Created
March 31, 2021 17:37
-
-
Save bobcallaway/bfd8531a12ddbc2e4f99474b5e9a4cf3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# assumes you have curl, jq and smallstep CLI in path | |
POLLURL="https://oauth2.sigstore.dev/auth/device/token" | |
START=$(curl -s -d client_id=sigstore -d "scope=openid email" https://oauth2.sigstore.dev/auth/device/code -o -) | |
echo "Please visit $(echo $START | jq -r '.verification_uri_complete')" | |
DEVICECODE=$(echo $START | jq -r '.device_code' ) | |
TIMEOUT=$(echo $START | jq -r '.expires_in' ) | |
INTERVAL=$(echo $START | jq -e -r '.interval' | grep -v null || echo 5) | |
echo "Waiting $INTERVAL seconds to start polling... total timeout is $TIMEOUT seconds;" | |
sleep $INTERVAL | |
TOKENOUTPUT=$(mktemp) | |
trap "rm -rf $TOKENOUTPUT" EXIT | |
while [ $TIMEOUT -gt 0 ]; do | |
TIMEOUT=$((TIMEOUT-INTERVAL)) | |
curl -s -d "grant_type=urn:ietf:params:oauth:grant-type:device_code" -d "client_id=sigstore" -d "device_code=$DEVICECODE" -o $TOKENOUTPUT $POLLURL | |
IDTOKEN=$(jq -e -r '.id_token' $TOKENOUTPUT | grep -v null) | |
if [[ $IDTOKEN != "" ]]; then | |
cat $TOKENOUTPUT | jq -r '.id_token' | tr -d '\n' | step crypto jwt inspect --insecure | |
break | |
else | |
ERRORMSG=$(jq -e -r '.error' $TOKENOUTPUT | grep -v null) | |
if [[ $ERRORMSG == "authorization_pending" ]]; then | |
echo "Authentication not detected yet... waiting for $INTERVAL seconds to poll again" | |
sleep $INTERVAL | |
elif [[ $ERRORMSG == "slow_down" ]]; then | |
echo "Authentication not detected and server requests we slow down polling..." | |
INTERVAL=$((INTERVAL+INTERVAL)) | |
sleep $INTERVAL | |
elif [[ $ERRORMSG == "authorization_canceled" ]]; then | |
echo "Authentication has been cancelled" | |
break | |
elif [[ $ERRORMSG == "authorization_complete" ]]; then | |
echo "Authentication has already been completed" | |
break | |
else | |
echo "Unclear result" | |
cat $TOKENOUTPUT | |
fi | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment