How to print login using curl

Hi,

I have added domain name into Auth0 that redirect from test.abc to auth0 url and from any browser i can login into my application using username and password

But my issue same method i want to do using CURL. I have writing small shell script using CURL which try to login into my application but not getting to login using curl method because of redirecting from domain-name to auth0 which i dont know how to achieve it using CURL

scenario is that
When i login into my application from browser like test.abc when i hit on browser it redirect to auth0 url from there i can login into my application using username and password and from CURL something i need to do along with token it generate.

Sharing u my shell script

#!/bin/bash
# Begin

TEMP=$(getopt -n "$0" -a -l "hostname:,username:,password:,client_id:,client_secret:,audience:,grant_type:,code_verifier:" -- -- "$@")

if [ $? -ne 0 ]; then
    echo "Invalid options provided"
    exit 1
fi

eval set -- "$TEMP"

while [ $# -gt 0 ]; do
    case "$1" in
        --hostname) TEST_HOSTNAME="$2"; shift;;
        --username) TEST_USER="$2"; shift;;
        --password) TEST_PWD="$2"; shift;;
        --client_id) CLIENT_ID="$2"; shift;;
        --client_secret) CLIENT_SECRET="$2"; shift;;
        --audience) AUDIENCE="$2"; shift;;
        --grant_type) GRANT_TYPE="$2"; shift;;
        --code_verifier) CODE_VERIFIER="$2"; shift;;
        --) shift ;;
        *) shift ;;
    esac
    shift
done

REGISTER_URL=${REGISTER_URL:-"https://test.abc"}

# Set default hostname if not provided
if [ -z "$TEST_HOSTNAME" ]; then
    TEST_HOSTNAME="https://test2.abc"
fi

echo " "

# Auth0 Method
auth_url="https://dev-xxxxxxxxxxxx.us.auth0.com/authorize?response_type=code&client_id=xxxxxxxxxxxxxxxxx&redirect_uri=https://test.abc/apis&scope=SCOPE"
echo "Auth URL: $auth_url"

# Login
login_response=$(curl -s -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d "{\"username\": \"$TEST_USER\", \"password\": \"$TEST_PWD\"}" "https://test.abc/login")
if [[ "$login_response" == *"error"* ]]; then
    echo "Login failed: $login_response"
    exit 1
fi

echo " "

# Get access token
token_response=$(curl -s -H "Content-Type: application/json" --request POST --url https://dev-xxxxxxxxxx.us.auth0.com/oauth/token --data "{\"client_id\":\"$CLIENT_ID\",\"client_secret\":\"$CLIENT_SECRET\",\"audience\":\"$AUDIENCE\",\"grant_type\":\"$GRANT_TYPE\"}")

access_token=$(echo $token_response | jq -r '.access_token')

if [ -z "$access_token" ]; then
    echo "Failed to get access token: $token_response"
    exit 1
fi

echo "Generated token is: $access_token"

echo " "

# API Registry
api_registry_response=$(curl -s -H "Accept: application/json" -H "Content-Type: application/json" --location --request POST "$TEST_HOSTNAME/xxxxxxx-run" --header "Authorization: Bearer $access_token" -d "{\".............\"}")

if [[ "$api_registry_response" == *"error"* ]]; then
    echo "API registry failed: $api_registry_response"
    exit 1
fi

echo "Successfully created the API Register."

Here is my output command (THIS IN-COMPLETED COMMAND)

/api1.sh --username "xxxxx" --password "xxxx" --name "Demo"  --client_id "xxxxxxxx" --code_verifier "xxxxxxx" --grant_type "xxxxxxx" --code "xxxxxxx"`

Here is Error and Response Message Output

Auth URL: https://dev-xxxxxxxxx.us.auth0.com/authorize?response_type=code&client_id=xxxxxxxx&redirect_uri=https://test.abc/apis&scope=SCOPE
Login failed: 
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>502 Server Error</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Server Error</h1>
<h2>The server encountered a temporary error and could not complete your request.<p>Please try again in 30 seconds.</h2>
<h2></h2>
</body></html>

Plse HTML page why its coming dont know
First is i should able to login into my application after that it generate token then it registry for new API

Hi @itcloudnet,

I have reviewed your code and noticed that when you get the access token by calling the /oauth/token endpoint, you do not inject the authorization code returned from logging in through the /authorize endpoint.

For example, it should look like this:

curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'code=yourAuthorizationCode}' \
  --data 'redirect_uri={https://yourApp/callback}'

See Call Your API Using the Authorization Code Flow.

Secondly, I noticed that you have included the code_verifier parameter in your code implying the authorization code flow with PKCE, but is missing the code_challenge and code_challenge_method parameters in your /authorize request.

