annotate mod_rest/example/rest.sh @ 5512:1fbc8718bed6

mod_http_oauth2: Bind refresh tokens to client Prevent one OAuth client from using the refresh tokens issued to another client as required by RFC 6819 section 5.2.2.2 See also draft-ietf-oauth-security-topics-22 section 2.2.2 Thanks to OAuch for pointing out this issue
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 10:40:48 +0200
parents 1c52efb6fd42
children b3484a112300
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 #!/bin/bash -eu
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 # Copyright (c) Kim Alvefur
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 # This file is MIT/X11 licensed.
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
5329
107d60c70c1a mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents: 5281
diff changeset
6 # Dependencies:
107d60c70c1a mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents: 5281
diff changeset
7 # - https://httpie.io/
107d60c70c1a mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents: 5281
diff changeset
8 # - https://github.com/stedolan/jq
107d60c70c1a mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents: 5281
diff changeset
9 # - some sort of XDG 'open' command
107d60c70c1a mod_rest/rest.sh: List dependencies in comment
Kim Alvefur <zash@zash.se>
parents: 5281
diff changeset
10
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 # Settings
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 HOST=""
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 DOMAIN=""
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 AUTH_METHOD="session-read-only"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 AUTH_ID="rest"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/restrc" ]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 # Config file can contain the above settings
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 source "${XDG_CONFIG_HOME:-$HOME/.config}/restrc"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 fi
5432
1c52efb6fd42 mod_rest/rest.sh: Trim trailing whitespace
Kim Alvefur <zash@zash.se>
parents: 5431
diff changeset
22
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 if [[ $# == 0 ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 echo "${0##*/} [-h HOST] [-u USER|--login] [/path] kind=(message|presence|iq) ...."
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 # Last arguments are handed to HTTPie, so refer to its docs for further details
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 exit 0
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 if [[ "$1" == "-h" ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 HOST="$2"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 shift 2
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 elif [ -z "${HOST:-}" ]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 HOST="$(hostname)"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 if [[ "$HOST" != *.* ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 # Assumes subdomain of your DOMAIN
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 if [ -z "${DOMAIN:-}" ]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 DOMAIN="$(hostname -d)"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 if [[ "$HOST" == *:* ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 HOST="${HOST%:*}.$DOMAIN:${HOST#*:}"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 else
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 HOST="$HOST.$DOMAIN"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 if [[ "$1" == "-u" ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 # -u username
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 AUTH_METHOD="auth"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 AUTH_ID="$2"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 shift 2
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 elif [[ "$1" == "-rw" ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 # To e.g. save Accept headers to the session
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 AUTH_METHOD="session"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 shift 1
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 if [[ "$1" == "--login" ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 shift 1
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 # Check cache for OAuth client
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 if [ -f "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST" ]; then
5432
1c52efb6fd42 mod_rest/rest.sh: Trim trailing whitespace
Kim Alvefur <zash@zash.se>
parents: 5431
diff changeset
64 source "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 OAUTH_META="$(http --check-status --json "https://$HOST/.well-known/oauth-authorization-server" Accept:application/json)"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 AUTHORIZATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.authorization_endpoint')"
5342
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
69 TOKEN_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.token_endpoint')"
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
70
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 if [ -z "${OAUTH_CLIENT_INFO:-}" ]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 # Register a new OAuth client
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 REGISTRATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.registration_endpoint')"
5380
822d26271d9f mod_rest/rest.sh: Set software_id in client registration to something
Kim Alvefur <zash@zash.se>
parents: 5379
diff changeset
74 OAUTH_CLIENT_INFO="$(http --check-status "$REGISTRATION_ENDPOINT" Content-Type:application/json Accept:application/json client_name=rest.sh client_uri="https://modules.prosody.im/mod_rest" application_type=native software_id=0bdb0eb9-18e8-43af-a7f6-bd26613374c0 redirect_uris:='["urn:ietf:wg:oauth:2.0:oob"]')"
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/rest/"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 typeset -p OAUTH_CLIENT_INFO >> "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 CLIENT_ID="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_id')"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 CLIENT_SECRET="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_secret')"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81
5342
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
