Powershell script to automate scim call

aditya_pathak · February 3, 2022, 1:40am

Hi Experts,

I am writing a PS script to call a workflow but seem to have hit a roadblock in the auth part itself . I have already configured an oAuth 2.0 client in IIQ.

trying below via powershell ISE gives the below error -
$clientID = ‘kLp2rEumBHZRflEJDm41cUcn2DwfVrnR’
$secret = ‘YONTq07UDlDNlPZh’
$credential = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($clientID + “:” + $secret))

$splat = @{
Method = ‘POST’
uri = ‘http://seri.sailpointdemo.com:8080/identityiq/oauth2/token’
ContentType = ‘application/x-www-form-urlencoded’
Body = ‘grant-type=client_credentials’
Headers = @{Authorization = $credential}
UseBasicParsing = $true
}

PS C:\Windows\system32> $credential
Basic a0xwMnJFdW1CSFpSZmxFSkRtNDFjVWNuMkR3ZlZyblI6WU9OVHEwN1VEbERObFBaaA==

PS C:\Windows\system32> $splat

Name Value

Body grant-type=client_credentials
UseBasicParsing True
Method POST
uri http://seri.sailpointdemo.com:8080/identityiq/oauth2/token
ContentType application/x-www-form-urlencoded
Headers {Authorization}

PS C:\Windows\system32> $result = Invoke-WebRequest @splat
$resultJSON = ConvertFrom-Json $result.Content
$tokenBearer = $resultJSON.token_type
$token = $resultJSON.access_token
Invoke-WebRequest : {“error”:“invalid_grant”}
At line:1 char:11

$result = Invoke-WebRequest @splat
```
      ~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
- FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
  ConvertFrom-Json : Cannot bind argument to parameter ‘InputObject’ because it is null.
  At line:2 char:32
$resultJSON = ConvertFrom-Json $result.Content
```
                           ~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidData: ( [ConvertFrom-Json], ParameterBindingValidationException
- FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

If i try the uri directly i get

Please advise what im missing here. Does it mean server doesn’t support Oauth 2 ?

@colin_mckibben

adam_creaney · February 4, 2022, 2:24pm

Hi @aditya_pathak,

Can you change your

Body = ‘grant-type=client_credentials’

to

Body = ‘grant_type=client_credentials’ with the underscore in grant_type? The server definitely supports OAuth, so we should be able to get this working no problem.

aditya_pathak · February 8, 2022, 6:36am

thanks @adam_creaney

Topic		Replies	Views
Scheduled IIQ Workflows execution with PowerShell IIQ Community Knowledge Base workflows	0	1222	April 12, 2023
Scheduled SailPoint IdentityIQ Workflow Execution Using PowerShell Community Blog	2	1826	March 8, 2024
IIQ SCIM API Token Generation IIQ Discussion and Questions apis , identityiq	3	550	February 12, 2024
IIQ Password Interceptor rest API Call IIQ Discussion and Questions	5	2515	July 19, 2023
I am working on creating a powershell script to create roles ISC Discussion and Questions apis , identity-security-cloud , roles	11	321	August 5, 2024

Powershell script to automate scim call

Related topics