bobcallaway/test_device_code.sh

## test_device_code.sh
#!/bin/sh

# assumes you have curl, jq and smallstep CLI in path

POLLURL="https://oauth2.sigstore.dev/auth/device/token"

START=$(curl -s -d client_id=sigstore -d "scope=openid email" https://oauth2.sigstore.dev/auth/device/code -o -)
echo "Please visit $(echo $START | jq -r '.verification_uri_complete')"

DEVICECODE=$(echo $START | jq -r '.device_code' )
TIMEOUT=$(echo $START | jq -r '.expires_in' )
INTERVAL=$(echo $START | jq -e -r '.interval' | grep -v null || echo 5)
echo "Waiting $INTERVAL seconds to start polling... total timeout is $TIMEOUT seconds;"
sleep $INTERVAL

TOKENOUTPUT=$(mktemp)
trap "rm -rf $TOKENOUTPUT" EXIT

while [ $TIMEOUT -gt 0 ]; do
  TIMEOUT=$((TIMEOUT-INTERVAL))
  curl -s -d "grant_type=urn:ietf:params:oauth:grant-type:device_code" -d "client_id=sigstore" -d "device_code=$DEVICECODE" -o $TOKENOUTPUT $POLLURL
  IDTOKEN=$(jq -e -r '.id_token' $TOKENOUTPUT | grep -v null)
  if [[ $IDTOKEN != "" ]]; then
    cat $TOKENOUTPUT | jq -r '.id_token' | tr -d '\n' | step crypto jwt inspect --insecure
    break
  else
    ERRORMSG=$(jq -e -r '.error' $TOKENOUTPUT | grep -v null)
    if [[ $ERRORMSG == "authorization_pending" ]]; then
      echo "Authentication not detected yet... waiting for $INTERVAL seconds to poll again"
      sleep $INTERVAL
    elif [[ $ERRORMSG == "slow_down" ]]; then
      echo "Authentication not detected and server requests we slow down polling..."
      INTERVAL=$((INTERVAL+INTERVAL))
      sleep $INTERVAL
    elif [[ $ERRORMSG == "authorization_canceled" ]]; then
      echo "Authentication has been cancelled"
      break
    elif [[ $ERRORMSG == "authorization_complete" ]]; then
      echo "Authentication has already been completed"
      break
    else
      echo "Unclear result"
      cat $TOKENOUTPUT
    fi
  fi
done
	#!/bin/sh

	# assumes you have curl, jq and smallstep CLI in path

	POLLURL="https://oauth2.sigstore.dev/auth/device/token"

	START=$(curl -s -d client_id=sigstore -d "scope=openid email" https://oauth2.sigstore.dev/auth/device/code -o -)
	echo "Please visit $(echo $START \| jq -r '.verification_uri_complete')"

	DEVICECODE=$(echo $START \| jq -r '.device_code' )
	TIMEOUT=$(echo $START \| jq -r '.expires_in' )
	INTERVAL=$(echo $START \| jq -e -r '.interval' \| grep -v null \|\| echo 5)
	echo "Waiting $INTERVAL seconds to start polling... total timeout is $TIMEOUT seconds;"
	sleep $INTERVAL

	TOKENOUTPUT=$(mktemp)
	trap "rm -rf $TOKENOUTPUT" EXIT

	while [ $TIMEOUT -gt 0 ]; do
	TIMEOUT=$((TIMEOUT-INTERVAL))
	curl -s -d "grant_type=urn:ietf:params:oauth:grant-type:device_code" -d "client_id=sigstore" -d "device_code=$DEVICECODE" -o $TOKENOUTPUT $POLLURL
	IDTOKEN=$(jq -e -r '.id_token' $TOKENOUTPUT \| grep -v null)
	if [[ $IDTOKEN != "" ]]; then
	cat $TOKENOUTPUT \| jq -r '.id_token' \| tr -d '\n' \| step crypto jwt inspect --insecure
	break
	else
	ERRORMSG=$(jq -e -r '.error' $TOKENOUTPUT \| grep -v null)
	if [[ $ERRORMSG == "authorization_pending" ]]; then
	echo "Authentication not detected yet... waiting for $INTERVAL seconds to poll again"
	sleep $INTERVAL
	elif [[ $ERRORMSG == "slow_down" ]]; then
	echo "Authentication not detected and server requests we slow down polling..."
	INTERVAL=$((INTERVAL+INTERVAL))
	sleep $INTERVAL
	elif [[ $ERRORMSG == "authorization_canceled" ]]; then
	echo "Authentication has been cancelled"
	break
	elif [[ $ERRORMSG == "authorization_complete" ]]; then
	echo "Authentication has already been completed"
	break
	else
	echo "Unclear result"
	cat $TOKENOUTPUT
	fi
	fi
	done