New-TppToken¶
SYNOPSIS¶
Get a new access token or refresh an existing one
SYNTAX¶
Integrated (Default)¶
New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> [-State <String>]
[-SkipCertificateCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
RefreshToken¶
New-TppToken -AuthServer <String> -ClientId <String> -RefreshToken <PSCredential> [-SkipCertificateCheck]
[-WhatIf] [-Confirm] [<CommonParameters>]
Jwt¶
New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> -Jwt <String> [-SkipCertificateCheck]
[-WhatIf] [-Confirm] [<CommonParameters>]
Certificate¶
New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> -Certificate <X509Certificate>
[-SkipCertificateCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
OAuth¶
New-TppToken -AuthServer <String> -ClientId <String> -Scope <Hashtable> -Credential <PSCredential>
[-State <String>] [-SkipCertificateCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
RefreshSession¶
New-TppToken [-SkipCertificateCheck] -VenafiSession <VenafiSession> [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION¶
Get an access token and refresh token (if enabled) to be used with New-VenafiSession or other scripts/utilities that take such a token. You can also refresh an existing access token if you have the associated refresh token. Authentication can be provided as integrated, credential, or certificate.
EXAMPLES¶
EXAMPLE 1¶
New-TppToken -AuthServer 'https://mytppserver.example.com' -Scope @{ Certificate = "manage,discover"; Configuration = "manage" } -ClientId 'MyAppId' -Credential $credential
Get a new token with OAuth
EXAMPLE 2¶
New-TppToken -AuthServer 'mytppserver.example.com' -Scope @{ Certificate = "manage,discover"; Configuration = "manage" } -ClientId 'MyAppId'
Get a new token with Integrated authentication
EXAMPLE 3¶
New-TppToken -AuthServer 'mytppserver.example.com' -Scope @{ Certificate = "manage,discover"; Configuration = "manage" } -ClientId 'MyAppId' -Certificate $cert
Get a new token with certificate authentication
EXAMPLE 4¶
New-TppToken -AuthServer 'mytppserver.example.com' -ClientId 'MyApp' -RefreshToken $refreshCred
Refresh an existing access token by providing the refresh token directly
EXAMPLE 5¶
New-TppToken -VenafiSession $mySession
Refresh an existing access token by providing a VenafiSession object
PARAMETERS¶
-AuthServer¶
Auth server or url, eg. venafi.company.com
Type: String
Parameter Sets: Integrated, RefreshToken, Jwt, Certificate, OAuth
Aliases: Server
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ClientId¶
Applcation Id configured in Venafi for token-based authentication
Type: String
Parameter Sets: Integrated, RefreshToken, Jwt, Certificate, OAuth
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Scope¶
Hashtable with Scopes and privilege restrictions. The key is the scope and the value is one or more privilege restrictions separated by commas. A privilege restriction of none or read, use a value of $null. Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics. See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php Using a scope of {'all'='core'} will set all scopes except for codesignclient and admin. Using a scope of {'all'='core-cs'} will set all scopes inclduing codesignclient except for admin. Using a scope of {'all'='admin'} will set all scopes including admin. Using a scope of {'all'='admin-cs'} will set all scopes including admin. Usage of the 'all' scope is not suggested for production.
Type: Hashtable
Parameter Sets: Integrated, Jwt, Certificate, OAuth
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Credential¶
Username / password credential used to request API Token
Type: PSCredential
Parameter Sets: OAuth
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-State¶
A session state, redirect URL, or random string to prevent Cross-Site Request Forgery (CSRF) attacks
Type: String
Parameter Sets: Integrated, OAuth
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Jwt¶
JSON web token. Available in TPP v22.4 and later. Ensure jwt mapping has been configured in VCC, Access Management->JWT Mappings.
Type: String
Parameter Sets: Jwt
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Certificate¶
Certificate used to request API token. Certificate authentication must be configured for remote web sdk clients, https://docs.venafi.com/Docs/current/TopNav/Content/CA/t-CA-ConfiguringInTPPandIIS-tpp.php.
Type: X509Certificate
Parameter Sets: Certificate
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-RefreshToken¶
Provide RefreshToken along with ClientId to obtain a new access and refresh token. Format should be a pscredential where the password is the refresh token.
Type: PSCredential
Parameter Sets: RefreshToken
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SkipCertificateCheck¶
{{ Fill SkipCertificateCheck Description }}
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-VenafiSession¶
VenafiSession object created from New-VenafiSession method.
Type: VenafiSession
Parameter Sets: RefreshSession
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf¶
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm¶
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters¶
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.