Be careful to use only one of these flows and not mix them up. If your app is Mobile or a SPA, you should use PKCE. Otherwise, use the regular authorization code flow for regular web apps.

There is also the Resource Owner Password Flow, which seems like the flow you are looking for. This is typically used when redirect-based flows like the Authorization Code flow cannot be used.

Let me know how this goes for you.

Thanks,
Rueben

1 Like

Here is im using this command i got from chatgpt

curl --request GET --url 'https://dev-xxxxxxus.auth0.com/authorize?response_type=code&client_id=xxxxxxx&redirect_uri=https://test.abc/apis&scope=SCOPE'

Output command

Found. Redirecting to /u/login?state=hxxxxxxxxxxxxxZkk

After this command i dont know how to get login into my application

Hi @itcloudnet,

The authorization code flow requires user interaction to submit credentials, typically through a browser (e.g., email + password). Therefore, it won’t be possible to interact with the /authorize endpoint purely from a CLI (curl commands).

Because of this, the first step to getting an access token would be to open a browser and log in (/authorize endpoint). Once logged in, the returned response will contain a code, which you can then use the CLI to exchange for an access token (using curl commands to request the /oauth/token endpoint).

Or, there is an option to use the Resource Owner Password Flow. Which passes in the credentials in the request and returns an access token without user interaction.

@rueben.tiow

im using “grant_type”:“client_credentials”

When i type below command in terminal

 curl --request POST \
  --url 'https://dev-xxxxxxxx.us.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id=dUPxxxxxxxxxxxGn' \
  --data 'client_secret=VuxxxxxxxxxgC' \
  --data 'code=LlZxxxxxxxxxxadip' \
  --data 'redirect_uri=https://test.abc'
{"error":"unauthorized_client","error_description":"Grant type 'authorization_code' not allowed for the client.","error_uri":"https://auth0.com/docs/clients/client-grant-types"}

And also i added audience in below command

curl -s -H --request POST \
   --url 'https://dev-xxxxxxx.auth0.com/oauth/token' \
   --header 'content-type: application/x-www-form-urlencoded' \
   --data '{"client_id":"dUxxxxxxxxxxGn","client_secret":"VuMxxxxxxxxxuZgC","audience":"https://dev-xxxxxxx.us.auth0.com/api/v2/","grant_type":"client_credentials"}'
{"error":"access_denied","error_description":"Unauthorized"}

And if i use this below command i got respone

curl --request GET --url 'https://dev-xxxxxxxxx.us.auth0.com/authorize?response_type=code&client_id=OxioxxxxxxxxfI&redirect_uri=https://test.abc/apis&scope=SCOPE'
Found. Redirecting to /u/login?state=hKFo2SBPM2xxxxxxxxxxxxxxxxxxdHd1dUFuNKFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIEs2N201OWZHTVZVdEQyWmFvM0phV3dBdk5HaxxxxxxxxxxxxxxxxxxxxxxxxxKUzhFSWRwTjNLemhWUTxxxxxxxxxxxxxxxxekdMZkkr 

after that command im not able to login into my application

Hi @itcloudnet,

Thanks for the reply.

If you are using "grant_type":"client_credentials", please make sure that your request specifies this. I noticed in your first curl command that you got the Grant type 'authorization_code' not allowed for the client. error message. Note that the authorization code flow and client credentials flow are separate flows and uses slightly different parameters in their request.

Please ensure that your client credentials request looks something like the following:

curl --request POST \
  --url 'https://YOUR_DOMAIN.us.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data audience=YOUR_API_IDENTIFIER

(Reference: Call Your API Using the Client Credentials Flow)

Could you give that a try and let me know how it goes for you?

Thanks,
Rueben

@rueben.tiow

If i give authorization_code like this

curl --request POST \
  --url 'https://dev-xxxxxxxxxxxxxx.us.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id=EdrxxxxxxxxxIyBb' \
  --data 'client_secret=aIAJxxxxxxxxxxxxxxxxxv_3' \
  --data 'code=LlZfxxxxxxxxxxxxxxxxxxadip' \
  --data 'redirect_uri=https://test.abc/'
{"error":"invalid_grant","error_description":"Invalid authorization code"}

if i given client_credentials then i got error

curl --request POST \
  --url 'https://dev-xxxxxxxxxxxxxxxxx.us.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data 'username=rxxxxxxxxxxxxi' \
  --data 'password=Rxxxxxxxxxxxx!' \
  --data 'audience=https://dev-xxxxxxxxxxxxxxxx.us.auth0.com/api/v2' \
  --data scope=read:sample \
  --data 'client_id=EdrxxxxxxxxxxxxxxxxxxIyBb' \
  --data 'client_secret=aIAJxxxxxxxxxxxxxxxxxxv_3'
{"error":"access_denied","error_description":"Service not enabled within domain: https://dev-xxxxxxxxxx.us.auth0.com/api/v2"}

if i use this command i get token in return

url --request POST \
  --url 'https://dev-xxxxxxxxxxxxxxxx.us.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=EdxxxxxxxxxxxxxxxxxxxxxxxyBb \
  --data client_secret=aIAxxxxxxxxxxxxxxxxxxv_3 \
  --data audience=https://dev-xxxxxxxxxxxxxxxxxxx.us.auth0.com/api/v2/

