Sometimes, one just needs an OAuth access token (for the client credential authentication flow).

export ACCESS_TOKEN=$(curl -X POST \
 --user "${CLIENT_ID}:${CLIENT_SECRET}" \
 --data-urlencode "grant_type=client_credentials" \
 --data-urlencode "scope=${SCOPE}" \
 ${TOKEN_URL} \
 | jp -u access_token)

Note: jp is a handy CLI tool which allows to query JSON data using the JMESPath language (the same that awscli uses in its --query parameter). It’s kinda like jq but with a standardised language but, sadly, not colours.

The token can then be used in subsequent requests by adding it to an Authorization: Bearer header.

curl --header "Authorization: Bearer ${ACCESS_TOKEN}" ${ENDPOINT_URL} ...

EDIT 2021-01-06: The original version of this post suggested to put the client_id and client_secret in the POST data, but this is NOT RECOMMENDED. The recommended version is now presented at the top, and the previous one is kept below for reference. An example of how to use the token has also been added.

export ACCESS_TOKEN=$(curl -X POST \
 --data-urlencode "grant_type=client_credentials" \
 --data-urlencode "client_id=${CLIENT_ID}" \
 --data-urlencode "client_secret=${CLIENT_SECRET}" \
 --data-urlencode "scope=${SCOPE}" \
 ${TOKEN_URL} \
 | jp -u access_token)

Leave a Reply