coreone/svcacct-token.sh

## svcacct-token.sh
#!/bin/bash

if [ -z "${1}" ]; then
    PROG=$( basename $0 )
    echo "usage: ${PROG} <JSON account file>"
    exit 1
fi
keyfile="${1}"

client_email=$( jq -r '.client_email' $keyfile )
if [ -z "${client_email}" ]; then
    echo "JSON file does not appear to be valid"
    exit 2
fi

private_key=$( jq '.private_key' $keyfile | tr -d '"' )
if [ -z "${private_key}" ]; then
    echo "JSON file does not appear to be valid"
    exit 3
fi

keyfile=$( mktemp -p . privkeyXXXXX )
echo -e $private_key > $keyfile

now=$( date "+%s" )
later=$( date -d '+30 min' "+%s" )
header=$( echo -n "{\"alg\":\"RS256\",\"typ\":\"JWT\"}" | base64 -w 0 )
claim=$( echo -n "{ \"iss\":\"${client_email}\", \"scope\":\"email profile\", \"aud\":\"https://www.googleapis.com/oauth2/v4/token\", \"exp\":${later}, \"iat\":${now} }" | base64 -w 0 )

data="${header}.${claim}"

sig=$( echo -n $data | openssl dgst -sha256 -sign $keyfile -keyform PEM -binary | base64 -w 0 )

rm -f $keyfile

stuff=$( echo "${header}.${claim}.${sig}" | sed 's!\/!%2F!g' | sed 's/=/%3D/g' | sed 's/\+/%2B/g' )

curl -d "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${stuff}" https://www.googleapis.com/oauth2/v4/token
	#!/bin/bash

	if [ -z "${1}" ]; then
	PROG=$( basename $0 )
	echo "usage: ${PROG} <JSON account file>"
	exit 1
	fi
	keyfile="${1}"

	client_email=$( jq -r '.client_email' $keyfile )
	if [ -z "${client_email}" ]; then
	echo "JSON file does not appear to be valid"
	exit 2
	fi

	private_key=$( jq '.private_key' $keyfile \| tr -d '"' )
	if [ -z "${private_key}" ]; then
	echo "JSON file does not appear to be valid"
	exit 3
	fi

	keyfile=$( mktemp -p . privkeyXXXXX )
	echo -e $private_key > $keyfile

	now=$( date "+%s" )
	later=$( date -d '+30 min' "+%s" )
	header=$( echo -n "{\"alg\":\"RS256\",\"typ\":\"JWT\"}" \| base64 -w 0 )
	claim=$( echo -n "{ \"iss\":\"${client_email}\", \"scope\":\"email profile\", \"aud\":\"https://www.googleapis.com/oauth2/v4/token\", \"exp\":${later}, \"iat\":${now} }" \| base64 -w 0 )

	data="${header}.${claim}"

	sig=$( echo -n $data \| openssl dgst -sha256 -sign $keyfile -keyform PEM -binary \| base64 -w 0 )

	rm -f $keyfile

	stuff=$( echo "${header}.${claim}.${sig}" \| sed 's!\/!%2F!g' \| sed 's/=/%3D/g' \| sed 's/\+/%2B/g' )

	curl -d "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${stuff}" https://www.googleapis.com/oauth2/v4/token