tokget
tokget
is a CLI tool that allows to get a user's access token and ID token by the OpenID Connect protocol.
Features
- authenticates a user without interaction between the browser and user;
- supports arbitrary structure of the login page;
- logs a user out by canceling an ID token.
Limitations
- doesn't expect the consent page after the login page.
Requirements
- Google Chrome 70 or higher.
Installing
From sources:
git clone https://github.com/i-core/tokget
cd tokget
go install ./...
From Docker:
docker pull icoreru/tokget:v1.1.0
Download binary:
curl -Lo /tmp/tokget_linux_amd64.tar.gz 'https://github.com/i-core/tokget/releases/download/v1.1.0/tokget_linux_amd64.tar.gz'
tar -xzf /tmp/tokget_linux_amd64.tar.gz -C /usr/local/bin
# In alpine linux (as it does not come with curl by default)
wget -P /tmp 'https://github.com/i-core/tokget/releases/download/v1.1.0/tokget_linux_amd64.tar.gz'
tar -xzf /tmp/tokget_linux_amd64.tar.gz -C /usr/local/bin
Usage
To authenticate a user tokget
:
- opens the OpenID Connect Provider's login page in a Google Chrome,
- emulates input user's name and password,
- emulates clicking the login button,
- waits for successful authentication and return an access token and ID token.
Run tokget -h
to see a list of available commands.
Login
In terminal:
tokget login -e https://openid-connect-provider -c <client's ID> -r <client's redirect URL> -s openid,profile,email -u username --pwd-std
Note Google Chrome must be in $PATH
.
Via Docker:
docker run --name tokget --rm -it icoreru/tokget:v1.1.0 login -e https://openid-connect-provider -c <client ID> -r <client's redirect URL> -s openid,profile,email -u username -pwd-stdin
Note Image icoreru/tokget
already contains Google Chrome so you don't need to run Google Chrome manually.
To find the username field, password field and login button tokget
uses CSS selectors.
If the username field, password field and the login button doesn't match to the default CSS selectors
you can override this CSS selectors:
tokget --remote-chrome http://localhost:9222 login \
--username-field "#email" \
--password-field "#pass" \
--submit-button "#submit" \
--error-message "#error" \
-e https://openid-connect-provider \
-r <client's redirect URL> \
-s openid,profile,email \
-c client-id \
-u username \
-p password
Note tokget
searches elements on a page using function document.querySelector()
so each your CSS selector should match to only one element.
Logout
In terminal:
tokget logout -e https://openid-connect-provider -t id_token
Via Docker:
docker run --name tokget --rm -it icoreru/tokget:v1.1.0 logout -e https://openid-connect-provider -t id_token
Remote Google Chrome
By default tokget
starts a new Google Chrome process. But you can use an existed Google Chrome process.
This Google Chrome process should be run with enabled debugger, for example:
chrome --no-sandbox --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222
After that you should run tokget
with option --remote-chrome
:
tokget --remote-chrome http://localhost:9222 login -e https://openid-connect-provider -c client-id -u username -p password
Contributing
Thanks for your interest in contributing to this project.
Get started with our Contributing Guide.
License
The code in this project is licensed under MIT license.