Developer

last person joined: yesterday 

Expand all | Collapse all

Powershell example

  • 1.  Powershell example

    Posted Jan 28, 2019 07:35 AM

    Does anybody have an example of how to login to the APIGW from arubacentral?

    I can Login to the api, but when i try to authorize, it always tells me that the CSRF-token is missing or incorrect.

    My Code: (will be functionized if everything is working, but for testing, this is just quick and dirty)

    $URL = $BaseURI+"/oauth2/authorize/central/api/login"
    $LoginBody = '{"username":"'+$User_Name+'","password":"'+$Pass_Word+'","client_id":"'+$Client_ID+'"}'
    $Request = Invoke-WebRequest -Uri $URL -Method Post -Body $LoginBody -ContentType application/json -SessionVariable Cookies
    $Cookies = $Cookies.Cookies.GetCookies($URL)
    $URL = $BaseURI+"/oauth2/authorize/central/api"
    ForEach ($Cookie in $Cookies)
    {
        if ($Cookie.Name = "csrftoken")
        {
            $CSRFToken=$cookie.value
        }
        if ($Cookie.Name = "session")
        {
            $Session=$cookie.value
        }
    }
    $Headers = @{"X-CSRF-Token"=$CSRFToken;"session"=$Session}
    $AuthenBody = '{"customer_id":"'+$CustomerID+'","client_id":"'+$ClientID+'","CSRF-Token":"'+$CSRFToken+'","session":"'+$Session+'"}'
    $Request = Invoke-WebRequest -Uri $URL -Method Post -Body $AuthenBody -ContentType application/json -Headers $Headers


  • 2.  RE: Powershell example

    Posted Jan 28, 2019 07:52 AM

    Look good, do you have check if it is not sensible to the case ?

     

    Do you have compare with another implementation ? (if it is available...)

     



  • 3.  RE: Powershell example

    Posted Jan 28, 2019 08:30 AM

    It is not possible to compare with another implemenation because no other questions have been asked for the arubacentral apigw as far as i could search.



  • 4.  RE: Powershell example

    Posted Jan 29, 2019 03:33 AM

    Hi,

     

    Did you check this ?

    https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Need-some-help-with-the-Central-API/td-p/403585

     

    It is for Python, but you should be able to see how it works.



  • 5.  RE: Powershell example

    Posted Mar 04, 2019 10:05 AM

    After working with this issue for a few days, I finally have a working one.  Thanks to an Aruba contact, I was able to pass the CSRF-Token.  The main problem seemed to be that you have to add the retrieved cookies back to the current session.

    # Aruba Central Information
    $clientID = '[client_id]'
    $clientSecret = '[client_secret]'
    $username = '[username]'
    $password = '[password]'
    
    $BaseURL = '[Your Aruba URL]'
    $APIURL = $baseURL + '/oauth2/authorize/central/api'
    $LoginURL = $APIURL + '/login'
    $contentType = 'application/json'
    
    Write-Host "Requesting CSRF Token using $username ..." -ForegroundColor Yellow
    $RequestURL = $LoginURL + "?client_id=$clientID"
    
    $CSRFHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
    $CSRFHeaders.add('Content-Type',$contentType)
    
    $CSRFBody = @{
        username = "$username"
        password = "$password"
    } | ConvertTo-Json
    
    $Response = Invoke-WebRequest -Method Post -Uri $RequestURL -Headers $CSRFHeaders -Body $CSRFBody  -SessionVariable CurrentSession
    
    $Cookies = $CurrentSession.Cookies.GetCookies($RequestURL)
    $CSRFToken = $Cookies[0].value
    $SessionID = $Cookies[1].value
    $CurrentSession.Cookies.Add($Cookies)
    
    if($CSRFToken){
        Write-Host "CSRFToken Retrieved: $CSRFToken"
    } else {
        Write-Host 'Did not receive a CSRFToken'
        exit
    }
    
    # Request Auth Token
    Write-Host 'Requesting Authorization token...' -ForegroundColor Yellow
    $responseType = 'code'
    $scope = 'all'
    $customerID = '[customer_id]'
    $AuthURL = $APIURL + "?client_id=$clientID&response_type=$responseType&scope=$scope"
    $AuthHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
    $AuthHeaders.add('X-CSRF-TOKEN',$CSRFToken)
    $AuthHeaders.add('Cookie',$SessionID)
    $AuthHeaders.add('Content-Type', $contentType)
    