After getting token i use this command

curl --request GET --url 'https://dev-xxxxxxxxx.us.auth0.com/authorize?response_type=code&client_id=EdrxxxxxxxxxxxxxBb&redirect_uri=https://test.abci/apis&scope=SCOPE&audience=https://dev-xxxxxxxxxxxxx.us.auth0.com/api/v2/&state=STATE'

got return output below

Found. Redirecting to /u/login?state=hKFo2SBvOGhxxxxxxxxxxxxxxxxxxxxxxxxVZ2b3lrVEtIVaFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHBrZDNoQnJ3V1owQ0lEeE5aeHJERVJZLVdoV2tvRE5mo2NpZNkgRWRySDNzcW5BZkp0SWhUSxxxxxxxxxxxxxxxxxEl5QmI

and also i use this command also

curl --request GET --url 'https://dev-xxxxxxxxxxxxx.us.auth0.com/authorize?response_type=code|token&client_id=EdrxxxxxxxxxxxxxyBb&connection=CONNECTION&redirect_uri=https://test.abc/apis&state=STATE&ADDITIONAL_PARAMETERS'

below response i got

Found. Redirecting to https://test.abc/apis?error=unsupported_response_type&error_description=Unsupported%20response%20type%3A%20code%7Ctoken&state=STATE

And after im getting redirecting Found message may i know how i can log into my product/application using username and password

Orginial URL is :- https://test.abc when hit browser it will redirect to auth0 page there i need to enter username and password

let me know i can achieve this using curl method

here is the command im trying to login into my

curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${TEST_USER}'", "password": "'${TEST_PWD}'"}' ${REGISTER_URL}/login )

but i got 501 server issue

Hi @itcloudnet,

In your first request, the error states that you have passed in an Invalid authorization code.

Have you ensured that the authorization code is the one you get after logging in on the browser from requesting the /authorize endpoint?

In your second request, you’re using the client_credentials grant, and I noticed that you passed in an incorrect audience identifier. Specifically, it’s missing a trailing slash in https://dev-xxxxxxxxxxxxxxxxxx.us.auth0.com/api/v2. Additionally, I saw that you passed in the username and password properties in the request, but they are not required.

In your third request, that request looks correct when calling your API using the client credentials flow.

Once you have the token, you can use it against the Management API to make calls.

If you still want to log in with email and password, you must follow the authorization code flow, which is browser-based. Alternatively, you can use the ROPG flow for highly trusted non-browser-based flows.

Thanks,
Rueben

ORGINIAL URL which redirect from https://test.abc to below url
https://dev-xxxxxxxxxxxxxxxxxxxxx.us.auth0.com/u/login?state=hKFo2SA0QzdzNURYWxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUUw0Um8tN1lRcENnX25no2NpZNkgRWRySDNzcW5BZkp0SWhUSUFJeHZnR0RnMGFMeEl5QmI

i get state value i didnt get authorization code

can u tel me how to get authorization code? what it required and what i need enable in auth0 website

And authorization code its not working i get 404 not found

Hi @itcloudnet,

You need to log in and provide your email and password on the browser when being redirected to https://dev-xxxxxxxxxxxxxxxxxxxxx.us.auth0.com/u/login?state=hKFo2SA0QzdzNURYWxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUUw0Um8tN1lRcENnX25no2NpZNkgRWRySDNzcW5BZkp0SWhUSUFJeHZnR0RnMGFMeEl5QmI.

In other words, start the login process by going to the URL below in a browser:

https://{yourDomain}/authorize?
    response_type=code&
    client_id={yourClientId}&
    redirect_uri={https://yourApp/callback}&
    scope={scope}&
    audience={apiAudience}&
    state={state}

After you have logged in, the results will return an authorization code with the state. Then, you can use the authorization code to exchange for an access token by calling the oauth/token endpoint using curl.

Does that help?

@rueben.tiow sound good

but i same process i have to do in Github Action using shell script

that means this will be share to new all whoever want to use product by sign into product