Functions/Get-GSuiteAccessToken.ps1

<#
.SYNOPSIS
    This function uses a permanent refresh token to get a temporary GSuite access token.
#>

function Get-GSuiteAccessToken {
    [CmdletBinding(PositionalBinding=$false)]
    [OutputType([String])]
    param (
        # The application ID of the Google web application.
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [String]$applicationId,

        # The client secret of the Google web application.
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [String]$clientSecret,

        # The refresh token.
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [String]$refreshToken,

        # Select the stream where the messages will be directed.
        [Parameter(Mandatory=$false)]
        [ValidateSet("Information", "Warning", "Error", "None")]
        [String]$outputStream = "Error"
    )

    # Construct the REST call
    $invokeRestMethodParams = @{
        Uri     = "https://www.googleapis.com/oauth2/v4/token"
        Method  = "POST"
        Headers = @{
            "Content-Type" = "application/json"
        }
        Body    = @{
            client_id     = $applicationId
            client_secret = $clientSecret
            grant_type    = "refresh_token"
            refresh_token = $refreshToken
        } | ConvertTo-Json
    }

    # Invoke the REST call
    Write-Information "Retrieving the GSuite access token using the refresh token"
    try {
        $response = Invoke-RestMethod @invokeRestMethodParams
    }
    catch {
        Write-OutputMessage "Exception occurred while retrieving the GSuite access token.`r`n$($_.Exception.Message)" -OutputStream $outputStream -ReturnMessage:$false
        return $null
    }

    # Verify the response
    if ($null -eq $response -or $response.expires_in -le 0 -or [String]::IsNullOrWhiteSpace($response.access_token)) {
        Write-OutputMessage "Failed to retrieve the GSuite access token." -OutputStream $outputStream -ReturnMessage:$false
        return $null
    }

    # Return the access token
    return $response.access_token
}