Using Variables with OAuth?

TheTechRunner · February 23, 2023, 6:47pm

Product: PowerShell Universal
Version: 3.7.11

Is it possible to use variables or secrets with the OAuth configuration? I’m trying to use a git branch for development and a different git branch for production, and our OAuth configuration settings are different between the two.

Thanks!

Oliver · February 28, 2023, 8:17am

Yes! Just figured it out on my system

Add a secret string variable on the server. Setup the OpenID (or OAuth should work the same way) in authentication.ps1:

$Parameters = @{
  Type = "OpenIDConnect"
  CallbackPath = "/auth/signin-oidc"
  ClientId = "<application guid here>"
  Authority = "https://login.microsoftonline.com/<tenant ID here>"
  ClientSecret = $Secret:OpenIDSecret # Or whatever you called your variable
}

Set-PSUAuthenticationMethod @Parameters

I had troubles in the past getting that to work. I completely wiped my database and restarted from scratch with the latest version, above code now works for me.

Good Luck!

TheTechRunner · March 6, 2023, 8:21pm

Using secrets worked for me! Thank you!

PorreKaj · March 8, 2023, 7:40am

Using this (but without secrets) gives me either an http error 500 or http error 431 after I sign in.

$Parameters = @{
    Type = "OpenIDConnect"
    CallbackPath = "/auth/signin-oidc"
    ClientId = "someid"
    Authority = "https://login.microsoftonline.com/sometenant"
    ClientSecret = "somesecretID" 
}
  
Set-PSUAuthenticationMethod @Parameters

This was my setting in appsettings

"Authentication" : {
    "OIDC": {
      "Enabled": "false",
      "CallbackPath": "/auth/signin-oidc",
      "ClientID": "Someid",
      "ClientSecret": "somesecretid",
      "Resource": "https://graph.microsoft.com/",
      "Authority": "https://login.microsoftonline.com/sometenantid",
      "ResponseType": "id_token token",
      "SaveTokens": "true",
      "UseTokenLifetime": true
    },

Any ideas as to why it works through Appsettings but not authentication.ps1?

Edit. just needed to include the left out bits

$Parameters = @{
    Type = "OpenIDConnect"
    CallbackPath = "/auth/signin-oidc"
    ClientId = "someid"
    Authority = "https://login.microsoftonline.com/sometenant"
    ClientSecret = "somesecretID" 
   resource = "https://graph.microsoft.com/"
    ResponseType = "id_token token"
    Savetokens = $true
    usetokenlifetime = $true
}

Topic		Replies	Views
Authentication.ps1 not getting $secret:variable values? PowerShell Universal	1	409	November 29, 2022
Get-UAVariable Secret just returning name of variable and not the value of the string PowerShell Universal	5	644	August 11, 2021
Unable to use Secret Variables PowerShell Universal	1	284	April 20, 2023
Storing and using Variable - Credentials within script	3	646	August 9, 2021
New Authentication variables PowerShell Universal	5	538	June 16, 2021

Using Variables with OAuth?

Related topics