3

I have the original curl call which is said to be working in a Unix environment (or whatever they use at the provider's office).

curl 
  -u ybeepbeepbeepa:eboopboopboopa
  -k 
  -d "grant_type=mobile&customerId=SE.B2C/abcd&pin=1234&scope=openid" 
  -H "Content-Type:application/x-www-form-urlencoded" 
  https://xxx/oauth2/token

Using the docs for curl I exchanged the flags and attributes to the following.

Invoke-WebRequest 
  -User ybeepbeepbeepa:eboopboopboopa 
  -Method POST 
  -Headers @{"Content-Type"="application/x-www-form-urlencoded"} 
  -Uri "https://xxx/oauth2/token?grant_type=mobile&customerId=SE.B2C/abcd&pin=1234&scope=openid"

The only part which I failed to translate is -k, which is supposed to be equivalent to --insecure. Checking said docs, I arrived at a few possible, though far-fetched, alternatives (such as -AllowUnencryptedAuthentication) but all of them failed and I'm out of ideas.

  1. What is the equivalent of curl's --insecure (or -k) in PowerShell's Invoke-WebRequest (which accidentally is assed to curl, which is confusing as duck since the flags differ)?
  2. Is the rest of the command properly ported to PowerShell? (I've contracted some flags and baked them together with the URL as querty string. And I'm not entirely certain of the syntax for Headers.)
DonkeyBanana
  • 3,266
  • 4
  • 26
  • 65
  • This previous article should help you with -k when you have self signed certs and you are on version 5.x or earlier of powershell: https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error – Thom Schumacher Mar 21 '18 at 15:00

1 Answers1

5

In place of -k, you'll need to set the certificate validation routine for the app domain with the ServicePointManager class:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

For the -u flag, you'll need to construct the Basic Authentication header yourself:

function Get-BasicAuthCreds {
    param([string]$Username,[string]$Password)
    $AuthString = "{0}:{1}" -f $Username,$Password
    $AuthBytes  = [System.Text.Encoding]::Ascii.GetBytes($AuthString)
    return [Convert]::ToBase64String($AuthBytes)
}

$Headers = @{"Content-Type"="application/x-www-form-urlencoded"} 
$Headers['Authorization'] = "Basic $(Get-BasicAuthCreds ybeepbeepbeepa eboopboopboopa)"

Invoke-WebRequest -Method POST -Headers $Headers -Uri "https://xxx/oauth2/token?grant_type=mobile&customerId=SE.B2C/abcd&pin=1234&scope=openid"

If you want to generate the credential string inline you can do it like this (although it gets a bit clunky):

$Headers = @{
  "Content-Type"  = "application/x-www-form-urlencoded"} 
  "Authorization" = "Basic $([Convert]::ToBase64String([System.Text.Encoding]::Ascii.GetBytes('ybeepbeepbeepa:eboopboopboopa')))"
}
Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
  • Is it possible to express it inline instead of a function? – DonkeyBanana Mar 21 '18 at 23:26
  • Awesome. It's still going to be two lines of execution, though. I was hoping for an inline **and** one-liner that I could send over to my colleagues as a magic pill (you know - paste in this and press enter, no thinking). Nevertheless, this will suffice, I think, as long as we can execute the declaration of the variable in PowerShell. (We're extremely limited when it comes to e.g. accessing $PROFILE file.) – DonkeyBanana Mar 21 '18 at 23:52
  • `-replace '\r?\n',';'` ;-) – Mathias R. Jessen Mar 21 '18 at 23:53