smashism/unmanage-devices-modern-auth.sh

## unmanage-devices-modern-auth.sh
#!/bin/bash

##########
#       title:  unmanage-devices-modern-auth.sh
#      author:  dr. k | @smashism on github
#        date:  2024-03-28
#        note:  include jssIDs where specified, other server/cred details will
#               prompt when run via terminal.app
#  disclaimer:  provided as-is with no warranty (express or implied). please test!
#
##########

deviceIDs=(
    # put jssIDs here for mobile devices to remove
    # ex. 12345678

)
# established server and credential information
read -p "Enter Jamf Pro server (e.g., https://server.jamfcloud.com): " jamfProURL
read -p "Enter Jamf Pro username: " jssUser
read -s -p "Enter password for $jssUser: " jssPassword

# request auth token
authToken=$( /usr/bin/curl \
--request POST \
--silent \
--url "$jamfProURL""/api/v1/auth/token" \
--user "$jssUser":"$jssPassword" )

# parse auth token
token=$( /usr/bin/plutil \
-extract token raw - <<< "$authToken" )

tokenExpiration=$( /usr/bin/plutil \
-extract expires raw - <<< "$authToken" )

localTokenExpirationEpoch=$( TZ=GMT /bin/date -j \
-f "%Y-%m-%dT%T" "$tokenExpiration" \
+"%s" 2> /dev/null )

echo "Token information: "
echo Token: "$token"
echo Expiration: "$tokenExpiration"
echo Expiration epoch: "$localTokenExpirationEpoch"

# cleanup, cleanup, come on it's cleanup time
echo "Running cleanup.."
for id in "${deviceIDs[@]}"; do
    /usr/bin/curl -H "Authorization: Bearer $token" -X PUT -H "content-type: text/xml" "$jamfProURL""/JSSResource/mobiledevices/id/{$id}" -d "<mobile_device><general><managed>false</managed></general></mobile_device>"
done

sleep 10

# expire auth token
Echo "Expiring token $token..."

/usr/bin/curl \
--header "Authorization: Bearer $token" \
--request POST \
--silent \
--url "$jamfProURL""/api/v1/auth/invalidate-token"

echo "All done! See you next month."
exit 0
	#!/bin/bash

	##########
	# title: unmanage-devices-modern-auth.sh
	# author: dr. k \| @smashism on github
	# date: 2024-03-28
	# note: include jssIDs where specified, other server/cred details will
	# prompt when run via terminal.app
	# disclaimer: provided as-is with no warranty (express or implied). please test!
	#
	##########

	deviceIDs=(
	# put jssIDs here for mobile devices to remove
	# ex. 12345678

	)
	# established server and credential information
	read -p "Enter Jamf Pro server (e.g., https://server.jamfcloud.com): " jamfProURL
	read -p "Enter Jamf Pro username: " jssUser
	read -s -p "Enter password for $jssUser: " jssPassword

	# request auth token
	authToken=$( /usr/bin/curl \
	--request POST \
	--silent \
	--url "$jamfProURL""/api/v1/auth/token" \
	--user "$jssUser":"$jssPassword" )

	# parse auth token
	token=$( /usr/bin/plutil \
	-extract token raw - <<< "$authToken" )

	tokenExpiration=$( /usr/bin/plutil \
	-extract expires raw - <<< "$authToken" )

	localTokenExpirationEpoch=$( TZ=GMT /bin/date -j \
	-f "%Y-%m-%dT%T" "$tokenExpiration" \
	+"%s" 2> /dev/null )

	echo "Token information: "
	echo Token: "$token"
	echo Expiration: "$tokenExpiration"
	echo Expiration epoch: "$localTokenExpirationEpoch"

	# cleanup, cleanup, come on it's cleanup time
	echo "Running cleanup.."
	for id in "${deviceIDs[@]}"; do
	/usr/bin/curl -H "Authorization: Bearer $token" -X PUT -H "content-type: text/xml" "$jamfProURL""/JSSResource/mobiledevices/id/{$id}" -d "<mobile_device><general><managed>false</managed></general></mobile_device>"
	done

	sleep 10

	# expire auth token
	Echo "Expiring token $token..."

	/usr/bin/curl \
	--header "Authorization: Bearer $token" \
	--request POST \
	--silent \
	--url "$jamfProURL""/api/v1/auth/invalidate-token"

	echo "All done! See you next month."
	exit 0