This repository has been archived by the owner on Jun 7, 2022. It is now read-only.
/
Revoke-TppToken.ps1
120 lines (91 loc) · 3.49 KB
/
Revoke-TppToken.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<#
.SYNOPSIS
Revoke a token
.DESCRIPTION
Revoke a token and invalidate the refresh token if provided/available.
This could be an access token retrieved from this module or from other means.
.PARAMETER AuthServer
Server name or URL for the vedauth service
.PARAMETER AccessToken
Access token to be revoked
.PARAMETER TppToken
Token object obtained from New-TppToken
.PARAMETER TppSession
Session object created from New-TppSession method. The value defaults to the script session object $TppSession.
.INPUTS
TppToken
.OUTPUTS
Version
.EXAMPLE
Revoke-TppToken
Revoke token stored in session variable from New-TppSession
.EXAMPLE
Revoke-TppToken -AuthServer venafi.company.com -AccessToken x7xc8h4387dkgheysk
Revoke a token obtained from TPP, not necessarily via VenafiTppPS
.LINK
http://venafitppps.readthedocs.io/en/latest/functions/Revoke-TppToken/
.LINK
https://github.com/gdbarron/VenafiTppPS/blob/main/VenafiTppPS/Code/Public/Revoke-TppToken.ps1
.LINK
https://docs.venafi.com/Docs/20.1SDK/TopNav/Content/SDK/AuthSDK/r-SDKa-GET-Revoke-Token.php?tocpath=Auth%20SDK%20reference%20for%20token%20management%7C_____13
#>
function Revoke-TppToken {
[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High', DefaultParameterSetName = 'Session')]
param (
[Parameter(Mandatory, ParameterSetName = 'AccessToken')]
[ValidateScript( {
if ( $_ -match '^(https?:\/\/)?(((?!-))(xn--|_{1,1})?[a-z0-9-]{0,61}[a-z0-9]{1,1}\.)*(xn--)?([a-z0-9][a-z0-9\-]{0,60}|[a-z0-9-]{1,30}\.[a-z]{2,})$' ) {
$true
} else {
throw 'Please enter a valid server, https://venafi.company.com or venafi.company.com'
}
}
)]
[string] $AuthServer,
[Parameter(Mandatory, ParameterSetName = 'AccessToken')]
[string] $AccessToken,
[Parameter(Mandatory, ParameterSetName = 'TppToken', ValueFromPipeline)]
[pscustomobject] $TppToken,
[Parameter(ParameterSetName = 'Session')]
[TppSession] $TppSession = $Script:TppSession
)
begin {
$params = @{
Method = 'Get'
UriRoot = 'vedauth'
UriLeaf = 'Revoke/Token'
}
}
process {
Write-Verbose ('Parameter set: {0}' -f $PSCmdlet.ParameterSetName)
switch ($PsCmdlet.ParameterSetName) {
'Session' {
$params.TppSession = $TppSession
$target = $TppSession.ServerUrl
}
'AccessToken' {
$AuthUrl = $AuthServer
# add prefix if just server was provided
if ( $AuthServer -notlike 'https://*') {
$AuthUrl = 'https://{0}' -f $AuthUrl
}
$params.ServerUrl = $target = $AuthUrl
$params.Header = @{'Authorization' = 'Bearer {0}' -f $AccessToken }
}
'TppToken' {
if ( -not $TppToken.AuthUrl -or -not $TppToken.AccessToken ) {
throw 'Not a valid TppToken'
}
$params.ServerUrl = $target = $TppToken.AuthUrl
$params.Header = @{'Authorization' = 'Bearer {0}' -f $TppToken.AccessToken }
}
Default {
throw ('Unknown parameter set {0}' -f $PSCmdlet.ParameterSetName)
}
}
Write-Verbose ($params | Out-String)
if ( $PSCmdlet.ShouldProcess($target, 'Revoke token') ) {
Invoke-TppRestMethod @params
}
}
}