-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtoken-gen.py
54 lines (44 loc) · 1.34 KB
/
token-gen.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import json
import time
import requests
from authlib.jose import jwt
import os
from dotenv import load_dotenv
load_dotenv()
ZITADEL_DOMAIN = 'https://example.zitadel.cloud'
CLIENT_PRIVATE_KEY_FILE_PATH = '/tmp/examples/250735228274868582.json'
ZITADEL_TOKEN_URL = 'https://example.zitadel.cloud/oauth/v2/token'
PROJECT_ID = '250719447407395280'
# Load the downloaded JSON file
with open(CLIENT_PRIVATE_KEY_FILE_PATH, "r") as f:
json_data = json.load(f)
private_key = json_data["key"]
kid = json_data["keyId"]
user_id = json_data["userId"]
# Create JWT header and payload
header = {
"alg": "RS256",
"kid": kid
}
payload = {
"iss": user_id,
"sub": user_id,
"aud": ZITADEL_DOMAIN,
"iat": int(time.time()),
"exp": int(time.time()) + 3600
}
# Sign the JWT
jwt_token = jwt.encode(header, payload, private_key)
# Request an OAuth token from ZITADEL
data = {
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"scope": f"openid profile email urn:zitadel:iam:org:project:id:{PROJECT_ID}:aud read:messages",
"assertion": jwt_token
}
response = requests.post(ZITADEL_TOKEN_URL, data=data)
if response.status_code == 200:
access_token = response.json()["access_token"]
print(f"Response: {response.json()}")
print(f"Access token: {access_token}")
else:
print(f"Error: {response.status_code} - {response.text}")