Mercurial > prosody-modules
annotate mod_rest/example/rest.sh @ 5512:1fbc8718bed6
mod_http_oauth2: Bind refresh tokens to client
Prevent one OAuth client from using the refresh tokens issued to another
client as required by RFC 6819 section 5.2.2.2
See also draft-ietf-oauth-security-topics-22 section 2.2.2
Thanks to OAuch for pointing out this issue
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 02 Jun 2023 10:40:48 +0200 |
parents | 1c52efb6fd42 |
children | b3484a112300 |
rev | line source |
---|---|
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 #!/bin/bash -eu |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 # Copyright (c) Kim Alvefur |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # This file is MIT/X11 licensed. |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
5329
107d60c70c1a
mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
6 # Dependencies: |
107d60c70c1a
mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
7 # - https://httpie.io/ |
107d60c70c1a
mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
8 # - https://github.com/stedolan/jq |
107d60c70c1a
mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
9 # - some sort of XDG 'open' command |
107d60c70c1a
mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
10 |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 # Settings |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 HOST="" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 DOMAIN="" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 AUTH_METHOD="session-read-only" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 AUTH_ID="rest" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/restrc" ]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 # Config file can contain the above settings |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 source "${XDG_CONFIG_HOME:-$HOME/.config}/restrc" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 fi |
5432
1c52efb6fd42
mod_rest/rest.sh: Trim trailing whitespace
Kim Alvefur <zash@zash.se>
parents:
5431
diff
changeset
|
22 |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 if [[ $# == 0 ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 echo "${0##*/} [-h HOST] [-u USER|--login] [/path] kind=(message|presence|iq) ...." |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 # Last arguments are handed to HTTPie, so refer to its docs for further details |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 exit 0 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 if [[ "$1" == "-h" ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 HOST="$2" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 shift 2 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 elif [ -z "${HOST:-}" ]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 HOST="$(hostname)" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 if [[ "$HOST" != *.* ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 # Assumes subdomain of your DOMAIN |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 if [ -z "${DOMAIN:-}" ]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 DOMAIN="$(hostname -d)" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 if [[ "$HOST" == *:* ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 HOST="${HOST%:*}.$DOMAIN:${HOST#*:}" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 else |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 HOST="$HOST.$DOMAIN" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 if [[ "$1" == "-u" ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 # -u username |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 AUTH_METHOD="auth" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 AUTH_ID="$2" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 shift 2 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 elif [[ "$1" == "-rw" ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 # To e.g. save Accept headers to the session |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 AUTH_METHOD="session" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 shift 1 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 if [[ "$1" == "--login" ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 shift 1 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 # Check cache for OAuth client |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 if [ -f "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" ]; then |
5432
1c52efb6fd42
mod_rest/rest.sh: Trim trailing whitespace
Kim Alvefur <zash@zash.se>
parents:
5431
diff
changeset
|
64 source "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 OAUTH_META="$(http --check-status --json "https://$HOST/.well-known/oauth-authorization-server" Accept:application/json)" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 AUTHORIZATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.authorization_endpoint')" |
5342
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
69 TOKEN_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.token_endpoint')" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
70 |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 if [ -z "${OAUTH_CLIENT_INFO:-}" ]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 # Register a new OAuth client |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 REGISTRATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.registration_endpoint')" |
5380
822d26271d9f
mod_rest/rest.sh: Set software_id in client registration to something
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
74 OAUTH_CLIENT_INFO="$(http --check-status "$REGISTRATION_ENDPOINT" Content-Type:application/json Accept:application/json client_name=rest.sh client_uri="https://modules.prosody.im/mod_rest" application_type=native software_id=0bdb0eb9-18e8-43af-a7f6-bd26613374c0 redirect_uris:='["urn:ietf:wg:oauth:2.0:oob"]')" |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/rest/" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 typeset -p OAUTH_CLIENT_INFO >> "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 CLIENT_ID="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_id')" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 CLIENT_SECRET="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_secret')" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
5342
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
82 if [ -n "${REFRESH_TOKEN:-}" ]; then |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
83 TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=refresh_token' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "refresh_token=$REFRESH_TOKEN")" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
84 ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
85 if [ "$ACCESS_TOKEN" == "null" ]; then |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
86 ACCESS_TOKEN="" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
87 fi |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
88 fi |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
89 |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
90 if [ -z "${ACCESS_TOKEN:-}" ]; then |
5387
e3fc52b40064
mod_rest/rest.sh: Implement RFC 7636 PKCE with the 'plain' method
Kim Alvefur <zash@zash.se>
parents:
5380
diff
changeset
|
91 CODE_CHALLENGE="$(head -c 33 /dev/urandom | base64 | tr /+ _-)" |
5430
48c643c851f3
mod_rest/rest.sh: Make scopes to request configurable in restrc
Kim Alvefur <zash@zash.se>
parents:
5387
diff
changeset
|
92 open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&code_challenge=$CODE_CHALLENGE&scope=${SCOPE:-openid+prosody:user}" |
5342
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
93 read -p "Paste authorization code: " -s -r AUTHORIZATION_CODE |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
5387
e3fc52b40064
mod_rest/rest.sh: Implement RFC 7636 PKCE with the 'plain' method
Kim Alvefur <zash@zash.se>
parents:
5380
diff
changeset
|
95 TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=authorization_code' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "code=$AUTHORIZATION_CODE" code_verifier="$CODE_CHALLENGE")" |
5342
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
96 ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -e -r '.access_token')" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
97 REFRESH_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.refresh_token')" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
98 |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
99 if [ "$REFRESH_TOKEN" != "null" ]; then |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
100 # FIXME Better type check would be nice, but nobody should ever have the |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
101 # string "null" as a legitimate refresh token... |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
102 typeset -p REFRESH_TOKEN >> "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
103 fi |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
104 |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
105 if [ -n "${COLORTERM:-}" ]; then |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
106 echo -ne '\e[1K\e[G' |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
107 else |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
108 echo |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
109 fi |
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
110 fi |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 USERINFO_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.userinfo_endpoint')" |
5342
e28ba69b5307
mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents:
5330
diff
changeset
|
113 http --check-status -b --session rest "$USERINFO_ENDPOINT" "Authorization:Bearer $ACCESS_TOKEN" Accept:application/json >&2 |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 AUTH_METHOD="session-read-only" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 AUTH_ID="rest" |
5431
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
116 |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
117 elif [[ "$1" == "--logout" ]]; then |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
118 # Revoke token |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
119 source "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
120 |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
121 OAUTH_META="$(http --check-status --json "https://$HOST/.well-known/oauth-authorization-server" Accept:application/json)" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
122 REVOCATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.revocation_endpoint')" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
123 |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
124 CLIENT_ID="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_id')" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
125 CLIENT_SECRET="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_secret')" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
126 |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
127 http -h --check-status --auth "$CLIENT_ID:$CLIENT_SECRET" --form "$REVOCATION_ENDPOINT" token="$REFRESH_TOKEN" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
128 |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
129 # Overwrite the token |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
130 typeset -p OAUTH_CLIENT_INFO > "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" |
95cb7e7efa37
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents:
5430
diff
changeset
|
131 exit 0 |
5281
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 if [[ $# == 0 ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 # Just login? |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 exit 0 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 # For e.g /disco/example.com and such GET queries |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 GET_PATH="" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 if [[ "$1" == /* ]]; then |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 GET_PATH="$1" |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 shift 1 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 fi |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 |
4ed65a6c2a6a
mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 http --check-status -p b "--$AUTH_METHOD" "$AUTH_ID" "https://$HOST/rest$GET_PATH" "$@" |