New-OAuthSecurityContext

Creates an OAuth2 security context object that you can use to authenticate to any system that is configured to trust the specified authentication server.

Syntax

-AuthorizationEndpointUrl  <Uri>
-ClientId  <String>
-RedirectUrl  <Uri>
-TokenEndpointUrl  <Uri>
[-ClientSecret  <SecureString>]
[-DisablePKCE]
[-IgnoreSslValidationErrors]
[-OtherArguments  <Hashtable>]
[-Scope  <String>]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
AuthorizationEndpointUrl
Uri named Specifies the base URL at the authentication server where users are redirected in order to authenticate. You can see this value in the openid-configuration file under the authorization_endpoint key.
required
ClientId
String named Specifies the ID of the OAuth client registered in the authentication server.
required
RedirectUrl
Uri named Specifies the Redirect URL associated with this OAuth client. This URL must be on localhost and a free port on the machine where PowerCLI is running. This URL must use the http schema.
required
TokenEndpointUrl
Uri named Specifies the URL where the authentication server listens for requests to issue access tokens. You can see this value in the openid-configuration file of the authentication server under the token_endpoint key.
optional
ClientSecret
SecureString named Specifies the client secret for this OAuth client (if the server requires a client secret).
optional
DisablePKCE
SwitchParameter named If specified, the authorization code exchange is not protected using the Proof Key for Code Exchange by OAuth Public Clients (https://tools.ietf.org/html/rfc7636). You can use this if the server cannot process the additional parameters introduced by PKCE.
optional
IgnoreSslValidationErrors
SwitchParameter named If specified, you can force the connection even if the SSL certificate of the server is not valid.
optional
OtherArguments
Hashtable named Specifies the hashtable of (string, string) pairs that represent arguments to the server-specific parameters.
optional
Scope
String named Specifies the OAuth2 scope of the access tokens that would be generated by this security context.

-ClientId  <String>
-ClientSecret  <SecureString>
-TokenEndpointUrl  <Uri>
[-IgnoreSslValidationErrors]
[-OtherArguments  <Hashtable>]
[-Scope  <String>]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
ClientId
String named Specifies the ID of the OAuth client registered in the authentication server.
required
ClientSecret
SecureString named Specifies the client secret for this OAuth client (if the server requires a client secret).
required
TokenEndpointUrl
Uri named Specifies the URL where the authentication server listens for requests to issue access tokens. You can see this value in the openid-configuration file of the authentication server under the token_endpoint key.
optional
IgnoreSslValidationErrors
SwitchParameter named If specified, you can force the connection even if the SSL certificate of the server is not valid.
optional
OtherArguments
Hashtable named Specifies the hashtable of (string, string) pairs that represent arguments to the server-specific parameters.
optional
Scope
String named Specifies the OAuth2 scope of the access tokens that would be generated by this security context.

-ClientId  <String>
-Password  <SecureString>
-TokenEndpointUrl  <Uri>
-Username  <String>
[-ClientSecret  <SecureString>]
[-IgnoreSslValidationErrors]
[-OtherArguments  <Hashtable>]
[-Scope  <String>]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
ClientId
String named Specifies the ID of the OAuth client registered in the authentication server.
required
Password
SecureString named Specifies the password of the user.
required
TokenEndpointUrl
Uri named Specifies the URL where the authentication server listens for requests to issue access tokens. You can see this value in the openid-configuration file of the authentication server under the token_endpoint key.
required
Username
String named Specifies the username of the user.
optional
ClientSecret
SecureString named Specifies the client secret for this OAuth client (if the server requires a client secret).
optional
IgnoreSslValidationErrors
SwitchParameter named If specified, you can force the connection even if the SSL certificate of the server is not valid.
optional
OtherArguments
Hashtable named Specifies the hashtable of (string, string) pairs that represent arguments to the server-specific parameters.
optional
Scope
String named Specifies the OAuth2 scope of the access tokens that would be generated by this security context.

-ClientId  <String>
-RefreshToken  <SecureString>
-TokenEndpointUrl  <Uri>
[-ClientSecret  <SecureString>]
[-IgnoreSslValidationErrors]
[-OtherArguments  <Hashtable>]
[-Scope  <String>]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
ClientId
String named Specifies the ID of the OAuth client registered in the authentication server.
required
RefreshToken
SecureString named Specifies the refresh token issued for this OAuth client.
required
TokenEndpointUrl
Uri named Specifies the URL where the authentication server listens for requests to issue access tokens. You can see this value in the openid-configuration file of the authentication server under the token_endpoint key.
optional
ClientSecret
SecureString named Specifies the client secret for this OAuth client (if the server requires a client secret).
optional
IgnoreSslValidationErrors
SwitchParameter named If specified, you can force the connection even if the SSL certificate of the server is not valid.
optional
OtherArguments
Hashtable named Specifies the hashtable of (string, string) pairs that represent arguments to the server-specific parameters.
optional
Scope
String named Specifies the OAuth2 scope of the access tokens that would be generated by this security context.

Output

VMware.VimAutomation.Common.Types.V1.Authentication.GenericOAuth2SecurityContext

Examples


Example 1

PS C:\> $oauthCtx = New-OAuthSecurityContext `
-TokenEndpointUrl "https:///adfs/oauth2/token/" `
-AuthorizationEndpointUrl "https:///adfs/oauth2/authorize/" `
-RedirectUrl "http://localhost:8844/auth" `
-ClientId "powercli-native" `
-OtherArguments @{ "resource" = "my-vcenter" }

Creates an OAuth2 security context object by authenticating through the authorization server using a browser. In this example, the authentication server is Microsoft Active Directory Federation Service. There is an Application Group with the ID of "my-vcenter". There is also a native client in that group with the ID of "powercli-native" and a redirect URL of "http://localhost:8844/auth".

Example 2

PS C:\> $oauthCtx = New-OAuthSecurityContext `
-TokenEndpointUrl "https:///adfs/oauth2/token/" `
-ClientId "powercli-service" `
-ClientSecret "...." `
-OtherArguments @{ "resource" = "my-vcenter" }

Creates an OAuth2 security context object by authenticating as a service application using the client ID and secret. In this example, the authentication server is Microsoft Active Directory Federation Service. There is an Application Group with the ID of "my-vcenter". There is also a native client in that group with the ID of "powercli-service" and a client secret.

Example 3

PS C:\> $oauthCtx = New-OAuthSecurityContext `
-TokenEndpointUrl "https:///adfs/oauth2/token/" `
-ClientId "powercli-native" `
-Username "user@your.domain" `
-Password "the password" `
-OtherArguments @{ "resource" = "my-vcenter" }

Creates an OAuth2 security context object by authenticating as the user using his credentials. In this example, the authentication server is Microsoft Active Directory Federation Service. An Application Group is created with the ID of "my-vcenter". There is also a native client in that group with the ID of "powercli-native".

Related Commands

Feedback

Was this page helpful?