forked from strimzi/strimzi-kafka-oauth
-
Notifications
You must be signed in to change notification settings - Fork 3
/
oauth.sh
121 lines (107 loc) · 3.54 KB
/
oauth.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/bash
usage() {
echo "Usage: $0 [USERNAME] [PASSWORD] [ARGUMENTS] ..."
echo
echo "$0 is a tool for obtaining an access token or a refresh token for the user or the client."
echo
echo " USERNAME The username for user authentication"
echo " PASSWORD The password for user authentication (prompted for if not specified)"
echo
echo " If USERNAME and PASSWORD are not specified, client credentials as specified by --client-id and --secret will be used for authentication."
echo
echo " ARGUMENTS:"
echo " --quiet, -q No informational outputs"
echo " --insecure Allow http:// in token endpoint url"
echo " --access Return access_token rather than refresh_token"
echo " --endpoint TOKEN_ENDPOINT_URL Authorization server token endpoint"
echo " --client-id CLIENT_ID Client id for client authentication - must be configured on authorization server"
echo " --secret CLIENT_SECRET Secret to authenticate the client"
echo " --scopes SCOPES Space separated list of scopes to request - default value: offline_access"
}
CLAIM=refresh_token
GRANT_TYPE=password
DEFAULT_SCOPES=offline_access
while [ $# -gt 0 ]
do
case "$1" in
"-q" | "--quiet")
QUIET=1
;;
--endpoint)
shift
TOKEN_ENDPOINT="$1"
;;
--insecure)
INSECURE=1
;;
--access)
CLAIM=access_token
DEFAULT_SCOPES=""
;;
--client-id)
shift
CLIENT_ID="$1"
;;
--secret)
shift
CLIENT_SECRET="$1"
;;
--scopes)
shift
SCOPES="$1"
;;
--help)
usage
exit 1
;;
*)
if [ "$UNAME" == "" ]; then
UNAME="$1"
elif [ "$PASS" == "" ]; then
PASS="$1"
else
>&2 echo "Unexpected argument!"
exit 1
fi
;;
esac
shift
done
if [ "$TOKEN_ENDPOINT" == "" ]; then
>&2 echo "ENV variable TOKEN_ENDPOINT not set."
exit 1
fi
if [ "$UNAME" != "" ] && [ "$PASS" == "" ]; then
>&2 read -s -p "Password: " PASS
>&2 echo
fi
if [ "$UNAME" == "" ] && [ "$CLIENT_ID" == "" ]; then
echo "USERNAME not specified. Use --client-id and --secret to authenticate with client credentials."
exit 1
fi
if [ "$CLIENT_ID" == "" ]; then
[ "$QUIET" == "" ] && >&2 echo "ENV var CLIENT_ID not set. Using default value: kafka-cli"
CLIENT_ID=kafka-cli
fi
if [ "$UNAME" == "" ]; then
GRANT_TYPE=client_credentials
else
USER_PASS_CLIENT="&username=${UNAME}&password=${PASS}&client_id=${CLIENT_ID}"
fi
if [ "$SCOPES" == "" ] && [ DEFAULT_SCOPES != "" ]; then
[ "$QUIET" == "" ] && >&2 echo "ENV var SCOPES not set. Using default value: ${DEFAULT_SCOPES}"
SCOPES="${DEFAULT_SCOPES}"
fi
if [ "$CLIENT_SECRET" != "" ]; then
AUTH_VALUE=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64)
AUTHORIZATION="-H 'Authorization: Basic ""$AUTH_VALUE'"
fi
[ "$QUIET" == "" ] && >&2 echo curl -s -X POST $TOKEN_ENDPOINT \
$AUTHORIZATION \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=${GRANT_TYPE}${USER_PASS_CLIENT}&scope=${SCOPES}"
result=$(curl -s -X POST $TOKEN_ENDPOINT \
$AUTHORIZATION \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=${GRANT_TYPE}${USER_PASS_CLIENT}&scope=${SCOPES}")
echo $result | awk -F "$CLAIM\":\"" '{printf $2}' | awk -F "\"" '{printf $1}'