Last active
May 2, 2020 19:39
-
-
Save HawaiiRyan/c136b0c90fad52742d34cb6c35a66d5f to your computer and use it in GitHub Desktop.
Get-credentials and base64 encode credentials at runtime to access Workspace ONE UEM API's
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$VerbosePreference = "Continue" | |
$script:config = "config.ini" | |
Write-Verbose -Message "The username is in the format domain\samAccountName" | |
function Test-APICred { | |
[CmdletBinding()] | |
[OutputType([String])] | |
Param ( | |
[Parameter( | |
Mandatory = $true, | |
ValueFromPipeLine = $true, | |
ValueFromPipelineByPropertyName = $true | |
)] | |
[Alias( | |
'PSCredential' | |
)] | |
[ValidateNotNull()] | |
[System.Management.Automation.PSCredential] | |
[System.Management.Automation.Credential()] | |
$script:Credentials | |
) | |
$script:Root = $null | |
$script:Username = $null | |
$script:Password = $null | |
If ($script:Credentials -eq $null) { | |
Try { | |
$script:Credentials = Get-Credential | |
} | |
Catch { | |
$ErrorMsg = $_.Exception.Message | |
Write-Verbose "Failed to get credentials: $ErrorMsg " | |
Pause | |
Break | |
} | |
} | |
# Checking module | |
Try { | |
# Split username and password | |
$script:Username = $credentials.username | |
$script:Password = $credentials.GetNetworkCredential().password | |
} | |
Catch { | |
$ErrorMsg = $_.Exception.Message | |
Write-Verbose "Failed to get credentials, $ErrorMsg " | |
Pause | |
Break | |
} | |
} | |
Test-APICred | |
Write-Verbose -Message "The username is $UserName" | |
Write-Verbose -Message "Starting to create base64 encoded credentials...." | |
Function Set-Base64 { | |
Write-Verbose -Message "The username to be encoded is $Username" | |
$script:pair = $Username, $Password -join ":" | |
$encoding = [System.Text.Encoding]::ASCII.GetBytes($pair) | |
$script:b64 = [Convert]::ToBase64String($encoding) | |
If ($b64 -eq $null) { | |
Write-Verbose -Message "We do not have base 64 encoded credentials." | |
Break | |
} | |
Write-Verbose -Message "Base 64 encoded credentials created...." | |
} | |
Set-Base64 | |
Write-Verbose "Proceeding to the next function get the application ID for Chrome....." | |
Write-Verbose -Message "Getting the Chrome application to update the token...." | |
Function Get-ChromeID { | |
$script:chromeAppID = $null | |
$appToken = 'com.android.chrome' | |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
$filepath = Get-Location | |
$WS1Env = Get-Content -Path $filepath\$config | Select -Skip 1 | ConvertFrom-StringData | |
$addy = $WS1Env.Environment | |
$encodedString = "Basic " + $b64 | |
$apiKey = $WS1Env.apikey | |
$useJSON = "application/json" | |
$headers = @{"Authorization" = $encodedString; "aw-tenant-code" = $apiKey; "Accept" = $useJSON; "Content-Type" = $useJSON } | |
try { | |
$ServicePoint = [System.Net.ServicePointManager]::FindServicePoint($addy) | |
Write-Verbose -Message "Successfully opened service point connection" | |
$chrome = Invoke-RestMethod -Uri "$addy/API/mam/apps/search?bundleid=$appToken" -Headers $headers -TimeoutSec 45 | |
$chromeApp = $chrome.Application | |
$script:chromeAppID = $chromeApp.Id.Value | |
$ServicePoint.CloseConnectionGroup("") | |
Write-Verbose -Message "Successfully closed service point connection" | |
} | |
catch { | |
$ErrorMsg = $_.Exception.Message | |
Write-Warning "Failed to get Chrome application ID: $ErrorMsg " | |
Pause | |
Break | |
} | |
} | |
Get-ChromeID | |
Write-Host "$chromeAppID is the Chrome app ID" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment