Skip to content

Instantly share code, notes, and snippets.

@mik-laj
Created April 5, 2020 12:26
Show Gist options
  • Save mik-laj/9f150135d145dd0ae88181a9a73a8893 to your computer and use it in GitHub Desktop.
Save mik-laj/9f150135d145dd0ae88181a9a73a8893 to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash
secret=$(cat g_firebase.json | jq .private_key -r)
token_expiration=3600
# Static header fields.
header='{
"typ": "JWT",
"alg": "RS256",
"kid": "4f5fb174ca131353190d0662ec7c832b7e6184f5"
}'
payload='{
"iss": "firebase-adminsdk-tmvtr@polidea-airflow-firestore.iam.gserviceaccount.com",
"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute",
"aud": "https://oauth2.googleapis.com/token"
}'
payload=$(
echo "${payload}" | jq --arg time_str "$(date +%s)" --arg expiration_str "${token_expiration}" \
'
.
| ($time_str | tonumber) as $time_num
| ($expiration_str | tonumber) as $expiration_num
| .iat=$time_num
| .exp=($time_num + $expiration_num)
'
)
sha256_sign_base64()
{
declare input=${1:-$(</dev/stdin)}
printf '%s' "${input}" | openssl dgst -binary -sha256 -sign <(cat g_firebase.json | jq .private_key -r) | openssl base64
}
header_base64=$(echo "${header}" | base64)
payload_base64=$(echo "${payload}" | openssl base64)
header_payload=$(echo "${header_base64}.${payload_base64}")
signature=$(echo "${header_payload}" | sha256_sign_base64 )
jwt_token="${header_payload}.${signature}"
curl -sS -X POST -F 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' --form-string "assertion=${jwt_token}" https://oauth2.googleapis.com/token | jq -r .access_token
# curl "https://oauth2.googleapis.com/tokeninfo"
# https://openidconnect.googleapis.com/v1/userinfo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment