-2

According to the document Get Azure AD tokens for service principals:

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token \
-d 'client_id=<client-id>' \
-d 'grant_type=client_credentials' \
-d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \
-d 'client_secret=<client-secret>'

Now, I could get the correct output,like:

enter image description here

The Azure AD access token is in the access_token value within the output of the call.

What I want is that I need the get the value of the access_token and set it to the variable, so that I could use it in next REST API scripts.

But I'm not very familiar with Bash and curl, can anyone offer advice?

Joy
  • 1,171
  • 9
  • 15
  • That looks like JSON formatted data you receive back. So unserialize it (https://www.delftstack.com/howto/linux/parse-json-in-bash/) and then use the `export`` directive to set an environment variable. – arkascha Dec 12 '22 at 06:33
  • In general, the standard output of a command _`C`_ is stored in a bash variable _`v`_ by writing `v=$(C)`. In your example screenshot, we see tht the value of the access token is the last word of the last line of the standard output. Can we assume that this is always the case? Otherwise you have to specify exactly the output format, instead of just posting one example. – user1934428 Dec 12 '22 at 07:50
  • @user1934428 `Can we assume that this is always the case? `--The answer is yes. – Joy Dec 12 '22 at 08:22
  • In this case (and you really should write this into your question instead of posting a scrrenshot), your problem boils down to extract the last word from the standard output of some command. That the command happens to be `curl` is irrelevant then, and I would remove the _curl_ and _azure_ tag from the question. Assuming that a _word_ is a sequence of non-blanks, you could for instance turn your output into a list of words with `grep -owE '[^ ]+'` (which produces each word in a separate line) and then use `tail` to extract the last one. – user1934428 Dec 12 '22 at 08:41
  • @user1934428 don't use grep/tail to parse json, instead use [jq](https://github.com/stedolan/jq/blob/master/README.md) – hanshenrik Dec 12 '22 at 09:41
  • I did not intend to parse json. The OP confirmed in his comment that he simply wants to extract the last word of the output. – user1934428 Dec 12 '22 at 09:56

1 Answers1

1

use jq to extract access_token from the json, and VAR=$(...) to store it in a variable,

ACCESS_TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token \
-d 'client_id=<client-id>' \
-d 'grant_type=client_credentials' \
-d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \
-d 'client_secret=<client-secret>' \
| jq -r .access_token )

then you can use ACCESS_TOKEN like

curl -d access_token="$ACCESS_TOKEN"
  • but be wary, bash is a shitty scripting language, you should not attempt to use bash for complex logic, you should probably switch to a better scripting language like Python, Perl, or PHP, rather than implementing complex logic in Bash. (same goes for Windows's cmd and PowerShell. all 3 are languages unsuitable, but not incapable, of complex logic)
hanshenrik
  • 19,904
  • 4
  • 43
  • 89