Keycloak curl Device Authorization Grant. Usefull in scripts for obtaining an acess token from clients that have OAuth 2.0 Device Authorization Grant enabled.
#!/bin/bash # Keycloak Device Authorization Grant # # Dependencies: # # 'curl jq' # # https://curl.se # https://jqlang.org ### ---------------------------- usage() { printf 'Usage : %s -a %s -r %s -c %s\n' "${0##*/}" \ "<AUTHORITY>" "<REALM>" "<CLIENT_ID>" printf 'Example: %s -a "%s" -r "%s" -c "%s"\n' "${0##*/}" \ "https://keycloak.example.com/auth" \ "myrealm" \ "myclient" exit 2 } while getopts 'a:r:c:?h' c do case $c in a) authority=$OPTARG ;; r) realm=$OPTARG ;; c) clientId=$OPTARG ;; h|?) usage ;; esac done [[ -z $authority || -z $realm || -z $clientId ]] && usage ### ---------------------------- discovery="$authority/realms/$realm/.well-known/openid-configuration" endpoint="$(curl -sSL "$discovery" | jq -r '.device_authorization_endpoint')" res="$(curl -sSL \ --data-urlencode "client_id=$clientId" \ --data-urlencode "scope=openid" \ --url "$endpoint")" interval="$(jq -r '.interval' <<< "$res")" code="$(jq -r '.device_code' <<< "$res")" verificationUri="$(jq -r '.verification_uri_complete' <<< "$res")" read -rp "$(tput bold)Press Enter$(tput sgr0) to open $verificationUri in your browser..." >&2 open "$verificationUri" dots="..." while :; do dots=".$dots" printf "\rpolling%s" "$dots" >&2 sleep "$interval" res="$(curl -sSL \ --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \ --data-urlencode "client_id=$clientId" \ --data-urlencode "device_code=$code" \ --url "$authority/realms/$realm/protocol/openid-connect/token")" error="$(jq -r '.error | select(.!=null)' <<< "$res")" if [[ -n $error ]]; then if [[ $error == "authorization_pending" ]]; then continue; else printf "ERROR:\n%s\n" "$res" >&2 exit 1 fi fi accessToken="$(jq -r '.access_token' <<< "$res")" if [[ -n $accessToken ]]; then printf "\n" >&2 break; fi done printf "%s" "$accessToken"
download:
device_authorization_grant.sh