functions/Core/Connect-Personio.ps1
function Connect-Personio { <# .Synopsis Connect-Personio .DESCRIPTION Connect to Personio Service .PARAMETER Credential The access token as a credential object to login This is the recommended way to use the function, due to security reason. Username has to be the Client_ID from api access manament of Personio Password has to be the Client_Secret from api access manament of Personio .PARAMETER ClientId The Client_ID from api access manament of Personio Even if prodived as a logon method, due to best practices and security reason, you should consider to use the Credential parameter to connect! .PARAMETER ClientSecret The Client_Secret from api access manament of Personio Even if prodived as a logon method, due to best practices and security reason, you should consider to use the Credential parameter to connect! .PARAMETER URL Name of the service to connect to. Default is 'https://api.personio.de' as predefined value, but you can -for whatever reason- change the uri if needed. .PARAMETER APIVersion Version of API endpoint to use Default is 'V1' .PARAMETER PassThru Outputs the token to the console .PARAMETER Confirm If this switch is enabled, you will be prompted for confirmation before executing any operations that change state. .EXAMPLE PS C:\> Connect-Personio -Credential (Get-Credential "ClientID") Connects to "api.personio.de" with the specified credentials. Connection will be set as default connection for any further action. .NOTES Author: Andreas Bellstedt .LINK https://github.com/AndiBellstedt/PSPersonio #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")] [CmdletBinding( DefaultParameterSetName = 'Credential', SupportsShouldProcess = $false, PositionalBinding = $true, ConfirmImpact = 'Medium' )] Param( [Parameter( Mandatory = $true, ParameterSetName = 'Credential' )] [Alias("Token", "AccessToken", "APIToken")] [System.Management.Automation.PSCredential] $Credential, [Parameter( Mandatory = $true, ParameterSetName = 'PlainText' )] [Alias("Id")] [string] $ClientId, [Parameter( Mandatory = $true, ParameterSetName = 'PlainText' )] [Alias("Secret")] [string] $ClientSecret, [ValidateNotNullOrEmpty()] [Alias("ComputerName", "Hostname", "Host", "ServerName")] [uri] $URL = 'https://api.personio.de', [ValidateNotNullOrEmpty()] [Alias("Version")] [string] $APIVersion = "v1", [switch] $PassThru ) begin { } process { } end { # Variable preperation [uri]$uri = $URL.AbsoluteUri + $APIVersion.Trim('/') [string]$applicationIdentifier = Get-PSFConfigValue -FullName 'PSPersonio.WebClient.ApplicationIdentifier' -Fallback "PSPersonio" [string]$partnerIdentifier = Get-PSFConfigValue -FullName 'PSPersonio.WebClient.PartnerIdentifier' -Fallback "" # Security checks if ($PsCmdlet.ParameterSetName -eq 'PlainText') { Write-PSFMessage -Level Warning -Message "You use potential unsecure login method! Even if prodived as a logon method, due to best practices and security reason, you should consider to use the Credential parameter to connect. Please take care about security and try to avoid plain text credentials." -Tag "Connection", "New", "Security", "PlainText" } # Extrect credential if ($PsCmdlet.ParameterSetName -eq 'Credential') { [string]$ClientId = $Credential.UserName [string]$ClientSecret = $Credential.GetNetworkCredential().Password } # Invoke authentication Write-PSFMessage -Level Verbose -Message "Authenticate '$($ClientId)' as application '$($applicationIdentifier)' to service '$($uri.AbsoluteUri)'" -Tag "Connection", "Authentication", "New" $body = @{ "client_id" = $($ClientId) "client_secret" = $($ClientSecret) } $paramRestMethod = @{ "Uri" = "$($uri.AbsoluteUri)/auth" "Headers" = @{ "X-Personio-Partner-ID" = $partnerIdentifier "X-Personio-App-ID" = $applicationIdentifier "accept" = "application/json" "content-type" = "application/json" } "Body" = ($body | ConvertTo-Json) "Method" = "POST" "Verbose" = $false "Debug" = $false "ErrorAction" = "Stop" "ErrorVariable" = "invokeError" } try { $response = Invoke-RestMethod @paramRestMethod -ContentType 'application/json' } catch { Stop-PSFFunction -Message "Error invoking rest call on service '$($uri.AbsoluteUri)'. $($invokeError)" -Tag "Connection", "Authentication", "New" -EnableException $true -Cmdlet $pscmdlet } # Check response if ($response.success -notlike "True") { Stop-PSFFunction -Message "Service '$($uri.AbsoluteUri)' processes the authentication request, but response does not succeed" -Tag "Connection", "Authentication", "New" -EnableException $true -Cmdlet $pscmdlet } elseif (-not $response.data.token) { Stop-PSFFunction -Message "Something went wrong on authenticating user '$($ClientId)'. No token found in authentication respeonse. Unable login to service '$($uri.AbsoluteUri)'" -Tag "Connection", "Authentication", "New" -EnableException $true -Cmdlet $pscmdlet } else { Set-PSFConfig -Module 'PSPersonio' -Name 'API.URI' -Value $uri.AbsoluteUri } # Create output token Write-PSFMessage -Level Verbose -Message "Set Personio.Core.AccessToken" -Tag "Connection", "AccessToken", "New" $token = New-AccessToken -RawToken $response.data.token -ClientId $ClientId # Register AccessToken for further commands Register-AccessToken -Token $token Write-PSFMessage -Level Significant -Message "Connected to service '($($token.ApiUri))' with ClientId '$($token.ClientId)'. TokenId: $($token.TokenID) valid for $($token.AccessTokenLifeTime.toString())" -Tag "Connection" # Output if passthru if ($PassThru) { Write-PSFMessage -Level Verbose -Message "Output Personio.Core.AccessToken to console" -Tag "Connection", "AccessToken", "New" $token } # Cleanup Clear-Variable -Name paramRestMethod, uri, applicationIdentifier, partnerIdentifier, ClientId, ClientSecret, Credential, response, token -Force -WhatIf:$false -Confirm:$false -Debug:$false -Verbose:$false -ErrorAction Ignore -WarningAction Ignore -InformationAction Ignore } } |