CODEWITHSUNDEEP
openshift
Sachin
Sachin

Reputation: 23

Curl to Openshift console to get access token

I am trying to retrieve user access token for openshift login. The way I want to achieve is through curl command where user provides his username and password and in response will get the token. I cannot use openshift python client and it has to be a GET/POST call only.

Upvotes: 2

Views: 9547

Answers (3)

Chai Ang
Chai Ang

Reputation: 481

Slight variation to the above cos of the different setup here at my work. Here you request for a token. The you need to resubmit using values from the response to get the actual token

https_proxy="" curl -c cookies.txt -L -k https://your-username:[email protected]/oauth/token/request

The response looks like

<form method="post" action="/oauth/token/display">
    <input type="hidden" name="code" value="sha256~xUDaFhNEpLOgP-AzODOkx_fG0v4zWqB7qYz30_S2LXg">
    <input type="hidden" name="csrf" value="3FIksXYjEHSlWQR6MzOo3JliYgD9KTnYwPTgWTUJ6PA">
    <button type="submit">
      Display Token
    </button>
  </form>

I've been manually cut and pasting the values from the response to send a follow up request.

Then a second request to get the access token

https_proxy="" curl -b cookies.txt -k -X POST https://oauth-openshift.your-host/oauth/token/display -d "code=sha256~xUDaFhNEpLOgP-AzODOkx_fG0v4zWqB7qYz30_S2LXg" -d "csrf=3FIksXYjEHSlWQR6MzOo3JliYgD9KTnYwPTgWTUJ6PA"

The response looks something like this.

<h2>Your API token is</h2>
    <code>sha256~XGO9VKo91RlBqLSyaNlJ22WehUWkAc6reRFq0wp2h3M</code>

We can then use this token to log in.

oc login --token=sha256~XGO9VKo91RlBqLSyaNlJ22WehUWkAc6reRFq0wp2h3M --server=https://your-endpoint

My struggle was not using the cookies in the first place.

That's it. :-)

Upvotes: 0

Patrick Tang
Patrick Tang

Reputation: 41

I'm from Red Hat. This is an old question but the question is still valid today. Here is how to use curl to get access token.

  1. find oauth route, usually it is like "oauth-openshift.apps.."

    oc get route -n openshift-authentication

  2. curl the found oauth route to retrieve the access token for example if you find: "oauth-openshift.apps.ocp4.example.com"

    curl -u admin -kv 'https://oauth-openshift.apps.ocp4.example.com/oauth/authorize?client_id=openshift-challenging-client&response_type=token'

You will be prompted to enter password.

  1. in response you can find "access_token".

Hope that would help.

Upvotes: 4

Sounak Saha
Sounak Saha

Reputation: 933

You need to do the below steps

  1. Export/Get the token from the curl command

export TOKEN=$(curl -u user1:test@123 -kI 'https://myose01:8443/oauth/authorize?clientid=openshift-challenging-client&response_type=token' | grep -oP "access_token=\K[^&]*")

  1. Export/Set your endpoint

export ENDPOINT=myose01:8443

  1. Test any of open shift rest call with above two variables

Test sample:-

curl -k \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    https://$ENDPOINT/oapi/v1/projects

Upvotes: 3

Related Questions