82 if [ -n "${REFRESH_TOKEN:-}" ]; then
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
83 TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=refresh_token' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "refresh_token=$REFRESH_TOKEN")"
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
84 ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')"
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
85 if [ "$ACCESS_TOKEN" == "null" ]; then
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
86 ACCESS_TOKEN=""
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
87 fi
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
88 fi
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
89
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
90 if [ -z "${ACCESS_TOKEN:-}" ]; then
5387
e3fc52b40064 mod_rest/rest.sh: Implement RFC 7636 PKCE with the 'plain' method
Kim Alvefur <zash@zash.se>
parents: 5380
diff changeset
91 CODE_CHALLENGE="$(head -c 33 /dev/urandom | base64 | tr /+ _-)"
5430
48c643c851f3 mod_rest/rest.sh: Make scopes to request configurable in restrc
Kim Alvefur <zash@zash.se>
parents: 5387
diff changeset
92 open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&code_challenge=$CODE_CHALLENGE&scope=${SCOPE:-openid+prosody:user}"
5342
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
93 read -p "Paste authorization code: " -s -r AUTHORIZATION_CODE
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94
5387
e3fc52b40064 mod_rest/rest.sh: Implement RFC 7636 PKCE with the 'plain' method
Kim Alvefur <zash@zash.se>
parents: 5380
diff changeset
95 TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=authorization_code' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "code=$AUTHORIZATION_CODE" code_verifier="$CODE_CHALLENGE")"
5342
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
96 ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -e -r '.access_token')"
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
97 REFRESH_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.refresh_token')"
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
98
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
99 if [ "$REFRESH_TOKEN" != "null" ]; then
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
100 # FIXME Better type check would be nice, but nobody should ever have the
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
101 # string "null" as a legitimate refresh token...
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
102 typeset -p REFRESH_TOKEN >> "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
103 fi
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
104
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
105 if [ -n "${COLORTERM:-}" ]; then
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
106 echo -ne '\e[1K\e[G'
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
107 else
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
108 echo
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
109 fi
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
110 fi
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 USERINFO_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.userinfo_endpoint')"
5342
e28ba69b5307 mod_rest: Implement use of refresh tokens in rest.sh example
Kim Alvefur <zash@zash.se>
parents: 5330
diff changeset
113 http --check-status -b --session rest "$USERINFO_ENDPOINT" "Authorization:Bearer $ACCESS_TOKEN" Accept:application/json >&2
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 AUTH_METHOD="session-read-only"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 AUTH_ID="rest"
5431
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
116
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
117 elif [[ "$1" == "--logout" ]]; then
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
118 # Revoke token
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
119 source "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
120
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
121 OAUTH_META="$(http --check-status --json "https://$HOST/.well-known/oauth-authorization-server" Accept:application/json)"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
122 REVOCATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.revocation_endpoint')"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
123
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
124 CLIENT_ID="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_id')"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
125 CLIENT_SECRET="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_secret')"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
126
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
127 http -h --check-status --auth "$CLIENT_ID:$CLIENT_SECRET" --form "$REVOCATION_ENDPOINT" token="$REFRESH_TOKEN"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
128
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
129 # Overwrite the token
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
130 typeset -p OAUTH_CLIENT_INFO > "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
95cb7e7efa37 mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se>
parents: 5430
diff changeset
131 exit 0
5281
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
132 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
133
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
134 if [[ $# == 0 ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
135 # Just login?
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
136 exit 0
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
137 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
138
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
139 # For e.g /disco/example.com and such GET queries
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
140 GET_PATH=""
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
141 if [[ "$1" == /* ]]; then
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
142 GET_PATH="$1"
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
143 shift 1
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
144 fi
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
145
4ed65a6c2a6a mod_rest: Add an example bash script for using mod_rest
Kim Alvefur <zash@zash.se>
parents:
diff changeset
146 http --check-status -p b "--$AUTH_METHOD" "$AUTH_ID" "https://$HOST/rest$GET_PATH" "$@"