spiffworkflow-backend/bin/get_token

#!/usr/bin/env bash

function error_handler() {
  >&2 echo "Exited with BAD EXIT CODE '${2}' in ${0} script at line: ${1}."
  exit "$2"
}
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail

# originally from https://medium.com/keycloak/keycloak-jwt-token-using-curl-post-72c9e791ba8c
# btw, meta config endpoint: http://localhost:7002/realms/spiffworkflow/.well-known/openid-configuration

HOSTNAME=localhost:7002
REALM_NAME=spiffworkflow
USERNAME=${1-ciuser1}
PASSWORD=${2-ciuser1}
# CLIENT_ID=spiffworkflow-frontend
CLIENT_ID=spiffworkflow-backend
CLIENT_SECRET="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"  # noqa: S105
SECURE=false

KEYCLOAK_URL=http://$HOSTNAME/realms/$REALM_NAME/protocol/openid-connect/token

echo "Using Keycloak: $KEYCLOAK_URL"
echo "realm: $REALM_NAME"
echo "client-id: $CLIENT_ID"
echo "username: $USERNAME"
echo "password: $PASSWORD"
echo "secure: $SECURE"


if [[ $SECURE = 'y' ]]; then
	INSECURE=
else
	INSECURE=--insecure
fi

result=$(curl -s -X POST "$KEYCLOAK_URL" "$INSECURE" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d "username=$USERNAME" \
 -d "password=$PASSWORD" \
 -d 'grant_type=password' \
 -d "client_id=$CLIENT_ID" \
 -d "client_secret=$CLIENT_SECRET" \
)

token=$(jq -r '.access_token' <<< "$result")

if [[ "$token" != 'null' ]]; then
  echo "token: $token"
  echo "getting user info"
  # curl -s "http://localhost:7002/realms/spiffworkflow/protocol/openid-connect/userinfo" -H "Authorization: Bearer $token"
  resource_result=$(curl -s "http://localhost:7002/realms/spiffworkflow/authz/protection/resource_set?matchingUri=true&deep=true&max=-1&exactName=false&uri=%2Fprocess-models%2Fcategory_number_one%2Fprocess-model-with-repeating-form" -H "Authorization: Bearer $token")


  # # -H "Authorization: Basic $basic_auth" \
  # basic_auth=$(echo -n "${CLIENT_ID}:${CLIENT_SECRET}" | base64 -w0)
  # # -H "Authorization: Bearer $token" \
  # curl -s -X POST "$KEYCLOAK_URL" "$INSECURE" \
  #   -H "Content-Type: application/x-www-form-urlencoded" \
  #   -H "Authorization: Basic $basic_auth" \
  #   -d "audience=${CLIENT_ID}" \
  #   --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
  #   -d "permission=e294304c-796e-4c56-bdf2-8c854f65db59" \
  #   -d "subject_token=${token}" \
  #   | jq .
  else
    echo "Failed auth result: $result"
fi
get_token script 2022-07-07 17:06:51 +00:00			`#!/usr/bin/env bash`

			`function error_handler() {`
			`>&2 echo "Exited with BAD EXIT CODE '${2}' in ${0} script at line: ${1}."`
			`exit "$2"`
			`}`
			`trap 'error_handler ${LINENO} $?' ERR`
			`set -o errtrace -o errexit -o nounset -o pipefail`

credit 2022-07-07 17:55:23 +00:00			`# originally from https://medium.com/keycloak/keycloak-jwt-token-using-curl-post-72c9e791ba8c`
document getting user info with token 2022-07-08 15:15:11 +00:00			`# btw, meta config endpoint: http://localhost:7002/realms/spiffworkflow/.well-known/openid-configuration`
credit 2022-07-07 17:55:23 +00:00
get_token script 2022-07-07 17:06:51 +00:00			`HOSTNAME=localhost:7002`
			`REALM_NAME=spiffworkflow`
			`USERNAME=${1-ciuser1}`
			`PASSWORD=${2-ciuser1}`
updated realm and get token kinda works now w/ burnettk 2022-07-08 16:35:35 +00:00			`# CLIENT_ID=spiffworkflow-frontend`
			`CLIENT_ID=spiffworkflow-backend`
			`CLIENT_SECRET="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" # noqa: S105`
get_token script 2022-07-07 17:06:51 +00:00			`SECURE=false`

			`KEYCLOAK_URL=http://$HOSTNAME/realms/$REALM_NAME/protocol/openid-connect/token`

			`echo "Using Keycloak: $KEYCLOAK_URL"`
			`echo "realm: $REALM_NAME"`
			`echo "client-id: $CLIENT_ID"`
			`echo "username: $USERNAME"`
			`echo "password: $PASSWORD"`
			`echo "secure: $SECURE"`


			`if [[ $SECURE = 'y' ]]; then`
			`INSECURE=`
			`else`
			`INSECURE=--insecure`
			`fi`

			`result=$(curl -s -X POST "$KEYCLOAK_URL" "$INSECURE" \`
			`-H "Content-Type: application/x-www-form-urlencoded" \`
			`-d "username=$USERNAME" \`
			`-d "password=$PASSWORD" \`
			`-d 'grant_type=password' \`
updated realm and get token kinda works now w/ burnettk 2022-07-08 16:35:35 +00:00			`-d "client_id=$CLIENT_ID" \`
			`-d "client_secret=$CLIENT_SECRET" \`
			`)`
get_token script 2022-07-07 17:06:51 +00:00
improve script 2022-07-07 17:08:55 +00:00			`token=$(jq -r '.access_token' <<< "$result")`
get_token script 2022-07-07 17:06:51 +00:00
improve script 2022-07-07 17:08:55 +00:00			`if [[ "$token" != 'null' ]]; then`
			`echo "token: $token"`
document getting user info with token 2022-07-08 15:15:11 +00:00			`echo "getting user info"`
updated realm and get token kinda works now w/ burnettk 2022-07-08 16:35:35 +00:00			`# curl -s "http://localhost:7002/realms/spiffworkflow/protocol/openid-connect/userinfo" -H "Authorization: Bearer $token"`
log the gunicorn access logs as json to stdout as well w/ burnettk 2022-07-08 19:24:51 +00:00			`resource_result=$(curl -s "http://localhost:7002/realms/spiffworkflow/authz/protection/resource_set?matchingUri=true&deep=true&max=-1&exactName=false&uri=%2Fprocess-models%2Fcategory_number_one%2Fprocess-model-with-repeating-form" -H "Authorization: Bearer $token")`
updated realm and get token kinda works now w/ burnettk 2022-07-08 16:35:35 +00:00
log the gunicorn access logs as json to stdout as well w/ burnettk 2022-07-08 19:24:51 +00:00

			`# # -H "Authorization: Basic $basic_auth" \`
			`# basic_auth=$(echo -n "${CLIENT_ID}:${CLIENT_SECRET}" \| base64 -w0)`
			`# # -H "Authorization: Bearer $token" \`
			`# curl -s -X POST "$KEYCLOAK_URL" "$INSECURE" \`
			`# -H "Content-Type: application/x-www-form-urlencoded" \`
			`# -H "Authorization: Basic $basic_auth" \`
			`# -d "audience=${CLIENT_ID}" \`
			`# --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \`
			`# -d "permission=e294304c-796e-4c56-bdf2-8c854f65db59" \`
			`# -d "subject_token=${token}" \`
			`# \| jq .`
updated realm and get token kinda works now w/ burnettk 2022-07-08 16:35:35 +00:00			`else`
			`echo "Failed auth result: $result"`
get_token script 2022-07-07 17:06:51 +00:00			`fi`