Skip to content

Instantly share code, notes, and snippets.

@mmd-osm

mmd-osm/oauth2.sh Secret

Created January 23, 2024 18:50
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mmd-osm/b61956bb4b92e9b37488189379b380c9 to your computer and use it in GitHub Desktop.
Save mmd-osm/b61956bb4b92e9b37488189379b380c9 to your computer and use it in GitHub Desktop.
Download ZIP
OAuth2 example as shell script
Raw
oauth2.sh
#!/bin/bash
# Register your own app under /oauth2/applications, use "urn:ietf:wg:oauth:2.0:oob" as redirect URL
CLIENT_ID="f4K_7SUtJluo94xj3hnN7NJ-U5ZtoOo87mpxuNKIxWs"
CLIENT_SECRET="pgnjYXX0jfSotaPavMswIhgEV3NQAQB1k8JqOd3y3bU"
DOMAIN="https://master.apis.dev.openstreetmap.org"
AUTHORIZATION_ENDPOINT=$(curl --silent $DOMAIN/.well-known/oauth-authorization-server | jq --raw-output '.authorization_endpoint')
TOKEN_ENDPOINT=$(curl --silent $DOMAIN/.well-known/oauth-authorization-server | jq --raw-output '.token_endpoint')
echo "Navigate to the following URL in your browser: " "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=read_prefs"
read -p "Authorize the request on osm.org, then copy and paste the Authorization code: " CODE
ACCESS_TOKEN=$(curl --silent -X POST -d "grant_type=authorization_code&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&code=$CODE&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob" "$TOKEN_ENDPOINT" | jq --raw-output '.access_token')
echo "Token: $ACCESS_TOKEN"
echo "Let's try to call some API endpoint:"
curl --silent -H "Authorization: Bearer $ACCESS_TOKEN" $DOMAIN/api/0.6/user/details.json
@mmd-osm
Copy link
Author

mmd-osm commented Jan 23, 2024
edited

A bit more context what this is good for: https://www.openstreetmap.org/user/pnorman/diary/401157#comment56495

Line 9 includes the relevant scopes: "scope=read_prefs" - be sure to double check what scopes are needed for your use case and adjust that line as needed.

Script uses some ideas from https://pydio.com/en/docs/developer-guide/using-curl

@pnorman
Copy link

pnorman commented Jan 23, 2024

Could the curl --oauth2-bearer option be used here?

@mmd-osm
Copy link
Author

mmd-osm commented Jan 24, 2024

Yes, that's probably an option for line 14, although I haven't tested it. I tried to avoid parameters that people might not be familiar with, to make it a bit more explicit what is going on in each step.

By the way, lines 7 + 8 could be hardcoded as well, without going through the discovery based on .well-known/oauth-authorization-server. Since we're supporting RFC 8414, and the curl script from pydio already included it, I simply adjusted it to make it work on osm.org.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment