Created
May 21, 2024 17:05
-
-
Save rtrouton/a32eed58f2407f77af3daab0422f64e3 to your computer and use it in GitHub Desktop.
Script which access the Jamf Pro API and uses provided API client authentication to obtain and verify bearer tokens
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# If you choose to hardcode API information into the script, set one or more of the following values: | |
# | |
# The Jamf Pro URL | |
# An API client ID on the Jamf Pro server with sufficient API privileges | |
# The API client secret for the API client ID | |
# Set the Jamf Pro URL here if you want it hardcoded. | |
jamfpro_url="" | |
# Set the Jamf Pro API Client ID here if you want it hardcoded. | |
jamfpro_api_client_id="" | |
# Set the Jamf Pro API Client Secret here if you want it hardcoded. | |
jamfpro_api_client_secret="" | |
# If you do not want to hardcode API information into the script, you can also store | |
# these values in a ~/Library/Preferences/com.github.jamfpro-info.plist file. | |
# | |
# To create the file and set the values, run the following commands and substitute | |
# your own values where appropriate: | |
# | |
# To store the Jamf Pro URL in the plist file: | |
# defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here | |
# | |
# To store the Jamf Pro API Client ID in the plist file: | |
# defaults write com.github.jamfpro-info jamfpro_api_client_id api_client_id_information_goes_here | |
# | |
# To store the Jamf Pro API Client Secret in the plist file: | |
# defaults write com.github.jamfpro-info jamfpro_api_client_secret api_client_secret_information_goes_here | |
# | |
# If the com.github.jamfpro-info.plist file is available, the script will read in the | |
# relevant information from the plist file. | |
if [[ -f "$HOME/Library/Preferences/com.github.jamfpro-info.plist" ]]; then | |
if [[ -z "$jamfpro_url" ]]; then | |
jamfpro_url=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_url) | |
fi | |
if [[ -z "$jamfpro_api_client_id" ]]; then | |
jamfpro_api_client_id=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_api_client_id) | |
fi | |
if [[ -z "$jamfpro_api_client_secret" ]]; then | |
jamfpro_api_client_secret=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_api_client_secret) | |
fi | |
fi | |
# If the Jamf Pro URL, the API Client ID or the API Client Secret aren't available | |
# otherwise, you will be prompted to enter the requested URL or API client credentials. | |
if [[ -z "$jamfpro_url" ]]; then | |
read -p "Please enter your Jamf Pro server URL : " jamfpro_url | |
fi | |
if [[ -z "$jamfpro_api_client_id" ]]; then | |
read -p "Please enter your Jamf Pro API client ID : " jamfpro_api_client_id | |
fi | |
if [[ -z "$jamfpro_api_client_secret" ]]; then | |
read -p "Please enter the API client secret for the $jamfpro_api_client_id API ID client: " -s jamfpro_api_client_secret | |
fi | |
echo "" | |
# Remove the trailing slash from the Jamf Pro URL if needed. | |
jamfpro_url=${jamfpro_url%%/} | |
GetJamfProAPIToken() { | |
# This function uses the API client ID and client ID secret to get a new bearer token for API authentication. | |
if [[ $(/usr/bin/sw_vers -productVersion | awk -F . '{print $1}') -lt 12 ]]; then | |
api_token=$(/usr/bin/curl -s -X POST "$jamfpro_url/api/oauth/token" --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode client_id="$jamfpro_api_client_id" --data-urlencode 'grant_type=client_credentials' --data-urlencode client_secret="$jamfpro_api_client_secret" | python -c 'import sys, json; print json.load(sys.stdin)["access_token"]') | |
else | |
api_token=$(/usr/bin/curl -s -X POST "$jamfpro_url/api/oauth/token" --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode client_id="$jamfpro_api_client_id" --data-urlencode 'grant_type=client_credentials' --data-urlencode client_secret="$jamfpro_api_client_secret" | plutil -extract access_token raw -) | |
fi | |
} | |
APITokenValidCheck() { | |
# Verify that API authentication is using a valid token by running an API command | |
# which displays the authorization details associated with the current API user. | |
# The API call will only return the HTTP status code. | |
api_authentication_check=$(/usr/bin/curl --write-out %{http_code} --silent --output /dev/null "${jamfpro_url}/api/v1/auth" --request GET --header "Authorization: Bearer ${api_token}") | |
} | |
GetJamfProAPIToken | |
APITokenValidCheck | |
echo "$api_authentication_check" | |
echo "$api_token" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment