Public/OAuth2/Get-UserInfo.ps1
<# .SYNOPSIS Returns details of the resource owner associated with the supplied access token .DESCRIPTION Returns a PSObject of claims about a user associated with the supplied access token. The claims returned are ones approved by the user when the access tokens were granted. For example, in an authorization code grant flow, the client would have to request the scope's email and profile. The user would be prompted at one point to grant consent for that information. Only the granted claims are returned to the client. The "sub" claim is always returned. For any other claim, if it is either 1) requested but not available, or 2) not requested, then the entire field will not be returned in the response. This implementation is based on the OpenID Connect specification: . .INPUTS A token .OUTPUTS A UserInfo PSObject .PARAMETER Token A token to evaluate. If not supplied then the current user token is used. .EXAMPLE $userinfo = Get-UserInfo .LINK https://www.hsdp.io/documentation/identity-and-access-management-iam/api-documents/resource-reference-api/user-api-v2#/User%20Identity/get_authorize_identity_User .NOTES GET: /authorize/oauth2/userinfo v2 #> # https://www.hsdp.io/documentation/identity-and-access-management-iam/api-documents/resource-reference-api/oauth2-api-v2#/OpenID%20Connect%20UserInfo/userInfoUsingGET function Get-UserInfo { [CmdletBinding()] [OutputType([PSObject])] param( [Parameter(Position = 0, ValueFromPipeline)] [String]$Token ) begin { Write-Verbose "[$($MyInvocation.MyCommand.Name)] Function started" } process { Write-Debug "[$($MyInvocation.MyCommand.Name)] PSBoundParameters: $($PSBoundParameters | Out-String)" if (-not $PSBoundParameters.ContainsKey('Token')) { $Token = Get-Token } Write-Output (Invoke-ApiRequest -Path "/authorize/oauth2/userinfo" -Version 2 -Base (Get-Config).IamUrl -Method "Get" -Authorization "Bearer $($Token)") } end { Write-Verbose "[$($MyInvocation.MyCommand.Name)] Complete" } } |