jay7x/iap-token.bash

## iap-token.bash
#!/usr/bin/env bash

# Based on this guide:
# https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app
#
# Run the following command to store the token in the $IAP_TOKEN environment variable
# export IAP_TOKEN="$(bash ./iap_auth.bash | jq -r .id_token)"
#
# Use it with curl
# curl -v -H "Authorization: Bearer ${IAP_TOKEN}" '<IAP-protected-URL>'
# - OR -
# curl -v -H "Proxy-Authorization: Bearer ${IAP_TOKEN}" '<IAP-protected-URL>'

: "${DESKTOP_CLIENT_ID:?Variable not set or empty}"
: "${DESKTOP_CLIENT_SECRET:?Variable not set or empty}"
: "${IAP_CLIENT_ID:?Variable not set or empty}"

# Listen for incoming connection from browser here
LOCAL_HOST=localhost
LOCAL_PORT=4444

AUTH_URL="https://accounts.google.com/o/oauth2/v2/auth?client_id=${DESKTOP_CLIENT_ID}&response_type=code&scope=openid%20email&access_type=offline&redirect_uri=http://${LOCAL_HOST}:${LOCAL_PORT}&cred_ref=true"

cat << MSG >&2
Open the following url in your local browser:
${AUTH_URL}
MSG

# MacOS
# open "${URL}"

# Windows WSL
# wslview "${URL}"

# Linux (xdg-utils)
# xdg-open "${URL}"

AUTH_CODE=$(printf "HTTP/1.0 200 OK\n\nYou can close the tab now" | nc -l "${LOCAL_HOST}" "${LOCAL_PORT}" | head -n1 | sed -e 's/^.*code=\([^&]*\)&.*$/\1/')

curl -s \
  --data client_id="${DESKTOP_CLIENT_ID}" \
  --data client_secret="${DESKTOP_CLIENT_SECRET}" \
  --data code="${AUTH_CODE}" \
  --data audience="${IAP_CLIENT_ID}" \
  --data redirect_uri="http://${LOCAL_HOST}:${LOCAL_PORT}" \
  --data grant_type=authorization_code \
  https://oauth2.googleapis.com/token
	#!/usr/bin/env bash

	# Based on this guide:
	# https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app
	#
	# Run the following command to store the token in the $IAP_TOKEN environment variable
	# export IAP_TOKEN="$(bash ./iap_auth.bash \| jq -r .id_token)"
	#
	# Use it with curl
	# curl -v -H "Authorization: Bearer ${IAP_TOKEN}" '<IAP-protected-URL>'
	# - OR -
	# curl -v -H "Proxy-Authorization: Bearer ${IAP_TOKEN}" '<IAP-protected-URL>'

	: "${DESKTOP_CLIENT_ID:?Variable not set or empty}"
	: "${DESKTOP_CLIENT_SECRET:?Variable not set or empty}"
	: "${IAP_CLIENT_ID:?Variable not set or empty}"

	# Listen for incoming connection from browser here
	LOCAL_HOST=localhost
	LOCAL_PORT=4444

	AUTH_URL="https://accounts.google.com/o/oauth2/v2/auth?client_id=${DESKTOP_CLIENT_ID}&response_type=code&scope=openid%20email&access_type=offline&redirect_uri=http://${LOCAL_HOST}:${LOCAL_PORT}&cred_ref=true"

	cat << MSG >&2
	Open the following url in your local browser:
	${AUTH_URL}
	MSG

	# MacOS
	# open "${URL}"

	# Windows WSL
	# wslview "${URL}"

	# Linux (xdg-utils)
	# xdg-open "${URL}"

	AUTH_CODE=$(printf "HTTP/1.0 200 OK\n\nYou can close the tab now" \| nc -l "${LOCAL_HOST}" "${LOCAL_PORT}" \| head -n1 \| sed -e 's/^.code=\([^&]\)&.*$/\1/')

	curl -s \
	--data client_id="${DESKTOP_CLIENT_ID}" \
	--data client_secret="${DESKTOP_CLIENT_SECRET}" \
	--data code="${AUTH_CODE}" \
	--data audience="${IAP_CLIENT_ID}" \
	--data redirect_uri="http://${LOCAL_HOST}:${LOCAL_PORT}" \
	--data grant_type=authorization_code \
	https://oauth2.googleapis.com/token
No results found