Hi everybody,
Here you'll find a Powershell script which use the "Refresh Token" to generate a new "Access Token" from the SEPM (See the Remote Management Integration Guide for more informations about what is the "refresh token" and why used it).
In order to use this script, you need to add an entry in the Config.xml file (located in the powershell example scripts):
Into <SepmWS>....</SepmWS> simply add this line:
<RefreshToken>my_refresh_token</RefreshToken>
Your config.xml file must now look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--This file contains general settings for the PowerShell web service test scripts.
Modify these values to match your server settings.-->
<SepmWS>
<!--Ip address of the server-->
<HostIpAddress>localhost</HostIpAddress>
<!--Name of the Symantec Endpoint Protection Manager server-->
<ServerName>.......</ServerName>
<!--Web services port, default: 8446-->
<PortNo>8446</PortNo>
<!--Directory containing static WSDL files. These scripts do not support dynamic WSDLs-->
<wsdlDir>WSDL</wsdlDir>
<!--Client Id of registered web services client-->
<ClientId>..........</ClientId>
<!--Client secret of registered web services client-->
<ClientSecret>..............</ClientSecret>
<!--Access token obtained from server. Run Write-TokenToConfig.ps1 to obtain, or call Get-SepmRmmWsAccessToken-->
<AccessToken>..........</AccessToken>
<RefreshToken>my_refresh_token</RefreshToken>
</SepmWS>
where "my_refresh_token" is the refresh token generated by the powershell example script "Write-TokenToConfig.ps1".
Here an output example of Write-TokenToConfig.ps1 execution:
C:\PowerShell>powershell -STA .\Write-TokenToConfig.ps1
OAuth 2.0 Access Token Information for localhost
---------------------------------------------------------------------
token_type: bearer
access_token: 25a34522-39f9-40c1-868a-698cdb674960
refresh_token: 55729ab1-739d-4667-84b4-f38013f9bb2e
expires_in: 43199 seconds, which equals 12,00 hours
---------------------------------------------------------------------
In this example, you'll need to manually copy/paste this refresh_token into the config.xml "<RefreshToken>" section: 55729ab1-739d-4667-84b4-f38013f9bb2e
Now, you're ready to use the RefreshToken PowerShell script, and beforce your access_token expire, run it to get a new one and continue to use SEPM webservices without having to re-authenticate.
Here an output example of RefreshToken.ps1:
OAuth 2.0 Refresh Token Informations
---------------------------------------------------------------------
token_type: bearer
access_token: 684d220b-d096-4a7e-b32e-7c9afe98782b
refresh_token: 55729ab1-739d-4667-84b4-f38013f9bb2e
expires_in: 43199 seconds, which equals 12,00 hours
---------------------------------------------------------------------
The new access_token is writted to the Config.xml file.