Authenticating to the REST API with an OAuth app - Using Bash

[appatalks]

Authenticating to the REST API with an OAuth app - Using Bash

Modeled from GitHub Docs - Authenticating to the REST API with an OAuth app

Note

Be sure to check out Best practices for creating an OAuth app

We're going to run through a simplified exercise of generating an OAuth Application Token (gho_****). Specifically, we're going to create a Bash Script that uses the OAuth App's client ID and client secret which are used to perform operations on behalf of the app, such as creating the access tokens.

High Level Overview

1. Create OAuth App grabbing the ID and Secret
2. Run the script, interactively choose what scopes you want
3. copy the code=<string>, paste the code string, grab gho_****
4. Profit

Step 1 - Create OAuth App grabbing the ID and Secret

This is by far the easiest step!
Simply follow the instructions found in the GitHub Documentation for Registering your app.

Except for one caveat, here we are not going to use some backend server for the Authorization callback URLs. Instead we will just use http://127.0.0.1/callback or in another words, just your local machine to do all the work (all you need is a web browser!).

Step 2 - Run the script, interactively choose what scopes you want

So setting up the Bash piece was a bit tricky, converting the Guide from using a Ruby Server.

The following script is designed to do the following:

• Usage: bash run.sh <CLIENT_ID> <CLIENT_SECRET>
• Interactively allow you to select the scopes that you would like
• Opens your browser, requesting OAuth App Permissions, where Authorizing will redirect to http://127.0.0.1
• Simply grab the string from http://127.0.0.1/code=<string>&state=... from the URL Bar of your browser.
• Then paste the string into the awaiting Bash Script's Enter the code: to get a gho_**** token.

Expand Bash Script

#!/bin/bash

# Set the required environment variables
CLIENT_ID=$1
CLIENT_SECRET=$2

# Generate a random state variable
state=$(uuidgen)

# Initialize an empty array to store selected scopes
selected_scopes=()

# Prompt the user to select the desired scopes
echo "Select Scope Permissions: "
options=("repo" "user" "admin:org" "admin:org_hook" "admin:repo_hook" "admin:public_key" "admin:gpg_key" "read:org" "security_events" "gist" "notifications" "project" "delete_repo" "write:packages" "read:packages" "delete:packages" "codespace" "workflow")

# Display options
for i in "${!options[@]}"; do
  echo "$((i+1))) ${options[$i]}"
done

# Read selections until an empty line is entered
while true; do
   echo "Enter options (empty to finish): "
   read -a opts
   if [ -z "$opts" ]; then
     break
   fi
   for opt in "${opts[@]}"; do
     if ! [[ $opt =~ ^[0-9]+$ ]] || ((opt < 1 || opt > ${#options[@]})); then
       echo "Invalid selection. Please try again."
     else
       selected_scopes+=("${options[opt-1]}")
     fi
   done
done

# Join the selected scopes with "%20" as the separator
scopes=$(printf "%s%%20" "${selected_scopes[@]}")

# Generate the authorization URL based on the selected scope
auth_url="https://github.com/login/oauth/authorize?scope=$scopes&client_id=$CLIENT_ID&state=$state"

# Prompt the user to open the authorization URL and retrieve the session code
# Session Code Expires after 10 Minutes!!

# Check if xdg-open command exists
if command -v xdg-open &> /dev/null; then
  # Linux system
  xdg-open "$auth_url"
elif command -v open &> /dev/null; then
  # macOS system
  open "$auth_url"
else
  # Unable to automatically open the URL
  echo "Unable to open the URL in a web browser. Please visit the following URL manually: $auth_url"
fi

read -p "oAuth URL: $auth_url
Enter the code: " session_code

# POST the code back to GitHub to obtain the access token
result=$(curl -s -X POST -H "Accept: application/json" \
     -d "client_id=$CLIENT_ID" \
     -d "client_secret=$CLIENT_SECRET" \
     -d "code=$session_code" \
     "https://github.com/login/oauth/access_token")

# Extract the access token
access_token=$(echo "$result" | jq -r '.access_token')
scopes=$(echo "$result" | jq -r '.scope')

# Use the access token for further API calls
echo "Access Token: $access_token"
echo "Token Scopes: $scopes"

Step 3 - Profit

Now that we have our gho_**** OAuth Token, we can now use that where we please 🐧 🐧