2022-07-07 17:06:51 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
function error_handler() {
|
|
|
|
>&2 echo "Exited with BAD EXIT CODE '${2}' in ${0} script at line: ${1}."
|
|
|
|
exit "$2"
|
|
|
|
}
|
|
|
|
trap 'error_handler ${LINENO} $?' ERR
|
|
|
|
set -o errtrace -o errexit -o nounset -o pipefail
|
|
|
|
|
2022-07-07 17:55:23 +00:00
|
|
|
# originally from https://medium.com/keycloak/keycloak-jwt-token-using-curl-post-72c9e791ba8c
|
2022-07-08 15:15:11 +00:00
|
|
|
# btw, meta config endpoint: http://localhost:7002/realms/spiffworkflow/.well-known/openid-configuration
|
2022-07-07 17:55:23 +00:00
|
|
|
|
2022-07-07 17:06:51 +00:00
|
|
|
HOSTNAME=localhost:7002
|
|
|
|
REALM_NAME=spiffworkflow
|
|
|
|
USERNAME=${1-ciuser1}
|
|
|
|
PASSWORD=${2-ciuser1}
|
2022-07-08 16:35:35 +00:00
|
|
|
# CLIENT_ID=spiffworkflow-frontend
|
|
|
|
CLIENT_ID=spiffworkflow-backend
|
|
|
|
CLIENT_SECRET="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" # noqa: S105
|
2022-07-07 17:06:51 +00:00
|
|
|
SECURE=false
|
|
|
|
|
|
|
|
KEYCLOAK_URL=http://$HOSTNAME/realms/$REALM_NAME/protocol/openid-connect/token
|
|
|
|
|
|
|
|
echo "Using Keycloak: $KEYCLOAK_URL"
|
|
|
|
echo "realm: $REALM_NAME"
|
|
|
|
echo "client-id: $CLIENT_ID"
|
|
|
|
echo "username: $USERNAME"
|
|
|
|
echo "password: $PASSWORD"
|
|
|
|
echo "secure: $SECURE"
|
|
|
|
|
|
|
|
|
|
|
|
if [[ $SECURE = 'y' ]]; then
|
|
|
|
INSECURE=
|
|
|
|
else
|
|
|
|
INSECURE=--insecure
|
|
|
|
fi
|
|
|
|
|
|
|
|
result=$(curl -s -X POST "$KEYCLOAK_URL" "$INSECURE" \
|
|
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
|
|
-d "username=$USERNAME" \
|
|
|
|
-d "password=$PASSWORD" \
|
|
|
|
-d 'grant_type=password' \
|
2022-07-08 16:35:35 +00:00
|
|
|
-d "client_id=$CLIENT_ID" \
|
|
|
|
-d "client_secret=$CLIENT_SECRET" \
|
|
|
|
)
|
2022-07-07 17:06:51 +00:00
|
|
|
|
2022-07-07 17:08:55 +00:00
|
|
|
token=$(jq -r '.access_token' <<< "$result")
|
2022-07-07 17:06:51 +00:00
|
|
|
|
2022-07-07 17:08:55 +00:00
|
|
|
if [[ "$token" != 'null' ]]; then
|
|
|
|
echo "token: $token"
|
2022-07-08 15:15:11 +00:00
|
|
|
echo "getting user info"
|
2022-07-08 16:35:35 +00:00
|
|
|
# curl -s "http://localhost:7002/realms/spiffworkflow/protocol/openid-connect/userinfo" -H "Authorization: Bearer $token"
|
|
|
|
curl -s "http://localhost:7002/realms/spiffworkflow/authz/protection/resource_set?matchingUri=true&deep=true&max=-1&exactName=false&uri=%2Fprocess-models%2Fcategory_number_one%2Fprocess-model-with-repeating-form" -H "Authorization: Bearer $token" | jq .
|
|
|
|
|
|
|
|
# -H "Authorization: Basic $basic_auth" \
|
|
|
|
basic_auth=$(echo -n "${CLIENT_ID}:${CLIENT_SECRET}" | base64 -w0)
|
|
|
|
# -H "Authorization: Bearer $token" \
|
|
|
|
curl -s -X POST "$KEYCLOAK_URL" "$INSECURE" \
|
|
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
|
|
-H "Authorization: Basic $basic_auth" \
|
|
|
|
-d "audience=${CLIENT_ID}" \
|
|
|
|
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
|
|
|
|
-d "permission=e294304c-796e-4c56-bdf2-8c854f65db59" \
|
|
|
|
-d "subject_token=${token}" \
|
|
|
|
| jq .
|
|
|
|
else
|
|
|
|
echo "Failed auth result: $result"
|
2022-07-07 17:06:51 +00:00
|
|
|
fi
|