Skip to content

Commit 4f94aef

Browse files
committed
gen_access_token: use tokensmith user-token
Signed-off-by: Devon Bautista <17506592+synackd@users.noreply.github.com>
1 parent 76177ff commit 4f94aef

1 file changed

Lines changed: 12 additions & 26 deletions

File tree

scripts/openchami_profile.sh

Lines changed: 12 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -23,32 +23,18 @@ container_curl() {
2323
${CONTAINER_CMD:-docker} run -it --rm "${CURL_CONTAINER}:${CURL_TAG}" -s $url
2424
}
2525

26-
create_client_credentials() {
27-
${CONTAINER_CMD:-docker} exec hydra hydra create client \
28-
--endpoint http://hydra:4445/ \
29-
--format json \
30-
--grant-type client_credentials \
31-
--scope openid \
32-
--scope smd.read
33-
}
34-
35-
retrieve_access_token() {
36-
local CLIENT_ID=$1
37-
local CLIENT_SECRET=$2
38-
39-
${CONTAINER_CMD:-docker} run --http-proxy=false --rm --network openchami-jwt-internal "${CURL_CONTAINER}:${CURL_TAG}" curl -s -u "$CLIENT_ID:$CLIENT_SECRET" \
40-
-d grant_type=client_credentials \
41-
-d scope=openid+smd.read \
42-
http://hydra:4444/oauth2/token
43-
}
44-
4526
gen_access_token() {
46-
local CLIENT_CREDENTIALS
47-
CLIENT_CREDENTIALS=$(create_client_credentials)
48-
local CLIENT_ID=`echo $CLIENT_CREDENTIALS | jq -r '.client_id'`
49-
local CLIENT_SECRET=`echo $CLIENT_CREDENTIALS | jq -r '.client_secret'`
50-
local ACCESS_TOKEN=$(retrieve_access_token $CLIENT_ID $CLIENT_SECRET | jq -r .access_token)
51-
echo $ACCESS_TOKEN
27+
${CONTAINER_CMD:-docker} exec tokensmith \
28+
/bin/sh \
29+
-c \
30+
"/usr/local/bin/tokensmith \
31+
user-token \
32+
create \
33+
--audience smd \
34+
--key-file /tokensmith/data/keys/private.pem \
35+
--subject 'admin@example.com' \
36+
--scopes 'admin' \
37+
--enable-local-user-mint"
5238
}
5339

5440

@@ -107,4 +93,4 @@ create_podman_secret() {
10793
fi
10894

10995
echo -n $secret | ${CONTAINER_CMD:-docker} secret create $name -
110-
}
96+
}

0 commit comments

Comments
 (0)