How to get the bearer token through API ?

[kalrashubham49]

Is there any way to get bearer token through API, I have tried couple of ways listed below but both dint work in my case 👍

1. curl -u admin:admin http://127.0.0.1:8080/api/v1/teams/main/auth/token
2. curl -v \ -X POST \ -H 'Content-Type: application/x-www-form-urlencoded' \ --user ‘admin:admin’ \ --data-urlencode 'username=admin’ \ --data-urlencode 'password=admin’ \ --data-urlencode 'grant_type=password' \ --data-urlencode 'scope=openid profile email federated:id groups' \ http://127.0.0.1:8080/sky/token

Both the requests are giving me 404 in response .

Can anyone please suggest what should be done in order to get the Bearer Token through Code preferably API which would be used for subsequent requests

[jamieklassen]

What are you trying to do with the bearer token? Can you use fly? or maybe go-concourse? Anyway it sounds like you're trying to reverse-engineer this code:

concourse/fly/commands/login.go

Lines 180 to 197 in 248606d

	func (command *LoginCommand) passwordGrant(client concourse.Client, username, password string) (string, string, error) {
	oauth2Config := oauth2.Config{
	ClientID: "fly",
	ClientSecret: "Zmx5",
	Endpoint: oauth2.Endpoint{TokenURL: client.URL() + "/sky/issuer/token"},
	Scopes: []string{"openid", "profile", "email", "federated:id", "groups"},
	}
	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, client.HTTPClient())
	token, err := oauth2Config.PasswordCredentialsToken(ctx, username, password)
	if err != nil {
	return "", "", err
	}
	return token.TokenType, token.AccessToken, nil
	}

which I have just figured out how to do for you:

curl http://fly:[email protected]:8080/sky/issuer/token \
  -d grant_type=password \
  -d username=test \
  -d password=test \
  -d scope='openid profile email federated:id groups'

This is the textbook oauth2 password grant flow, but the trick is to know that fly uses a hardcoded client id and secret (the fly:Zmx5 part). I mention this because you used admin:admin as your basic auth credentials, but in oauth2 you always use client id and client secret as the basic auth credentials -- since you mention wanting to do this "through Code" you could probably use a real programming language with an oauth2 library that would handle that kind of detail for you.

[kalrashubham49]

Thanks Jamie , i needed this endpoint only.

We are implementing a service which uses Concourse Pipelines to streamline tasks which generally communicates with other services in microservices architecture.

We have implemented a Concourse custom http-communicator resource in GoLang , which helps us and will help a lot of other fellow developers for setting up communication through Concourse pipelines once we make it open source. Would you help us reviewing our custom resource so that before making it open source we are pretty sure we would be spreading a correct implementation.

Really appreciate Concourse Maintainer's efforts for building this and making our projects awesome.. Thanks again.. :)
Concourse-custom-http-handle.zip

[jamieklassen]

Glad you're finding Concourse useful! It's still not clear to me why you want to programmatically grab tokens -- I asked because I'm a full-time Concourse contributor and I'm interested in understanding people's use cases in detail.

I'm going to mark this discussion as solved, and I'm not going to read through the code in that zip file and talk about it here. Instead we can continue our conversation about custom resource types in #6239, where you can ask any specific questions you have as you work towards solving your problem.

[chris-aeviator]

@jamieklassen I'm coming to this issue since my callback url is not called after I run fly login and entering my credentials in the browser. The fly cli asks to "enter token manually" but it is nowhere visible where I can get this token, the page after login is just plain white (wonderful place to show the token when the callback does not suceed)

[jamieklassen]

@chris-aeviator if your oauth callback is broken that sounds like its own problem. but you can also navigate directly to <concourse url>/fly_success to get a page that lets you copy your token.

[gsaslis]

It's still not clear to me why you want to programmatically grab tokens

@jamieklassen I want to use the Concourse API (as opposed to the CLI), in order to create pipelines and trigger jobs (I'm working on the integration of Concourse with a new (p2p) forge), and as this is another backend system, it feels a little ... inelegant to be using the CLI just for that.

At the same time, I am wondering why the API is not more accessible / documented / etc., etc. Is that because resource types are the recommended path forward, for such integrations?

[kalrashubham49]

Hi Jamie, Is there any offline scope supported by Concourse for getting the refresh token ? As passing offline is giving me error. ? One more thing , i want to embed my concourse pipeline in website , is there any way to embed the Concourse Pipeline URL which doesnt required user login.

…

On Fri, Nov 6, 2020 at 8:30 PM Jamie Klassen ***@***.***> wrote: @chris-aeviator <https://github.com/chris-aeviator> if your oauth callback is broken that sounds like its own problem. but you can also navigate directly to <concourse url>/fly_success to get a page that lets you copy your token. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#6241 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADHXZ5EZHE45DM5ADMUU2ADSOQFR7ANCNFSM4TIYRMOA> .