Thycotic.SecretServer

0.10.0-beta

functions/New-TssSession.ps1

                                function New-TssSession {

    [cmdletbinding(SupportsShouldProcess)]

    param(

        [Parameter(ParameterSetName = 'New')]

        [Alias('Server')]

        [uri]

        $SecretServer,

        # Specify a Secret Server user account.

        [Parameter(ParameterSetName = 'New')]

        [PSCredential]

        [Management.Automation.CredentialAttribute()]

        $Credential,

        # Utilize Refresh Token in TssSession to re-authenticate

        [Parameter(ParameterSetName = 'Refresh')]

        [switch]

        $UseRefreshToken,

        # Secret Server Web Services can utilize a refresh token.

        # Default is 3, provide configured value to allow AutoConnect.

        [Parameter(ParameterSetName = 'New')]

        [int]

        $RefreshLimit,

        # In conjunction with RefreshLimit will utilize the refresh token to re-authenticate up to the limit.

        [Parameter(ParameterSetName = 'New')]

        [switch]

        $AutoReconnect,

        # A module session variable is used to collect output.

        # This switch can be provided to bypass use of that variable.

        # Raw output from the endpoint will be returned.

        [Parameter(ParameterSetName = 'New')]

        [Parameter(ParameterSetName = 'Refresh')]

        [switch]

        $Raw

    )

    begin {

        $invokeParams = . $GetInvokeTssParams $PSBoundParameters

        $newTssParams = . $GetNewTssParams $PSBoundParameters

    }

    process {

        if ($newTssParams.Contains('SecretServer') -and $newTssParams.Contains('Credential')) {

            $TssSession.SecretServerUrl = $SecretServer

        }

        . $TestTssSession -Session

        $uri = $TssSession.SecretServerUrl, "oauth2/token" -join '/'

        $postContent = [Ordered]@{ }

        if ($UseRefreshToken) {

            . $TestTssSession -Refresh

            $postContent.grant_type = 'refresh_token'

            $postContent.refresh_token = $TssSession.RefreshToken

        }

        if ($Credential) {

            $postContent.username = $Credential.UserName

            $postContent.password = $Credential.GetNetworkCredential().Password

            $postContent.grant_type = 'password'

        }

        $invokeParams.Uri = $Uri

        $invokeParams.Body = $postContent

        $invokeParams.Method = 'POST'

        if (-not $PSCmdlet.ShouldProcess("POST $uri")) { return }

        $response = Invoke-TssRestApi @invokeParams

        if ($response.access_token) {

            $TssSession.AuthToken = $response.access_token

            $TssSession.RefreshToken = $response.refresh_token

            $TssSession.RefreshCount = if ($postContent.grant_type -eq 'refresh_token') { $TssSession.RefreshCount - 1 } else { $RefreshLimit }

            $TssSession.ExpiresInSec = $response.expires_in

            $TssSession.StartTime = [datetime]::UtcNow

            $TssSession.TimeOfDeath = [datetime]::UtcNow.Add([timespan]::FromSeconds($response.expires_in))

            $TssSession.AutoReconnect = $AutoReconnect

        }

        if ($response.access_token -and $Raw) {

            return $response

        }

    }

}