mik-laj/oauth-google.sh

## oauth-google.sh
#!/usr/bin/env bash

secret=$(cat g_firebase.json | jq .private_key -r)
token_expiration=3600

# Static header fields.
header='{
	"typ": "JWT",
	"alg": "RS256",
	"kid": "4f5fb174ca131353190d0662ec7c832b7e6184f5"
}'

payload='{
	"iss": "firebase-adminsdk-tmvtr@polidea-airflow-firestore.iam.gserviceaccount.com",
	"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute",
	"aud": "https://oauth2.googleapis.com/token"
}'

payload=$(
	echo "${payload}" | jq --arg time_str "$(date +%s)" --arg expiration_str "${token_expiration}" \
	'
	.
	| ($time_str | tonumber) as $time_num
	| ($expiration_str | tonumber) as $expiration_num
	| .iat=$time_num
	| .exp=($time_num + $expiration_num)
	'
)

sha256_sign_base64()
{
	declare input=${1:-$(</dev/stdin)}
	printf '%s' "${input}" | openssl dgst -binary -sha256 -sign <(cat g_firebase.json | jq .private_key -r) | openssl base64
}

header_base64=$(echo "${header}" | base64)
payload_base64=$(echo "${payload}" | openssl base64)
header_payload=$(echo "${header_base64}.${payload_base64}")
signature=$(echo "${header_payload}" | sha256_sign_base64 )
jwt_token="${header_payload}.${signature}"

curl -sS -X POST -F 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' --form-string "assertion=${jwt_token}" https://oauth2.googleapis.com/token | jq -r .access_token

# curl "https://oauth2.googleapis.com/tokeninfo"
# https://openidconnect.googleapis.com/v1/userinfo
	#!/usr/bin/env bash

	secret=$(cat g_firebase.json \| jq .private_key -r)
	token_expiration=3600

	# Static header fields.
	header='{
	"typ": "JWT",
	"alg": "RS256",
	"kid": "4f5fb174ca131353190d0662ec7c832b7e6184f5"
	}'

	payload='{
	"iss": "firebase-adminsdk-tmvtr@polidea-airflow-firestore.iam.gserviceaccount.com",
	"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute",
	"aud": "https://oauth2.googleapis.com/token"
	}'

	payload=$(
	echo "${payload}" \| jq --arg time_str "$(date +%s)" --arg expiration_str "${token_expiration}" \
	'
	.
	\| ($time_str \| tonumber) as $time_num
	\| ($expiration_str \| tonumber) as $expiration_num
	\| .iat=$time_num
	\| .exp=($time_num + $expiration_num)
	'
	)

	sha256_sign_base64()
	{
	declare input=${1:-$(</dev/stdin)}
	printf '%s' "${input}" \| openssl dgst -binary -sha256 -sign <(cat g_firebase.json \| jq .private_key -r) \| openssl base64
	}

	header_base64=$(echo "${header}" \| base64)
	payload_base64=$(echo "${payload}" \| openssl base64)
	header_payload=$(echo "${header_base64}.${payload_base64}")
	signature=$(echo "${header_payload}" \| sha256_sign_base64 )
	jwt_token="${header_payload}.${signature}"

	curl -sS -X POST -F 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' --form-string "assertion=${jwt_token}" https://oauth2.googleapis.com/token \| jq -r .access_token

	# curl "https://oauth2.googleapis.com/tokeninfo"
	# https://openidconnect.googleapis.com/v1/userinfo