OpenShift - Obtain OAuth Bearer Token using REST API

If you are not familiar with OAuth, check out What is an OAuth token.

Assuming you are able to log into OpenShift using the oc login command, the oc get route command can be used to get the hostname of the OpenShift OAuth service.

~]$ oc get route oauth-openshift --namespace openshift-authentication --output jsonpath="{.spec.host}"
oauth-openshift.apps.openshift.example.com

 

The following curl command can be used to obtain an OAuth Bearer Token.

curl
--insecure
--request GET
--user john.doe:itsasecret
--header "X-CSRF-Token: xxx"
--url "https://oauth-openshift.apps.openshift.example.com/oauth/authorize?response_type=token&client_id=openshift-challenging-client"
-v

 

Something like this should be returned. In this example, the Bearer Token is sha256~0Rs__hPuXmBD3TJTXNDisC7wRBN-nrFnYTxgdBrFT-U.

< HTTP/1.1 302 Found
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Expires: 0
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Location: https://oauth-openshift.apps.openshift.example.com/oauth/token/implicit#access_token=sha256~0Rs__hPuXmBD3TJTXNDisC7wRBN-nrFnYTxgdBrFT-U&expires_in=86400&scope=user%3Afull&token_type=Bearer
< Pragma: no-cache
< Pragma: no-cache
< Referrer-Policy: strict-origin-when-cross-origin
< Set-Cookie: ssn=MTYzMzY5MjEzMXxwRUMyUldnaExjWG04R2RTcnBiVXlKSUN3Ymc4MWlxTEg0WUFmZGg4UER0WWdHQ0o4dTRaTDBvRDY5dldPeEJZWW9JUWJ1ZU83QzdxRm1ZWXVJOVI3UEhXaGJ3czZDaTRDb050cUkyVU1Jc3hpeDR6MThrTkZFNTQtcElXdW5qa1hPbF9aRHlKZHk4cEp3UU5LUmxCUG92ZXMta0tCUHZkYUE9PXxHSStSq5LyFVySeQ3Dx8MoIGg-po4-FD71DfcMWuY0Cg==; Path=/; HttpOnly; Secure
< X-Content-Type-Options: nosniff
< X-Dns-Prefetch-Control: off
< X-Frame-Options: DENY
< X-Xss-Protection: 1; mode=block
< Date: Fri, 08 Oct 2021 11:22:11 GMT
< Content-Length: 0
< 

 

--head | grep Location can be included to only return the line containing the token.

curl
--insecure
--request GET
--user john.doe:itsasecret
--header "X-CSRF-Token: xxx"
--url "https://oauth-openshift.apps.opeshift.example.com/oauth/authorize?response_type=token&client_id=openshift-challenging-client"
--head | grep Location

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 47740 in the box below so that we can be sure you are a human.