How to print login using curl

Hi,

I have added domain name into Auth0 that redirect from test.abc to auth0 url and from any browser i can login into my application using username and password

But my issue same method i want to do using CURL. I have writing small shell script using CURL which try to login into my application but not getting to login using curl method because of redirecting from domain-name to auth0 which i dont know how to achieve it using CURL

scenario is that
When i login into my application from browser like test.abc when i hit on browser it redirect to auth0 url from there i can login into my application using username and password and from CURL something i need to do along with token it generate.

Sharing u my shell script

#!/bin/bash
# Begin

TEMP=$(getopt -n "$0" -a -l "hostname:,username:,password:,client_id:,client_secret:,audience:,grant_type:,code_verifier:" -- -- "$@")

if [ $? -ne 0 ]; then
    echo "Invalid options provided"
    exit 1
fi

eval set -- "$TEMP"

while [ $# -gt 0 ]; do
    case "$1" in
        --hostname) TEST_HOSTNAME="$2"; shift;;
        --username) TEST_USER="$2"; shift;;
        --password) TEST_PWD="$2"; shift;;
        --client_id) CLIENT_ID="$2"; shift;;
        --client_secret) CLIENT_SECRET="$2"; shift;;
        --audience) AUDIENCE="$2"; shift;;
        --grant_type) GRANT_TYPE="$2"; shift;;
        --code_verifier) CODE_VERIFIER="$2"; shift;;
        --) shift ;;
        *) shift ;;
    esac
    shift
done

REGISTER_URL=${REGISTER_URL:-"https://test.abc"}

# Set default hostname if not provided
if [ -z "$TEST_HOSTNAME" ]; then
    TEST_HOSTNAME="https://test2.abc"
fi

echo " "

# Auth0 Method
auth_url="https://dev-xxxxxxxxxxxx.us.auth0.com/authorize?response_type=code&client_id=xxxxxxxxxxxxxxxxx&redirect_uri=https://test.abc/apis&scope=SCOPE"
echo "Auth URL: $auth_url"

# Login
login_response=$(curl -s -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d "{\"username\": \"$TEST_USER\", \"password\": \"$TEST_PWD\"}" "https://test.abc/login")
if [[ "$login_response" == *"error"* ]]; then
    echo "Login failed: $login_response"
    exit 1
fi

echo " "

# Get access token
token_response=$(curl -s -H "Content-Type: application/json" --request POST --url https://dev-xxxxxxxxxx.us.auth0.com/oauth/token --data "{\"client_id\":\"$CLIENT_ID\",\"client_secret\":\"$CLIENT_SECRET\",\"audience\":\"$AUDIENCE\",\"grant_type\":\"$GRANT_TYPE\"}")

access_token=$(echo $token_response | jq -r '.access_token')

if [ -z "$access_token" ]; then
    echo "Failed to get access token: $token_response"
    exit 1
fi

echo "Generated token is: $access_token"

echo " "

# API Registry
api_registry_response=$(curl -s -H "Accept: application/json" -H "Content-Type: application/json" --location --request POST "$TEST_HOSTNAME/xxxxxxx-run" --header "Authorization: Bearer $access_token" -d "{\".............\"}")

if [[ "$api_registry_response" == *"error"* ]]; then
    echo "API registry failed: $api_registry_response"
    exit 1
fi

echo "Successfully created the API Register."

Here is my output command (THIS IN-COMPLETED COMMAND)

/api1.sh --username "xxxxx" --password "xxxx" --name "Demo"  --client_id "xxxxxxxx" --code_verifier "xxxxxxx" --grant_type "xxxxxxx" --code "xxxxxxx"`

Here is Error and Response Message Output

Auth URL: https://dev-xxxxxxxxx.us.auth0.com/authorize?response_type=code&client_id=xxxxxxxx&redirect_uri=https://test.abc/apis&scope=SCOPE
Login failed: 
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>502 Server Error</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Server Error</h1>
<h2>The server encountered a temporary error and could not complete your request.<p>Please try again in 30 seconds.</h2>
<h2></h2>
</body></html>

Plse HTML page why its coming dont know
First is i should able to login into my application after that it generate token then it registry for new API

Hi @itcloudnet,

I have reviewed your code and noticed that when you get the access token by calling the /oauth/token endpoint, you do not inject the authorization code returned from logging in through the /authorize endpoint.

For example, it should look like this:

curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'code=yourAuthorizationCode}' \
  --data 'redirect_uri={https://yourApp/callback}'

See Call Your API Using the Authorization Code Flow.

Secondly, I noticed that you have included the code_verifier parameter in your code implying the authorization code flow with PKCE, but is missing the code_challenge and code_challenge_method parameters in your /authorize request.

Be careful to use only one of these flows and not mix them up. If your app is Mobile or a SPA, you should use PKCE. Otherwise, use the regular authorization code flow for regular web apps.

There is also the Resource Owner Password Flow, which seems like the flow you are looking for. This is typically used when redirect-based flows like the Authorization Code flow cannot be used.

Let me know how this goes for you.

Thanks,
Rueben

1 Like

Here is im using this command i got from chatgpt

curl --request GET --url 'https://dev-xxxxxxus.auth0.com/authorize?response_type=code&client_id=xxxxxxx&redirect_uri=https://test.abc/apis&scope=SCOPE'

Output command

Found. Redirecting to /u/login?state=hxxxxxxxxxxxxxZkk

After this command i dont know how to get login into my application

Hi @itcloudnet,

The authorization code flow requires user interaction to submit credentials, typically through a browser (e.g., email + password). Therefore, it won’t be possible to interact with the /authorize endpoint purely from a CLI (curl commands).

Because of this, the first step to getting an access token would be to open a browser and log in (/authorize endpoint). Once logged in, the returned response will contain a code, which you can then use the CLI to exchange for an access token (using curl commands to request the /oauth/token endpoint).

Or, there is an option to use the Resource Owner Password Flow. Which passes in the credentials in the request and returns an access token without user interaction.