Skip to content

Instantly share code, notes, and snippets.

@andreaceccanti

andreaceccanti/dc-get-access-token.sh

Last active February 20, 2020 14:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andreaceccanti/5b69323b89ce08321e7b5236de503600 to your computer and use it in GitHub Desktop.
Save andreaceccanti/5b69323b89ce08321e7b5236de503600 to your computer and use it in GitHub Desktop.
Download ZIP
A get-access-token script that uses the OAuth device code flow
Raw
dc-get-access-token.sh
#!/bin/bash
set -e
exit_msg() {
echo "Giving up as requested by user..."
exit 1
}
if [[ -z "${IAM_DEVICE_CODE_CLIENT_ID}" ]]; then
echo "Please set the IAM_DEVICE_CODE_CLIENT_ID env variable"
exit 1
fi
if [[ -z "${IAM_DEVICE_CODE_CLIENT_SECRET}" ]]; then
echo "Please set the IAM_DEVICE_CODE_CLIENT_SECRET env variable"
exit 1
fi
## IAM devicecode enpoint is /devicecode, e.g. https://iam.example/devicecode
if [[ -z "${IAM_DEVICE_CODE_ENDPOINT}" ]]; then
echo "Please set the IAM_DEVICE_CODE_ENDPOINT env variable"
exit 1
fi
## IAM token endpoint is /token, e.g. https://iam.example/token
if [[ -z "${IAM_TOKEN_ENDPOINT}" ]]; then
echo "Please set the IAM_TOKEN_ENDPOINT env variable"
exit 1
fi
IAM_DEVICE_CODE_CLIENT_SCOPES=${IAM_DEVICE_CODE_CLIENT_SCOPES:-"openid profile email offline_access"}
response=$(mktemp)
curl -s -f -L \
-u ${IAM_DEVICE_CODE_CLIENT_ID}:${IAM_DEVICE_CODE_CLIENT_SECRET} \
-d client_id=${IAM_DEVICE_CODE_CLIENT_ID} \
-d scope="${IAM_DEVICE_CODE_CLIENT_SCOPES}" \
${IAM_DEVICE_CODE_ENDPOINT} > ${response}
if [ $? -ne 0 ]; then
echo "Error contacting IAM"
cat ${response}
exit 1
fi
device_code=$(jq -r .device_code ${response})
user_code=$(jq -r .user_code ${response})
verification_uri=$(jq -r .verification_uri ${response})
expires_in=$(jq -r .expires_in ${response})
trap "exit_msg" INT
echo "Please open the following URL in the browser:"
echo
echo ${verification_uri}
echo
echo "and, after having been authenticated, enter the following code when requested:"
echo
echo ${user_code}
echo
echo "Note that the code above expires in ${expires_in} seconds..."
echo "Once you have correctly authenticated and authorized this device, this script can be restarted to obtain a token. "
while true; do
while true; do
echo
echo "Proceed? [Y/N] (CTRL-c to abort)"
read a
[[ $a = "y" || $a = "Y" ]] && break
[[ $a = "n" || $a = "N" ]] && exit 0
done
curl -q -L -s \
-u ${IAM_DEVICE_CODE_CLIENT_ID}:${IAM_DEVICE_CODE_CLIENT_SECRET} \
-d grant_type=urn:ietf:params:oauth:grant-type:device_code \
-d device_code=${device_code} ${IAM_TOKEN_ENDPOINT} 2>&1 > ${response}
if [ $? -ne 0 ]; then
echo "Error contacting IAM"
cat ${response}
exit 1
fi
error=$(jq -r .error ${response})
error_description=$(jq -r .error_description ${response})
if [[ "${error}" != "null" ]]; then
echo "The IAM returned the following error:"
echo
echo ${error} " " ${error_description}
echo
continue;
fi
access_token=$(jq -r .access_token ${response})
refresh_token=$(jq -r .refresh_token ${response})
scope=$(jq -r .scope ${response})
expires_in=$(jq -r .expires_in ${response})
echo
echo "An access token was issued, with the following scopes:"
echo
echo ${scope}
echo
echo "which expires in ${expires_in} seconds."
echo
echo "The following command will set it in the IAM_ACCESS_TOKEN env variable:"
echo
echo "export IAM_ACCESS_TOKEN=\"${access_token}\""
echo
if [[ "${refresh_token}" != "null" ]]; then
echo "A refresh token was issued. The following command will set it in the IAM_REFRESH_TOKEN env variable:"
echo
echo "export IAM_REFRESH_TOKEN=\"${refresh_token}\""
echo
fi
exit 0
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment