tokget

tokget is a CLI tool that allows to get a user's access token and ID token by the OpenID Connect protocol.

Features

• authenticates a user without interaction between the browser and user;
• supports arbitrary structure of the login page;
• logs a user out by canceling an ID token.

Limitations

• doesn't expect the consent page after the login page.

Requirements

• Google Chrome 70 or higher.

Installing

From sources:

git clone https://github.com/i-core/tokget
cd tokget
go install ./...

From Docker:

docker pull icoreru/tokget:v1.1.0

Download binary:

curl -Lo /tmp/tokget_linux_amd64.tar.gz 'https://github.com/i-core/tokget/releases/download/v1.1.0/tokget_linux_amd64.tar.gz'
tar -xzf /tmp/tokget_linux_amd64.tar.gz -C /usr/local/bin

# In alpine linux (as it does not come with curl by default)
wget -P /tmp 'https://github.com/i-core/tokget/releases/download/v1.1.0/tokget_linux_amd64.tar.gz'
tar -xzf /tmp/tokget_linux_amd64.tar.gz -C /usr/local/bin

Usage

To authenticate a user tokget:

• opens the OpenID Connect Provider's login page in a Google Chrome,
• emulates input user's name and password,
• emulates clicking the login button,
• waits for successful authentication and return an access token and ID token.

Run tokget -h to see a list of available commands.

Login

In terminal:

tokget login -e https://openid-connect-provider -c <client's ID> -r <client's redirect URL> -s openid,profile,email -u username --pwd-std

Note Google Chrome must be in $PATH.

Via Docker:

docker run --name tokget --rm -it icoreru/tokget:v1.1.0 login -e https://openid-connect-provider -c <client ID> -r <client's redirect URL> -s openid,profile,email -u username -pwd-stdin

Note Image icoreru/tokget already contains Google Chrome so you don't need to run Google Chrome manually.

To find the username field, password field and login button tokget uses CSS selectors. If the username field, password field and the login button doesn't match to the default CSS selectors you can override this CSS selectors:

tokget --remote-chrome http://localhost:9222 login  \
        --username-field "#email"                   \
        --password-field "#pass"                    \
        --submit-button "#submit"                   \
        --error-message "#error"                    \
        -e https://openid-connect-provider          \
        -r <client's redirect URL>                  \
        -s openid,profile,email                     \
        -c client-id                                \
        -u username                                 \
        -p password

Note tokget searches elements on a page using function document.querySelector() so each your CSS selector should match to only one element.

Logout

In terminal:

tokget logout -e https://openid-connect-provider -t id_token

Via Docker:

docker run --name tokget --rm -it icoreru/tokget:v1.1.0 logout -e https://openid-connect-provider  -t id_token

Remote Google Chrome

By default tokget starts a new Google Chrome process. But you can use an existed Google Chrome process. This Google Chrome process should be run with enabled debugger, for example:

chrome --no-sandbox --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222

After that you should run tokget with option --remote-chrome:

tokget --remote-chrome http://localhost:9222 login -e https://openid-connect-provider -c client-id -u username -p password

Contributing

Thanks for your interest in contributing to this project. Get started with our Contributing Guide.

License

The code in this project is licensed under MIT license.