search

Badgerati / Pode

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers
https://badgerati.github.io/Pode
MIT License
855 stars 94 forks source link

Using the Access Token #1374

Open Dylan-Prins opened 2 months ago

Dylan-Prins commented 2 months ago

Question

I want to use the access token generated from Add-PodeAuth in other WebPAges. I cant find how to do this

mdaneri commented 2 months ago

Please take a look at the examples and the tutorial. You should be able to find your answer. https://github.com/Badgerati/Pode/blob/develop/examples/web-auth-apikey-jwt.ps1

Documentation: https://badgerati.github.io/Pode/Tutorials/Authentication/Methods/ApiKey/

Dylan-Prins commented 2 months ago

I cant find the answer :(

I have the following code:

Add-PodeWebPage -Name 'Subscriptions' -Icon 'Settings' -ArgumentList $accesstoken -ScriptBlock {
        param($Accesstoken)

        New-PodeWebCard -Content @(
            New-PodeWebTable -Name 'Subscriptions' -ArgumentList $accesstoken -ScriptBlock {
                param($Accesstoken)
                $config = Get-PodeConfig

                $tenantid = $config.tenantId
                $Uri = "https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token"
                $Headers = @{'Content-Type' = 'application/x-www-form-urlencoded' }
                $Method = 'POST'
                $Body = @{
                    grant_type          = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
                    scope               = 'https://management.azure.com/.default'
                    client_id           = $config.clientId
                    client_secret       = $config.clientSecret
                    assertion           = $accessToken
                    requested_token_use = 'on_behalf_of'
                }

                $token = (Invoke-WebRequest -Uri $Uri -Method $Method -Headers $Headers -Body $body).Content | ConvertFrom-Json -Depth 10

                $uri = "https://management.azure.com/subscriptions?api-version=2022-12-01"

                # Set up the headers, including the authorization token
                $headers = @{
                    "Authorization" = "Bearer $($token.access_token)"
                    "Content-Type"  = "application/json"
                }

                (Invoke-RestMethod -Uri $uri -Method Get -Headers $headers).value | Select-Object DisplayName, SubscriptionId, State
            }
        )
    }

I am looking for a way to not have access tokens as parameters. I guess I could save them as secret, but it is only for a session.

mdaneri commented 2 months ago

This is a Pode.Web question. You posted on the wrong forum. It looks like Add-PodeWebPage is missing the Authentication parameter. I suggest to post this question in Discord

Badgerati commented 2 months ago

Hey @Dylan-Prins,

It looks like you're using OAuth with AAD? There's a write-up of it here: https://badgerati.github.io/Pode/Tutorials/Authentication/Inbuilt/AzureAD/#full-example

The $accessToken will be available as a parameter to the scriptblock supplied to Add-PodeAuth. You can either add the access token to the $user object returned and be able to retrieve it via $WebEvent.Auth.User in your page/table. Or, you could add it to the user's session in the Add-PodeAuth script via $WebEvent.Session.Data.AccessToken = $accessToken, and the retrieve accordingly as well.

Hope that helps :)