PSApigeeEdge

0.2.16

Public/Get-EdgeNewAdminToken.ps1

                                Function Get-EdgeNewAdminToken {

    <#

    .SYNOPSIS

        Gets an OAuth token for Edge Administration.

    .DESCRIPTION

        Gets an OAuth token for Edge Administration. This works only with Edge SaaS.

        You must have previously called Set-EdgeConnection to specify the user + password.

        In fact this cmdlet gets called implicitly by Set-EdgeConnection as necessary.

        You probably do not need to call it directly. 

    .PARAMETER MfaCode

        Optional. The MFA code for authenticating, if your user requires it.

    .LINK

        Set-EdgeConnection

    .LINK

        Get-EdgeStashedAdminToken

    .FUNCTIONALITY

        ApigeeEdge

    #>

    [cmdletbinding()]

    param([string]$MfaCode)

    PROCESS {

        if ($PSBoundParameters['Debug']) {

            $DebugPreference = 'Continue'

        }

        $MgmtUri = $MyInvocation.MyCommand.Module.PrivateData.Connection['MgmtUri']

        if (! $MgmtUri.Equals("https://api.enterprise.apigee.com") ) {

            throw [System.InvalidOperationException] "You can get a token only when connecting to Edge SaaS."

        }

        $User = $MyInvocation.MyCommand.Module.PrivateData.Connection['User']

        $SecurePass = $MyInvocation.MyCommand.Module.PrivateData.Connection['SecurePass']

        $Pass = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($SecurePass))

        $IRMParams = @{

            Uri = 'https://login.apigee.com/oauth/token'

            Method = 'POST'

            Headers = @{

                Accept = 'application/json'

                Authorization = 'Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0'

            }

            Body = @{

                username = $User

                password = $Pass

                grant_type = "password"

                # TODO : handle mfa code here

            }

        }

        if ($MfaCode) {

            $IRMParams.Body.Add('mfa_token', $MfaCode)

        }

        Write-Debug ( "Running $($MyInvocation.MyCommand).`n" +

                      "Invoke-RestMethod parameters:`n$($IRMParams | Format-List | Out-String)" )

        Try {

            $TokenResult = Invoke-RestMethod @IRMParams

            Write-Debug "Raw:`n$($TokenResult | Out-String)"

            Write-Debug ("TokenResult type: " + $TokenResult.GetType().ToString())

            if ($TokenResult -and $TokenResult.psobject -and $TokenResult.psobject.properties) {

                Add-Member -InputObject $TokenResult -MemberType NoteProperty -Name "issued_at" -Value $(Get-NowMilliseconds)

                Write-Debug "Updated:`n$($TokenResult | Out-String)"

                Write-EdgeTokenStash -User $User -NewToken $TokenResult

            }

        }

        Catch {

            Throw $_

        }

        Finally {

            Remove-Variable IRMParams

            Remove-Variable Pass

            Remove-Variable SecurePass

            Remove-Variable User

        }

        Get-EdgeStashedAdminToken

    }

}