Skip to content

Instantly share code, notes, and snippets.

@marcransome

marcransome/get_concourse_bearer_token.sh

Last active February 6, 2024 15:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save marcransome/ffcefa63a0f583688098eee2f8e77986 to your computer and use it in GitHub Desktop.
Save marcransome/ffcefa63a0f583688098eee2f8e77986 to your computer and use it in GitHub Desktop.
Download ZIP
Concourse OAuth bearer token retrieval
Raw
get_concourse_bearer_token.sh
#!/bin/bash
required_env_vars=(
CONCOURSE_ENDPOINT
CONCOURSE_USERNAME
CONCOURSE_PASSWORD
)
for env_var in "${required_env_vars[@]}"; do
if [[ -z "$(printenv ${env_var})" ]]; then
echo "Environment variable not set: ${env_var}" >&2
missing_env_vars="true"
fi
done
if [[ "${missing_env_vars}" == "true" ]]; then
exit 1
fi
concourse_endpoint="${CONCOURSE_ENDPOINT}"
concourse_username="${CONCOURSE_USERNAME}"
concourse_password="${CONCOURSE_PASSWORD}"
concourse_state_cookie_jar="skymarshal_state"
concourse_auth_cookie_jar="skymarshal_auth"
concourse_login_page_html=$(curl --location --cookie-jar "${concourse_state_cookie_jar}" "${concourse_endpoint}/sky/login" 2>/dev/null)
if (( $? != 0 )); then
echo "Unable to retrieve login page for Concourse endpoint: ${concourse_endpoint}" >&2
exit 1
fi
form_action_pattern='action="([^"]+)'
if [[ ${concourse_login_page_html} =~ ${form_action_pattern} ]]; then
if [[ -n "${BASH_REMATCH[1]}" ]]; then
login_path_with_params="${BASH_REMATCH[1]//$amp;/&}"
else
echo -e "Unable to extract form action from login page response:\n\n${concourse_login_page_html}" >&2
exit 1
fi
else
echo -e "No 'action' attribute found in login page response:\n\n${concourse_login_page_html}" >&2
exit 1
fi
concourse_login_response_html=$(curl \
--location \
--silent \
--cookie "${concourse_state_cookie_jar}" \
--cookie-jar "${concourse_auth_cookie_jar}" \
--data-urlencode "login=${concourse_username}" \
--data-urlencode "password=${concourse_password}" \
"${concourse_endpoint}${login_path_with_params}")
if (( $? != 0 )); then
echo "Unable to retrieve auth cookie" >&2
exit 1
elif [[ "${concourse_login_response_html}" =~ 'invalid username and password' ]]; then
echo "Invalid username or password supplied" >&2
exit 1
fi
bearer_token_pattern='bearer +([^"]+)'
if [[ $(cat "${concourse_auth_cookie_jar}") =~ ${bearer_token_pattern} ]]; then
if [[ -n "${BASH_REMATCH[1]}" ]]; then
echo "${BASH_REMATCH[1]}"
rm -f "${concourse_state_cookie_jar}" "${concourse_auth_cookie_jar}" >/dev/null 2>&1
exit 0
else
echo "Unable to extract bearer token from cookie jar file: ${concourse_auth_cookie_jar}" >&2
exit 1
fi
else
echo "No bearer token found in cookie jar: ${concourse_auth_cookie_jar}" >&2
exit 1
fi
@marcransome
Copy link
Author

This script can be used to retrieve the OAuth bearer token for a Concourse user login using the new authentication flow (tested with Concourse v7.9.1). It will print the bearer token value to the standard output stream and return a 0 exit code, or print one or more error messages to the standard error stream and return a non-zero exit code if an error condition is encountered.

Important

  • All three environment variables CONCOURSE_ENDPOINT, CONCOURSE_USERNAME, and CONCOURSE_PASSWORD are required for this script to function correctly, however the script will report any missing variables and exit with a non-zero exit code
  • This script does not attempt to update the ~/.flyrc configuration file, instead it prints the bearer token to the standard output stream and returns a 0 exit code on success

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment