Open mattmcnabb opened 5 years ago
crou
commented
5 years ago The error is related to the Semicolon in the authorization header. Strict header parsing is now enabled by default on PSCore (as defined in the RFC).
-SkipHeaderValidation must be added to invoke-restmethod, or add it globally in default settings: $PSDefaultParameterValues['Invoke-RestMethod:SkipHeaderValidation'] = $true
mattmcnabb
commented
5 years ago @crou thanks for figuring that out. I haven't really tested this module against PS Core, but I haven't prevented it being run on core either. This biggest problem for me is that the error message includes the value of the client secret, which I need to figure out how to handle properly. I'm thinking I could simply scrub text matching the client secret out of any trapped errors before they are streamed out to the user.
Currently this module does not work in PowerShell Core. when you attempt to run Connect-OneLogin, Invoke-restmethod returns an error that includes the value of the client secret. This needs to be fixed ASAP as a security flaw.