Authorize endpoint by OAuth2.0 token?

wandwong · January 29, 2025, 7:08am

Product: PowerShell Universal
Version: 5.2.1

Hi is it possible to authorize an API endpoint (i.e. a .ps1 script within PSU) by a temporary OAuth2.0 token, i.e. that one that we can get in the Auth0 machine-to-machine application?
Right now the token authorization for the API endpoint is by accepting (which I think is decrypting) a token that is previously generated by PSU and shared with the client; which is more like a pre-shared key…
But what I actually want is kind of like a public key or a short-lived password, that adheres to the OAuth2.0 flow, i.e. my API client use a securely stored Client ID and secret to fetch the temporary token from Auth0 or Okta or whatever, while that token (JWT?) includes a role, and the PSU API endpoint decrypt that temporary token generated by Auth0 to find out if that role is allowed to access; similar to what PostgREST is doing.
Would someone please advise if that is achievable?

adam · January 29, 2025, 7:42pm

This is possible but it is not properly documented. You can use the JWT:DiscoveryDocument value in appsettings.json to load custom JWT settings from an external source.

I’ll open an issue to get this documented.

wandwong · January 29, 2025, 8:00pm

great move, that would solve many problems with my client, thanks!!

Topic		Replies	Views
Beginner's Question for using scripts in endpoints PowerShell Universal	10	39	February 21, 2025
API Authentication UD versus PSU PowerShell Universal	5	483	August 2, 2022
Issues with PSU 1.5.0 - API Authentication configuration Universal API	1	712	November 20, 2020
Calling Endpoint Requires a Credential Object? PowerShell Universal	0	378	February 20, 2021
Help with PSU API auth PowerShell Universal	3	772	October 15, 2020

Authorize endpoint by OAuth2.0 token?

Related topics