tokget is a CLI tool that allows to get a user's access token and ID token by the OpenID Connect protocol.
Features
- authenticates a user without interaction between the browser and user;
- supports arbitrary structure of the login page;
- logs a user out by canceling an ID token.
Limitations
- doesn't expect the consent page after the login page.
Requirements
- Google Chrome 70 or higher.
From sources:
git clone https://github.com/i-core/tokget
cd tokget
go install ./...From Docker:
docker pull icoreru/tokget:v1.1.0Download binary:
curl -Lo /tmp/tokget_linux_amd64.tar.gz 'https://github.com/i-core/tokget/releases/download/v1.1.0/tokget_linux_amd64.tar.gz'
tar -xzf /tmp/tokget_linux_amd64.tar.gz -C /usr/local/bin
# In alpine linux (as it does not come with curl by default)
wget -P /tmp 'https://github.com/i-core/tokget/releases/download/v1.1.0/tokget_linux_amd64.tar.gz'
tar -xzf /tmp/tokget_linux_amd64.tar.gz -C /usr/local/binTo authenticate a user tokget:
- opens the OpenID Connect Provider's login page in a Google Chrome,
- emulates input user's name and password,
- emulates clicking the login button,
- waits for successful authentication and return an access token and ID token.
Run tokget -h to see a list of available commands.
In terminal:
tokget login -e https://openid-connect-provider -c <client's ID> -r <client's redirect URL> -s openid,profile,email -u username --pwd-stdNote Google Chrome must be in $PATH.
Via Docker:
docker run --name tokget --rm -it icoreru/tokget:v1.1.0 login -e https://openid-connect-provider -c <client ID> -r <client's redirect URL> -s openid,profile,email -u username -pwd-stdinNote Image icoreru/tokget already contains Google Chrome so you don't need to run Google Chrome manually.
To find the username field, password field and login button tokget uses CSS selectors.
If the username field, password field and the login button doesn't match to the default CSS selectors
you can override this CSS selectors:
tokget --remote-chrome http://localhost:9222 login \
--username-field "#email" \
--password-field "#pass" \
--submit-button "#submit" \
--error-message "#error" \
-e https://openid-connect-provider \
-r <client's redirect URL> \
-s openid,profile,email \
-c client-id \
-u username \
-p passwordNote tokget searches elements on a page using function document.querySelector()
so each your CSS selector should match to only one element.
In terminal:
tokget logout -e https://openid-connect-provider -t id_tokenVia Docker:
docker run --name tokget --rm -it icoreru/tokget:v1.1.0 logout -e https://openid-connect-provider -t id_tokenBy default tokget starts a new Google Chrome process. But you can use an existed Google Chrome process.
This Google Chrome process should be run with enabled debugger, for example:
chrome --no-sandbox --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222After that you should run tokget with option --remote-chrome:
tokget --remote-chrome http://localhost:9222 login -e https://openid-connect-provider -c client-id -u username -p passwordThanks for your interest in contributing to this project. Get started with our Contributing Guide.
The code in this project is licensed under MIT license.