-
Notifications
You must be signed in to change notification settings - Fork 46
/
get_access_token.sh
executable file
·90 lines (73 loc) · 4.12 KB
/
get_access_token.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/usr/bin/env bash
#
# This script uses curl, openssl, and some helper utilities to demonstrate how to
# use OAuth authentication with the Pinterest API.
#
# To see the communications at any stage of this script, use echo to show the
# relevant variable. For example, echo "$REDIRECT_SESSION" to see the complete
# web browser session for the redirect.
#
# Prerequisites: curl, openssl, base64, jq, grep, cut
#
# Get configuration from environment or defaults.
: "${REDIRECT_PORT:=8085}"
: "${PINTEREST_API_URI:=https://api.pinterest.com}"
: "${PINTEREST_OAUTH_URI:=https://www.pinterest.com}"
: "${REDIRECT_LANDING_URI:=https://developers.pinterest.com/apps/${PINTEREST_APP_ID}}"
REDIRECT_URI="http://localhost:${REDIRECT_PORT}/"
# Note that the application id and secrect have no defaults,
# because it is best practice not to store credentials in code.
B64AUTH=$(echo -n "${PINTEREST_APP_ID}:${PINTEREST_APP_SECRET}" | base64)
# Get the authorization code by starting a browser session and handling the redirect.
echo 'getting auth_code...'
# Specify the scopes for the user to authorize via OAuth.
# This example requests typical read-only authorization.
# For more information, see:
# https://developers.pinterest.com/docs/getting-started/authentication-and-scopes/#requesting-the-right-scopes-for-your-app
SCOPE="user_accounts:read"
# This call opens the browser with the oauth information in the URI.
open "${PINTEREST_OAUTH_URI}/oauth/?consumer_id=${PINTEREST_APP_ID}&redirect_uri=${REDIRECT_URI}&scope=${SCOPE}&response_type=code" &
# 1. Use netcat (nc) to run the web browser to handle the redirect from the oauth call.
# 2. Wait for the response.
# 3. Redirect using a HTTP 301 response to the landing URI.
REDIRECT_SESSION=$(nc -l localhost ${REDIRECT_PORT} 2>&1 <<EOF
HTTP/1.1 301 Moved Permanently
Location: ${REDIRECT_LANDING_URI}
EOF
)
# Cut the authorization code from the output of the web server, which includes
# the redirect URI with the authorization code.
AUTH_CODE=$(echo "${REDIRECT_SESSION}" | grep GET | cut -d ' ' -f 2 | cut -d '=' -f 2)
# Exchange the authorization code for the access token.
echo 'exchanging auth_code for access_token...'
# Execute the curl PUT command to exchange the authorization code for the access token.
# 1. Use basic authorization (constructed above) with the application id and secret.
# 2. Note that it is necessary to send x-www-form-urlencoded data.
OAUTH_RESPONSE=$(curl --silent -X POST --header "Authorization:Basic ${B64AUTH}" --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=authorization_code' --data-urlencode "code=${AUTH_CODE}" --data-urlencode "redirect_uri=${REDIRECT_URI}" "${PINTEREST_API_URI}/v5/oauth/token")
RESPONSE_TYPE=$(echo "$OAUTH_RESPONSE" | jq -r '.["response_type"]')
echo response_type: "$RESPONSE_TYPE"
# Parse the JSON returned by the exchange call and retrieve the access token.
ACCESS_TOKEN=$(echo "$OAUTH_RESPONSE" | jq -r '.["access_token"]')
# The scope returned in the response includes all of the scopes that
# have been approved now or in the past by the user.
SCOPE=$(echo "$OAUTH_RESPONSE" | jq -r '.["scope"]')
echo scope: "$SCOPE"
# Demonstrate how to use the access token to get information about the associated user.
echo 'getting user data using the access token'
USER_RESPONSE=$(curl --silent -X GET --header "Authorization:Bearer ${ACCESS_TOKEN}" "${PINTEREST_API_URI}/v5/user_account")
# An alternative for the above command is to use the OAuth2 bearer authentication
# that is built into curl. Replace these arguments:
# --header "Authorization:Bearer ${ACCESS_TOKEN}"
# with these arguments:
# --oauth2-bearer "${ACCESS_TOKEN}"
# Parse the JSON response and print the data associated with the user.
ACCOUNT_TYPE=$(echo "${USER_RESPONSE}" | jq -r '.["account_type"]')
USERNAME=$(echo "${USER_RESPONSE}" | jq -r '.["username"]')
PROFILE_IMAGE=$(echo "${USER_RESPONSE}" | jq -r '.["profile_image"]')
WEBSITE_URL=$(echo "${USER_RESPONSE}" | jq -r '.["website_url"]')
echo '--- User Summary ---'
echo Account Type: "$ACCOUNT_TYPE"
echo Username: "$USERNAME"
echo Profile Image: "$PROFILE_IMAGE"
echo Website URL: "$WEBSITE_URL"
echo '--------------------'