Pax8API/Public/Connect-Pax8.ps1

function Connect-Pax8 {
    [CmdletBinding()]
    param (
        [pscredential]$Credential,

        [string]$ClientId,

        [string]$ClientSecret,

        [ArgumentCompletions('Partner', 'Provisioning', 'Usage', 'LegacyPartner', 'https://api.pax8.com', 'api://provisioning', 'api://usage')]
        [string]$Audience,

        [uri]$BaseUri,

        [uri]$TokenUri,

        [switch]$PassThru
    )

    if (-not $Credential) {
        if ([string]::IsNullOrWhiteSpace($ClientId)) {
            $ClientId = Get-Pax8EnvironmentValue -Name 'PAX8_CLIENT_ID', 'PAX8_CLIENTID', 'Pax8_ClientId'
        }

        if ([string]::IsNullOrWhiteSpace($ClientSecret)) {
            $ClientSecret = Get-Pax8EnvironmentValue -Name 'PAX8_CLIENT_SECRET', 'PAX8_CLIENTSECRET', 'Pax8_ClientSecret'
        }

        if ([string]::IsNullOrWhiteSpace($ClientId) -or [string]::IsNullOrWhiteSpace($ClientSecret)) {
            throw "Pax8 credentials were not supplied. Pass -Credential, pass -ClientId/-ClientSecret, or set PAX8_CLIENT_ID and PAX8_CLIENT_SECRET."
        }

        $Credential = [pscredential]::new($ClientId, (ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force))
    }

    if ([string]::IsNullOrWhiteSpace($Audience)) {
        $Audience = Get-Pax8EnvironmentValue -Name 'PAX8_AUDIENCE'
    }

    $resolvedAudience = Resolve-Pax8Audience -Audience $Audience

    if (-not $BaseUri) {
        $baseUriText = Get-Pax8EnvironmentValue -Name 'PAX8_BASE_URI'
        if ($baseUriText) {
            $BaseUri = [uri]$baseUriText
        }
    }

    if (-not $TokenUri) {
        $tokenUriText = Get-Pax8EnvironmentValue -Name 'PAX8_TOKEN_URI'
        if ([string]::IsNullOrWhiteSpace($tokenUriText)) {
            $tokenUriText = 'https://api.pax8.com/v1/token'
        }
        $TokenUri = [uri]$tokenUriText
    }

    $secretText = ConvertFrom-Pax8SecureString -SecureString $Credential.Password
    $body = [ordered]@{
        client_id = $Credential.UserName
        client_secret = $secretText
        audience = $resolvedAudience
        grant_type = 'client_credentials'
    }

    $response = Invoke-Pax8RestMethod -Uri $TokenUri -Method POST -Body $body -Anonymous
    if (-not $response.access_token) {
        throw "Pax8 token response did not include an access_token."
    }

    $expiresIn = if ($response.expires_in) { [int]$response.expires_in } else { 3600 }
    $script:Pax8Session.AccessToken = [string]$response.access_token
    $script:Pax8Session.ExpiresAt = [datetimeoffset]::UtcNow.AddSeconds($expiresIn)
    $script:Pax8Session.Audience = $resolvedAudience
    $script:Pax8Session.Credential = $Credential
    $script:Pax8Session.BaseUri = $BaseUri
    $script:Pax8Session.TokenUri = $TokenUri
    $script:Pax8Session.LastConnectedAt = [datetimeoffset]::UtcNow

    $context = Get-Pax8Context
    if ($PassThru) {
        $context
    } else {
        Write-Verbose "Connected to Pax8 audience '$resolvedAudience'. Token expires at $($context.ExpiresAt)."
    }
}