12

I want to get data from cloud foundry using curl, but I'm not able to authenticate (oauth against CF). Please, could someone point me to and example how to get oauth token? I want to use login name and password.

Thanks

Pat
  • 391
  • 2
  • 3
  • 13

4 Answers4

17

This isn't exactly what you asked for, but if a recent cf cli is installed you can login as normal and then use the cf curl command to run raw requests.

For example

$ cf login (or cf auth for non-interactive login)
$ cf curl /v2/spaces/c4e73f65-4dbc-47dc-9d21-e8c566c40587/summary

To use actual curl, again using the cf cli, retrieve the bearer token with:

$ cf oauth-token

Then execute your curl command with an Authorization header:

$ curl --header 'Authorization: bearer ...' https://api.example.com/v2/spaces/c4e73f65-4dbc-47dc-9d21-e8c566c40587/summary
Scott Anderson
  • 1,666
  • 12
  • 12
  • Hmm ... got token, but the curl returns: `{"code":10002,"description":"Authentication error","error_code":"CF-NotAuthenticated"}` ; I've used your curl example. – Pat Jan 19 '15 at 14:03
  • Make sure you have the entire token starting with bearer after the Authorization header and that it is not munged somehow. Also check to see if you are using a modern cf cli https://github.com/cloudfoundry/cli/releases – Scott Anderson Jan 20 '15 at 14:56
5

Try this. I found it in the Cloud Foundry docs: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#oauth2-token-endpoint

curl -v -XPOST -H"Application/json" -u "cf:" --data "username=<username>&password=<password>&client_id=cf&grant_type=password&response_type=token" https://login.run.pivotal.io/oauth/token
Scott Green
  • 51
  • 1
  • 2
  • note that the login api is usually served from a different subdomain than the api. We run cf in-house, and have login.cf.ourcompany.com and api.cf.ourcompany.com – Bryan Young Jan 20 '17 at 16:52
  • Thanks, `client_id` and `response_type` can be skipped. – Saikat May 30 '20 at 06:31
3

If you have already logged in using cf, you will find that the authorization token is stored in ~/.cf/config.json under they key "AccessToken". You can easily pull it out of there.

If you need to get the Authorization bearer token yourself without using the cf CLI you can follow the instructions at https://www.ng.bluemix.net/docs/#services/AppUserRegistry/index.html#appuserregistry . You can also export CF_TRACE=true and then do a cf login yourself and watch the REST dance the CLI does with the server to get the authorization token.

esnible
  • 340
  • 2
  • 10
0

The username, password should be base 64 encoded. Url should be login endpoint of your pcf service.

curl https://login.<url>.com/oauth/token -X POST --user "cf:"  -H 'Content-Type: application/x-www-form-urlencoded' -d "username=<user>&password=<password>&client_id=cf&grant_type=password&response_type=token"
Apurva Singh
  • 4,534
  • 4
  • 33
  • 42