on macOS extract a firebase user accessToken from your active Chrome session. Demoing with partiful.com

extract_firebase_access_token.sh

function partifulToken() {
  
  # some overly terse JS that extracts the Firebase access token from indexedDB and assigns it to `window.__FB_KEY`
  local SOME_JS="indexedDB.open('firebaseLocalStorageDb').onsuccess=event=>(((event.target.result.transaction('firebaseLocalStorage','readonly').objectStore('firebaseLocalStorage').getAll().onsuccess=e=>console.log('FIREBASE_TOKEN:',window.__FB_KEY=e.target.result[0].value.stsTokenManager.accessToken)),null))";

  echo "Getting partiful firebase token..." >&2

  # This requires that automation access is enabled on Chrome
  # It first finds an active partiful.com tab and runs the JS there.
  # NOTE: Right now this only checks that tabs in the FIRST window. Should be improved to check all windows/tabs.
  osascript -l JavaScript -e "const chrome = Application('Google Chrome');" \
    -e "const tabs = chrome.windows[0].tabs();" \
    -e "const partifulTab = tabs.find(tab => /^https:\\/\\/partiful\\.com/.test(tab.url()));" \
    -e "if (partifulTab) { partifulTab.execute({javascript: \`$SOME_JS\`}); partifulTab.execute({javascript: \`window.__FB_KEY\`}); } else { console.log('No matching tab found.'); }" | tr -d '\n'
  # Fix: the above runs the JS snippet to set the value, then runs JS again to return it. Hopefully fetching it succeeded in the mean time.
}

# example usage for what to do with this token:
# curl 'https://us-central1-getpartiful.cloudfunctions.net/getGuestsV2' \
# -H "authorization: Bearer $(partifulToken)" \
# -H 'content-type: application/json' \
#  --data-raw '{"data":{"params":{"eventId":"SOME_EVENT_ID"},"paging":{"cursor":null,"maxResults":500}}}' | jq