From 244185b759a019785bbc1a15e78ea8a406e23443 Mon Sep 17 00:00:00 2001 From: Thibaud Dufour Date: Fri, 14 Jun 2024 14:22:19 +0200 Subject: [PATCH] Add support for bearer auth --- README.md | 24 ++++++++++++++++++++++-- src/config.sh | 2 ++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c728701..450d623 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,10 @@ ## Setup -### Environment +The following credentials type are supported: Basic Auth (password of the admin +account) or Bearer Auth. + +### Password with Environment variable Specify the admin password by running the following two commands @@ -19,7 +22,7 @@ export API_HOST=https://hawkbit.example.com Remember that you will have to reenter your password whenever you switch `API_HOST` -### netrc +### Password with .netrc You can also configure your credentials with the help of `~/.netrc` (see `curl(1) --netrc` for more information) @@ -32,6 +35,23 @@ Also remember to set the permissions correctly: chmod 600 ~/.netrc +### Bearer Authentication + +Get an access_token from an OAUTH2 server plugged to the Hawkbit one. + +``` +export BEARER_TOKEN +BEARER_TOKEN=$(curl \ + -d "client_id=$OAUTH_CLIENT_ID" \ + -d "client_secret=$OAUTH_CLIENT_SECRET" \ + -d "grant_type=client_credentials" \ + $OAUTH_URL \ + | jq --exit-status --raw-output .access_token) +``` + +Remember that access tokens could have a short lifetime (several minutes). +Check `expires_in` field of the response. + ## Usage ``` diff --git a/src/config.sh b/src/config.sh index efffd41..d9a8af5 100644 --- a/src/config.sh +++ b/src/config.sh @@ -9,6 +9,8 @@ fi if [ -n "$PASSWORD" ]; then # shellcheck disable=SC2034 CURL_AUTH_ARGS=(--user "admin:$PASSWORD") +elif [ -n "$BEARER_TOKEN" ]; then + CURL_AUTH_ARGS=(-H "Authorization: Bearer $BEARER_TOKEN") elif [ -f ~/.netrc ] && grep --quiet "${API_HOST##*://}" ~/.netrc; then # shellcheck disable=SC2034 CURL_AUTH_ARGS=(--netrc)