mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-12 05:06:55 +00:00
43 lines
1.4 KiB
Bash
Executable File
43 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -ex
|
|
|
|
# The path to the instance admin service account
|
|
KEY=${KEY:-./machinekey/zitadel-admin-sa.json}
|
|
# The audience for which the key is used
|
|
AUDIENCE=${AUDIENCE:-http://localhost:8080}
|
|
# The Service can differ from the audience, for example in docker compose (http://zitadel:8080)
|
|
SERVICE=${SERVICE:-$AUDIENCE}
|
|
|
|
# Defer the Host header sent in requests that ZITADEL maps to an instance from the JWT audience
|
|
AUDIENCE_HOST="$(echo $AUDIENCE | cut -d/ -f3)"
|
|
|
|
# Create JWT from Admin SA KEY
|
|
JWT=$(zitadel-tools key2jwt --key ${KEY} --audience ${AUDIENCE})
|
|
|
|
# Get Token
|
|
TOKEN_RESPONSE=$(curl --request POST \
|
|
--url ${SERVICE}/oauth/v2/token \
|
|
--header 'Content-Type: application/x-www-form-urlencoded' \
|
|
--header "Host: ${AUDIENCE_HOST}" \
|
|
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
|
|
--data scope='openid profile email urn:zitadel:iam:org:project:id:zitadel:aud' \
|
|
--data assertion="${JWT}")
|
|
|
|
# Extract Token
|
|
TOKEN=$(echo -n ${TOKEN_RESPONSE} | jq -r '.access_token')
|
|
|
|
# Verify authentication
|
|
curl --request POST \
|
|
--url ${SERVICE}/oidc/v1/userinfo \
|
|
--header 'Content-Type: application/x-www-form-urlencoded' \
|
|
--header "Authorization: Bearer ${TOKEN}" \
|
|
--header "Host: ${AUDIENCE_HOST}"
|
|
|
|
# Get default org
|
|
curl --request GET \
|
|
--url ${SERVICE}/admin/v1/orgs/default \
|
|
--header 'Accept: application/json' \
|
|
--header "Authorization: Bearer ${TOKEN}" \
|
|
--header "Host: ${AUDIENCE_HOST}"
|