUrl $params.Header = @{'Authorization' = 'Bearer {0}' -f $TppToken.AccessToken } } Default { throw ('Unknown parameter set {0}' -f $PSCmdlet.ParameterSetName) } } Write-Verbose ($params | Out-String) if ( $PSCmdlet.ShouldProcess($target, 'Revoke token') ) { Invoke-TppRestMethod @params } } } |