Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/elmarx/mouflon

Command-line OIDC client
https://github.com/elmarx/mouflon

cli deno keycloak oidc

Last synced: 5 days ago
JSON representation

Command-line OIDC client

Host: GitHub
URL: https://github.com/elmarx/mouflon
Owner: elmarx
License: mit
Created: 2020-08-06T15:19:50.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-11-11T09:38:43.000Z (about 3 years ago)
Last Synced: 2023-03-11T19:22:59.157Z (over 1 year ago)
Topics: cli, deno, keycloak, oidc
Language: TypeScript
Homepage:
Size: 59.6 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# 🐑 Mouflon — CLI tool to get OIDC tokens

Mouflon acts as an *OIDC client* to retrieve an **access token** from an OIDC provider.

Upon initial execution, it opens a browser and executes the typical OIDC redirects to get an *access token*
via *authorization_code* grant.

If successful, it caches the *access token response* (thus both the *access token* and the *refresh token*), and then
returns the *access token* (as long as it's valid), or uses the *refresh token* to refresh the *access token*
and of course return the new *access token*. If also the *refresh token* is expired, it again opens the browser to execute
the OIDC authorization.

## Status

*mouflon* works, but is pretty basic and not very flexible.

- opening the browser works only in Linux and the fallback solution is implemented very naively
- supports only keycloak, only a single realm and a single client
- close to no error handling. So it will throw stack traces without any hints upon errors

Of course all of these are possible future improvements :)

## Installation

Mouflon uses [*deno*](https://deno.land/), so make sure to have it [installed](https://deno.land/#installation).

Place file `mouflon.ts` into your `$PATH` (e.g. `~/bin`) and set the execution-bit (e.g. `chmod +x mouflon.ts`).

## Configuration

### Keycloak

Create an OIDC client (Standard flow enabled), should be "confidential", allow `http://localhost:4800/` as redirect URL.

Download the "*Keycloak OIDC JSON*" file available under the "*Installation*" tab.

### Mouflon

Copy said JSON-file into `~/.config/mouflon/default.json` (if you set `$XDG_CONFIG_HOME` replace `~/.config` with that value).

Future versions could allow other configurations (selectable via CLI-arg) and other providers.

Currently, *mouflon* does **not** validate the JSON file.

## Usage

Simply execute `mouflon.ts` or `./mouflon.ts`

## Examples

for bash

```shell script
curl -H "Authorization: Bearer $(mouflon.ts)" https://example.com/protected
```

or fish shell

```shell script
AT=(mouflon.ts) curl -H "Authorization: Bearer $AT" https://example.com/protected
```