/
get-access-token.sh
executable file
·52 lines (42 loc) · 1.26 KB
/
get-access-token.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
set -e
if [[ -n "${VERBOSE}" ]]; then
set -x
fi
IAM_CLIENT_ID=${IAM_CLIENT_ID:-iam-client}
IAM_CLIENT_SECRET=${IAM_CLIENT_SECRET}
IAM_TOKEN_ENDPOINT=${IAM_TOKEN_ENDPOINT:-https://iam.local.io/token}
IAM_CLIENT_SCOPES=${IAM_CLIENT_SCOPES:-"openid profile email offline_access"}
IAM_CLIENT_AUDIENCE=${IAM_CLIENT_AUDIENCE:-""}
if [[ -z "${IAM_CLIENT_SECRET}" ]]; then
echo "Please provide a client secret setting the IAM_CLIENT_SECRET env variable."
exit 1;
fi
if [[ -z ${IAM_USER} ]]; then
read -p "Username: " IAM_USER
fi
if [[ -z ${IAM_PASSWORD} ]]; then
echo -ne "Password:"
read -s IAM_PASSWORD
echo
fi
if [ -z "${IAM_CLIENT_AUDIENCE}" ]; then
curl -s -L \
-d client_id=${IAM_CLIENT_ID} \
-d client_secret=${IAM_CLIENT_SECRET} \
-d grant_type=password \
-d username=${IAM_USER} \
-d password=${IAM_PASSWORD} \
-d scope="${IAM_CLIENT_SCOPES}" \
${IAM_TOKEN_ENDPOINT} | tee /tmp/response | jq .
else
curl -s -L \
-d client_id=${IAM_CLIENT_ID} \
-d client_secret=${IAM_CLIENT_SECRET} \
-d grant_type=password \
-d username=${IAM_USER} \
-d password=${IAM_PASSWORD} \
-d scope="${IAM_CLIENT_SCOPES}" \
-d audience="${IAM_CLIENT_AUDIENCE}" \
${IAM_TOKEN_ENDPOINT} | tee /tmp/response | jq .
fi