Skip to content

Curl and OAuth

Sometimes when working on APIs you need (or want) to use curl. Here's how to do that with the IT Lab OAuth 2.0 Authorization Server (AS):


% AUTHZ_URL=https://authz.itlab.stanford.edu
% CREDS=$(jq -r '.client_id + ":" + .client_secret' creds.json)
% SCOPES=scope1+scope2
% curl -o token.json -s -u "${CREDS}" -d scope="${SCOPES}" \
> -d grant_type=client_credentials ${AUTHZ_URL}/token
% TOKEN=$(jq -r .access_token token.json)

This assumes that you have a file called creds.json that contains your OAuth 2.0 client_id and client_secret:


{
  "client_id": "my-client",
  "client_secret": "superSecr3t"
}

Once TOKEN is set, you can use curl to make API calls:


% AUTHZ="Authorization: Bearer ${TOKEN}"
% API=https://someapi.itlab.stanford.edu
% curl -H "${AUTHZ}" -s ${API}/check | jq .
{
  "user": {
    "username": "my-client"
  },
  "authInfo": {
    "active": true,
    "scope": "someapi:read someapi:write",
    "expires_at": "2017-12-19T17:00:26-0800",
    "exp": 1513731626,
    "sub": "my-client",
    "client_id": "my-client",
    "token_type": "Bearer",
    "scopes": [
      "someapi:read",
      "someapi:write"
    ]
  }
}

jq is a very useful JSON parser, filter, and formatter. If you're on a Mac with Homebrew, installing jq is as simple as


% brew install jq

API Scopes

Different APIs use different scopes:

CertCache API

  • certcache:read - Read only access
  • certcache:write - Write access