    $AuthBody = [ordered]@{
        customer_id = $customerID
    } | ConvertTo-Json
    
    try{
        $AuthResponse = Invoke-WebRequest -Method Post -Uri $AuthURL -Headers $AuthHeaders -Body $AuthBody -WebSession $CurrentSession -ErrorVariable RespErr
    } catch {
        $_.Exception.Message
        $_.Exception.Response
        $RespErr
        exit
    }
    
    $auth_code = ($AuthResponse.Content | ConvertFrom-Json).auth_code
    
    # Get access and refresh tokens from auth code
    Write-Host 'Requesting access token...' -ForegroundColor Yellow
    $grantType = 'authorization_code'
    $TokenURL = $BaseURL + '/oauth2/token'
    $TokenURL += "?client_id=$clientID&grant_type=$grantType&client_secret=$clientSecret&code=$auth_code"
    $TokenResponse = Invoke-WebRequest -Method Post -Uri $TokenURL
    $accessToken = ($TokenResponse.Content | ConvertFrom-Json).access_token
    $accessToken 

     



  • 6.  RE: Powershell example

    Posted Apr 16, 2019 09:17 AM

    chhill i have tried your example powershell, but i always get an error 400 invalid request, no matter what i do to change the code....

    I currently have this that is working up until the last try/catch block .

    # Aruba Central Information
    $clientID = '[clientID]'
    $clientSecret = '[clientSecret]'
    $username = '[username]'
    $password = '[password]'
    $BaseURL = '[BaseURL]'
    $customerID = '[CustomerID]'
    
    $APIURL = $baseURL + '/oauth2/authorize/central/api'
    $LoginURL = $APIURL + '/login'
    $contentType = 'application/json'
    
    Write-Host "Requesting CSRF Token using $username ..." -ForegroundColor Yellow
    $RequestURL = $LoginURL + "?client_id=$clientID"
    
    $CSRFHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
    $CSRFHeaders.add('Content-Type',$contentType)
    
    $CSRFBody = @{
        username = "$username"
        password = "$password"
    } | ConvertTo-Json
    
    $Response = Invoke-WebRequest -Method Post -Uri $RequestURL -Headers $CSRFHeaders -Body $CSRFBody  -SessionVariable CurrentSession
    
    $Cookies = $CurrentSession.Cookies.GetCookies($RequestURL)
    $CSRFToken = $Cookies[0].value
    $SessionID = $Cookies[1].value
    $CurrentSession.Cookies.Add($Cookies)
    
    if(!$CSRFToken){
        Write-Host 'Did not receive a CSRFToken'
        exit
    }
    
    # Request Auth Token
    Write-Host 'Requesting Authorization token...' -ForegroundColor Yellow
    $responseType = 'code'
    $scope = 'all'
    $AuthURL = $APIURL + "?response_type=$responseType&scope=$scope"
    $AuthHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
    $AuthHeaders.add('X-CSRF-TOKEN',$CSRFToken)
    $AuthHeaders.add('Cookie',$SessionID)
    $AuthHeaders.add('Content-Type', $contentType)
    
    $AuthBody = [ordered]@{
        customer_id = $customerID;
        client_id = $clientID
    } | ConvertTo-Json
    
    try{
        $AuthResponse = Invoke-WebRequest -Method Post -Uri $AuthURL -Headers $AuthHeaders -Body $AuthBody -WebSession $CurrentSession -ErrorVariable RespErr
    } catch {
        $_.Exception.Message
        $_.Exception.Response
        $RespErr
        exit
    }
    
    $auth_code = ($AuthResponse.Content | ConvertFrom-Json).auth_code
    
    # Get access and refresh tokens from auth code
    Write-Host 'Requesting access token...' -ForegroundColor Yellow
    $grantType = 'authorization_code'
    $TokenURL = $BaseURL + '/oauth2/token' #+ "?grant_type=$grantType&code=$auth_code&client_id=$clientID&client_secret=$clientSecret"
    $AuthBody = [ordered]@{
        grant_type = $grantType;
        code = $auth_code;
        client_id = $clientID;
        client_secret = $clientSecret
    } | ConvertTo-Json
    try{
        $TokenResponse = Invoke-WebRequest -Method Post -Uri $TokenURL -Headers $AuthHeaders -Body $AuthBody -WebSession $CurrentSession -ErrorVariable RespErr
    } catch {
        $_.Exception.Message
        $_.Exception.Response
        $RespErr
        $RespErr.Count
        exit
    }
    $accessToken = ($TokenResponse.Content | ConvertFrom-Json).access_token
    $accessToken 

    anybody got a clue what is going wrong????