Set-VIOAuth2Client
Updates the configuration of the OAuth2 client registered with the VMware Identity Broker. The VMware Identity Broker is an OAuth2 relay that is used by client applications to authenticate with vCenter using OAuth2.
Syntax
Parameters
| Required | Parameter Name | Type | Position | Features | Description |
|---|---|---|---|---|---|
| required
|
OAuth2Client | OAuth2Client[] | named |
|
Specifies the OAuth 2 clients whose configuration you want to modify. |
| optional | AccessTokenTimeToLiveMinutes | Int32 | named |
|
How long in minutes new access tokens issued to this client should live. |
| optional | GrantTypes | String[] | named |
|
A list of OAuth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Possible values are: password , client_credentials , refresh_token , authorization_code , token , id_token |
| optional | Name | String | named |
|
The user-friendly name that you set for this OAuth 2.0 client. |
| optional | PkceEnforced | Boolean | named |
|
Indicates whether PKCE is enforced for the OAuth2 client. This parameter is available only for vCenter instances of version 8.0 Update 3 and later. |
| optional | PostLogoutRedirectUris | String[] | named |
|
The OAuth2 Relaying Party provides a list of absolute URLs with the PostLogoutRedirectUris parameter. When a logout occurs, the Auth2 Relaying Party might request that the User Agent of the End-User is redirected to one of these absolute URLs. These URLs must contain the https scheme and can also have a port, path, and some query parameters. However, the URLs may also contain the http scheme, provided that the Client Type is confidential. To skip the check for a particular URL section, you can substitute a wildcard character with any string. |
| optional | ProgressAction | ActionPreference | named |
|
|
| optional | RedirectUris | String[] | named |
|
Specifies a list of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect URI sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. The "*" character can be used as a wildcard character to be substituted for any string to skip the check for a particular URL section. The field is required if GrantTypes parameter contain an "authorization_code" grant type. |
| optional | RefreshTokenIdleTimeToLiveMinutes | Int32 | named |
|
Specifies how long in minutes new refresh tokens issued to this client should live. Only applicable and mandatory if the GrantTypes parameter includes ?refresh_token?. |
| optional | RefreshTokenTimeToLiveMinutes | Int32 | named |
|
How long in minutes new refresh tokens issued to this client can be idle. Only applicable and mandatory if GrantTypes includes ?refresh_token?. Its value should be less than the refresh token TTL value (specified by the parameter RefreshTokenIdleTimeToLiveMinutes). |
| optional | RuleSetNames | String[] | named |
|
Specifies a list of built-in rule set names to associate this client with. Each ruleset, allows the client to call a specific set of tenant APIs. Possible values are: TENANT_ADMIN , IDP_AND_DIRECTORY_ADMIN , READ_ONLY_TENANT_ADMIN TENANT_ADMIN - Allows the client to call all the tenant APIs. READ_ONLY_TENANT_ADMIN - Allows the client to call all the tenant read only APIs (i.e., APIs that do not make any changes). IDP_AND_DIRECTORY_ADMIN - Allows the client to call all the tenant Identity Providers and Directories APIs. |
| optional | Scope | String[] | named |
|
A list of access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin, user, profile, email, openid, group admin - Admin Level Access user - User Level Access profile - Access to a User's profile (FirstName, LastName, Display Name, Image) email - Access to a User's Email openid - Access to an OpenID token for the User group - Access to the User's groups |
| optional | Secret | SecureString | named |
|
Specifies the OAuth 2.0 Client secret. For additional security, the stored secret will not be returned by the Get-VIOAuth2Client and this command output. |
| optional | SecretTimeToLiveInMinutes | Int32 | named |
|
Specifies after what time in minutes the secret must be rotated. This parameter is available only for vCenter instances of version 8.0 Update 3 and later. |
| optional | Server | VIServer[] | named |
|
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of Connect-VIServer. |
Output
VMware.VimAutomation.ViCore.Types.V1.IdentityBroker.OAuth2ClientExamples
Example 1
PS C:\> $x = Get-VIOAuth2Client -Id "my-client" PS C:\> Set-VIOAuth2Client -OAuth2Client $x -AccessTokenTimeToLiveMinutes 31
Changes the -AccessTokenTimeToLiveMinutes configuration setting of the OAuth 2.0 client with ID "my-client" to 31. This change indicates that the registered OAuth 2.0 client will have its access tokens valid for 31 minutes.
Example 2
PS C:\> Set-VIOAuth2Client -OAuth2Client "My Client Name" -Secret "123456"
Changes the current secret of the OAuth 2.0 client with user-friendly name "My Client Name" to "123456".
Related Commands
VIOAuth2Client
Creates a new OAuth2 client registration with the VMware Identity Broker.
Deletes a registration for a specified OAuth2 client from the VMware Identity Broker.
Updates the configuration of the OAuth2 client registered with the VMware Identity Broker.
VIOAuth2ClientSecretRotation
Forces an immediate secret rotation for a specific OAuth 2 client.
Initiates a rotation of the secret of an OAuth 2 client.
VIOauth2Client
This cmdlet retrieves the OAuth2 clients available on a vCenter Server system.
VIObjectByVIView
This cmdlet converts a vSphere View object to a VIObject.