Cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Foundry refresh token

Pioneer
Pioneer

Hello,

I am working on a shell script for Mindsphere app deployment. I want to use CF OAuth access-token and refresh-token for authentication into CloudFoundry. Initially, I login into CF API using https://login.cf.eu1.mindsphere.io/passcode temporary code and using CF CLI (cf oauth-token) I can get the access token not but not refresh token. Is there any way I can get refresh token so that I do not require to login again and again. 

 

Thanks,

Divya Garg 

4 REPLIES 4

Re: Cloud Foundry refresh token

First login into the CF using your passcode (This is a POST request to https://login.cf.eu1.mindsphere.io/oauth/token, using basic auth with cf as login name and without password and you will get refresh_token in the response


p1.PNG

curl -X POST \
  https://login.cf.eu1.mindsphere.io/oauth/token \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic Y2Y6' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Host: login.cf.eu1.mindsphere.io' \
  -H 'Postman-Token: 1f828b1b-6e53-4453-af19-a4c6d3f2f98d,53702ed4-2c25-4c94-82fa-3a32f99e2ff4' \
  -H 'User-Agent: PostmanRuntime/7.15.0' \
  -H 'accept-encoding: gzip, deflate' \
  -H 'cache-control: no-cache' \
  -H 'content-length: 46' \
  -d 'grant_type=password&passcode=ONETIMECODE&scope='

This yields the refresh_token in the response

 

after that you can ask for new token and new refresh_token using POST to /oauth/token using refresh_token

 p2.png

 

curl -X POST \
  https://login.cf.eu1.mindsphere.io/oauth/token \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic Y2Y6' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Host: login.cf.eu1.mindsphere.io' \
  -H 'Postman-Token: 8075b581-2be4-48ce-8e4c-21305ffe624b,1a83ae0c-80f6-482e-9ed7-06687da28ad6' \
  -H 'User-Agent: PostmanRuntime/7.15.0' \
  -H 'accept-encoding: gzip, deflate' \
  -H 'cache-control: no-cache' \
  -H 'content-length: 1247' \
  -d 'grant_type=refresh_token&client_secret=&client_id=cf&refresh_token=STOREDREFRESHTOKEN'

Re: Cloud Foundry refresh token

Legend
Legend

@darthsn0wcat So we could use this approach for our deployment in gitlab-ci in devops-demo, without having to enter the tokens manually each month? I don't think I have seen this approach documented anywhere.

Re: Cloud Foundry refresh token

@dlouzan the refresh token seems to not automatically renew every time you get access_token and it still has expire time of one month, so I guess it will be necessary to log in every month after all.

Re: Cloud Foundry refresh token

Legend
Legend

@darthsn0wcat But I guess we could just login each time via script in our gitlab-ci yaml, isnt't it? Just use the user credentials as protected variables. Not ideal but at least we wouldn't have to perform the manual login step and overwriting of token values in CI.