user_info.sh

#!/bin/bash

wso2_is_host="localhost:9443" # Replace with your WSO2 IS hostname
client_id="xxxxxxx"
client_secret="xxxxxxx"
redirect_uri="https://www.google.com"
post_logout_redirect_uri="https://www.google.com" #For logout redirect
state="mystate" #Optional state for logout
scopes="openid profile roles"

# Step 1: Generate Authorization Request URL
authorization_url="https://${wso2_is_host}/oauth2/authorize?response_type=code&client_id=${client_id}&scope=${scopes}&redirect_uri=${redirect_uri}"

echo "1. Open this URL in your browser, authenticate, and grant access:"
echo "$authorization_url"
echo "2. After redirection, extract the 'code' parameter from the URL."
read -p "Enter the authorization code: " authorization_code

# Step 2: Use curl to Get the Access Token
if [[ -n "$authorization_code" ]]; then
  token_url="https://${wso2_is_host}/oauth2/token"

  access_token_response=$(curl -s -k -X POST \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=authorization_code&code=${authorization_code}&redirect_uri=${redirect_uri}&client_id=${client_id}&scope=${scopes}&client_secret=${client_secret}" \
    "$token_url")

  if [[ $? -eq 0 ]]; then
    access_token=$(echo "$access_token_response" | jq -r '.access_token') #Requires jq
    id_token=$(echo "$access_token_response" | jq -r '.id_token')

    if [[ -n "$access_token" ]]; then
      echo "Access Token: $access_token"

      # Step 3: Call UserInfo Endpoint
      userinfo_url="https://${wso2_is_host}/oauth2/userinfo"

      userinfo_response=$(curl -s -k -H "Authorization: Bearer $access_token" "$userinfo_url")

      if [[ $? -eq 0 ]]; then
        echo "UserInfo Response:"
        echo "$userinfo_response" | jq .
      else
        echo "Error: Failed to retrieve user info."
        echo "Curl output: $userinfo_response"
      fi
    fi
  else
    echo "Error: Failed to retrieve access token."
    echo "Curl output: $access_token_response"
  fi
else
    echo "Error: Authorization code is empty."
fi