Error getting token in PowerShell Script

dernc · November 3, 2021, 7:03pm

I had a script working back in January that would query IDN for certificaion campaigns and email the owners. A workaround to not having flexible email reminders in IDN. Months later I’m trying to modify so I could schedule queries on some test identities but my original script is now getting errors when trying to get a token.

Am wondering if I introduced an error and forgot about it or if something has changed that the authentication flow doesn’t work the same anymore. I’ve confirmed the api pair is valid and has auth code and client credentials grant types. Also tried using personal access token.

Would appreciate if anyone can spot the issue or give a working PS example of getting a token and using for a v3 call. Specifically will be doing a GET to {{api-url}}/v3/search/

#sandbox
$ClientID = "XXXXXXXXXXXXXXXXXXXXXXXXX"
$SecretID = "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
$pair = "$($ClientID):$($SecretID)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($pair))
$BasicAuth1 = "Basic $encodedCreds"

#Get credentials and encrypt them
$tokenParam = @{
               URI = 'https://my-tenant.api.identitynow.com/oauth/token'
               Body="grant_type=client_credentials"
               Headers = @{'Authorization' = "$BasicAuth1";"Content-Type"='application/x-www-form-urlencoded;application/json;charset=UTF-8'}
               Method = 'POST'
               
}
$tokenResponse = Invoke-RestMethod @tokenParam
$token = $tokenResponse.access_token

#Script errors here with "Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send."
 
$params = @{
               Uri = "https://my-tenant.api.identitynow.com/v3/certifications?limit=250"
               Headers = @{'Authorization' = "Bearer $token"}
               Method = 'GET'
}
$response = Invoke-RestMethod @params

#Response should contain certifications - parse through them and send email 
foreach($r in $response) {
               $reviewerEmail =  $r.reviewer.email
               $reviewerName =   $r.reviewer.name
               $campaignName =   $r.campaign.name
               $IDs =            $r.identitiesTotal                       
               $reviewerEmail =  $r.reviewer.email
               $start =          $r.created
               $due =            $r.due.Substring(0,10)
               $stat =           $r.phase
               $completed =      $r.completed 
               $decisionsTotal = $r.decisionsTotal              
               $count++
               # call sendEmail function 
               Write-Output "$reviewerName ^ $reviewerEmail ^ $campaignName ^ $due ^ $stat ^ $IDs ^ $decisionsTotal"  >> 'C:\temp\output.txt'
                                
  }  #end foreach
} #end while
Write-Output "All pau. Certifications count: $count"

colin_mckibben · November 4, 2021, 2:41pm

Hi @dernc,

As far as I know, we don’t support basic auth for our OAuth endpoint. You will need to provide the clientId and clientSecret directly in the URL that you send to our OAuth endpoint. Since this is a script that will likely need a user context associated with it (i.e. to run admin commands), I recommend you generate a personal access token, which will give you a clientId and clientSecret. You can then send the following request to generate an access_token.

POST https://{org}.api.identitynow.com/oauth/token?grant_type=client_credentials&client_id={clientId}&client_secret={clientSecret}

You don’t need a body or headers to send this request. You won’t need to make any changes to how you pass the $token in your v3 requests.