Created
May 13, 2017 23:33
-
-
Save jay0lee/49ca7acc2c4f7fca4dd9e303316091a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Store our credentials in our home directory with a file called .<script name> | |
my_creds=~/.`basename $0` | |
client_id='716905662885.apps.googleusercontent.com' | |
client_secret='CMVqIy_iQqBEMlzjYffdYM8A' # not really a secret | |
if [ -s $my_creds ]; then | |
# if we already have a token stored, use it | |
. $my_creds | |
time_now=`date +%s` | |
else | |
scope='https://www.googleapis.com/auth/admin.directory.user.readonly' | |
# Form the request URL | |
# http://goo.gl/U0uKEb | |
auth_url="https://accounts.google.com/o/oauth2/auth?client_id=$client_id&scope=$scope&response_type=code&redirect_uri=urn:ietf:wg:oauth:2.0:oob" | |
echo "Please go to:" | |
echo | |
echo "$auth_url" | |
echo | |
echo "after accepting, enter the code you are given:" | |
read auth_code | |
# swap authorization code for access and refresh tokens | |
# http://goo.gl/Mu9E5J | |
auth_result=$(curl -s https://accounts.google.com/o/oauth2/token \ | |
-H "Content-Type: application/x-www-form-urlencoded" \ | |
-d code=$auth_code \ | |
-d client_id=$client_id \ | |
-d client_secret=$client_secret \ | |
-d redirect_uri=urn:ietf:wg:oauth:2.0:oob \ | |
-d grant_type=authorization_code) | |
access_token=$(echo -e "$auth_result" | \ | |
grep -Po '"access_token" *: *.*?[^\\]",' | \ | |
awk -F'"' '{ print $4 }') | |
refresh_token=$(echo -e "$auth_result" | \ | |
grep -Po '"refresh_token" *: *.*?[^\\]",*' | \ | |
awk -F'"' '{ print $4 }') | |
expires_in=$(echo -e "$auth_result" | \ | |
grep -Po '"expires_in" *: *.*' | \ | |
awk -F' ' '{ print $3 }' | awk -F',' '{ print $1}') | |
time_now=`date +%s` | |
expires_at=$((time_now + expires_in - 60)) | |
echo -e "access_token=$access_token\nrefresh_token=$refresh_token\nexpires_at=$expires_at" > $my_creds | |
fi | |
# if our access token is expired, use the refresh token to get a new one | |
# http://goo.gl/71rN6V | |
if [ $time_now -gt $expires_at ]; then | |
refresh_result=$(curl -s https://accounts.google.com/o/oauth2/token \ | |
-H "Content-Type: application/x-www-form-urlencoded" \ | |
-d refresh_token=$refresh_token \ | |
-d client_id=$client_id \ | |
-d client_secret=$client_secret \ | |
-d grant_type=refresh_token) | |
access_token=$(echo -e "$refresh_result" | \ | |
grep -Po '"access_token" *: *.*?[^\\]",' | \ | |
awk -F'"' '{ print $4 }') | |
expires_in=$(echo -e "$refresh_result" | \ | |
grep -Po '"expires_in" *: *.*' | \ | |
awk -F' ' '{ print $3 }' | awk -F',' '{ print $1 }') | |
time_now=`date +%s` | |
expires_at=$(($time_now + $expires_in - 60)) | |
echo -e "access_token=$access_token\nrefresh_token=$refresh_token\nexpires_at=$expires_at" > $my_creds | |
fi | |
# call the Directory API list users endpoint, may be multiple pages | |
# http://goo.gl/k0jnQJ | |
while : | |
do | |
api_data=$(curl -s --get https://www.googleapis.com/admin/directory/v1/users \ | |
-d customer=my_customer \ | |
-d prettyPrint=true \ | |
`if [ -n "$next_page" ]; then echo "-d pageToken=$next_page"; fi` \ | |
-d maxResults=500 \ | |
-d "fields=users(primaryEmail,creationTime,lastLoginTime),nextPageToken" \ | |
-H "Content-Type: application/json" \ | |
-H "Authorization: Bearer $access_token") | |
echo -e "$api_data" | grep -v 'nextPageToken' | |
next_page=$(echo $api_data | \ | |
grep -Po '"nextPageToken" *: *.*?[^\\]"' | \ | |
awk -F'"' '{ print $4 }') | |
if [ -z "$next_page" ] | |
then | |
break | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment