-
Notifications
You must be signed in to change notification settings - Fork 47
/
Copy pathget_access_token.js
executable file
·110 lines (100 loc) · 5.23 KB
/
get_access_token.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env node
import { ArgumentParser } from 'argparse';
import { AccessToken } from '../src/access_token.js';
import { ApiConfig } from '../src/api_config.js';
import { common_arguments } from '../src/arguments.js';
import { User } from '../src/user.js';
import { Scope, print_scopes } from '../src/oauth_scope.js';
/**
* The arguments for this script are intended to be used as follows:
* -w / --write :
* Save the access token to a file in JSON format so that it can be used with other scripts.
* The name of the file is based on the 'name' attribute of the AccessToken object, which defaults to access_token,
* so the default file name is access_token.json. The directory used to store the file is in the
* PINTEREST_OAUTH_TOKEN_DIR environment variable, which is set to ../../common/oauth_tokens/ by
* the api_env script described in the top-level README for this repo. The access_token.json
* file written by this script may be renamed so that it is available for future use. For example,
* renaming access_token.json to my_account_token.json could then be retrieved by calling:
* AccessToken(api_config, name='my_account_token').fetch()
* -ct / --cleartext :
* It is best practice not to print credentials like access tokens and refresh tokens in clear text,
* so this script prints SHA256 hashes of tokens so that developers can check whether token values
* have changed. However, engineers at Pinterest requested the capability to print tokens in clear text,
* which is implemented using this argument.
* -s / --scopes :
* To provide a quick start for new developers, this script requests an access token with the default
* set of scopes for the application provided in the environment (with the PINTEREST_APP_ID and
* PINTEREST_APP_SECRET variables). This argument, which requires a comma-separated list of valid
* OAuth scopes, allows experimentation with different sets of scopes. Specifying scopes prevents
* the access token from being read from the environment or file system, and forces the use of
* the browser-based OAuth process.
* -c / --client-credentials:
* This option is used to request an access token for the user account
* associated with the PINTEREST_APP_ID. Use this option to avoid the need
* to do the manual part of the OAuth process with at web browser.
*/
async function main(argv) {
const parser = new ArgumentParser({ description: 'Get Pinterest OAuth token' });
parser.add_argument('-w', '--write', { action: 'store_true', help: 'write access token to file' });
parser.add_argument('-ct', '--cleartext', { action: 'store_true', help: 'print the token in clear text' });
parser.add_argument('-s', '--scopes', { help: 'comma separated list of scopes or "help"' });
parser.add_argument('-c', '--client_credentials', { action: 'store_true', help: 'access the application user account' });
common_arguments(parser);
const args = parser.parse_args(argv);
// get configuration from defaults and/or the environment
const api_config = new ApiConfig({ verbosity: args.log_level });
// Note: It's possible to use the same API configuration with
// multiple access tokens, so these objects are kept separate.
const access_token = new AccessToken(api_config, { name: args.access_token });
if (args.scopes) {
if (args.scopes === 'help') {
print_scopes(); // print the valid set of scopes for the selected API version
process.exit(0);
}
// use the comma-separated list of scopes passed as a command-line argument
const scopes = args.scopes.split(',').map(scopeArg => {
const scope = Scope[scopeArg.toUpperCase()];
if (scope) {
return scope;
}
console.log('Invalid scope:', scopeArg);
print_scopes();
process.exit(1);
});
await access_token.oauth({ scopes, client_credentials: args.client_credentials });
} else {
// Try the different methods for getting an access token: from the environment,
// from a file, and from Pinterest via the browser.
try {
await access_token.fetch({ client_credentials: args.client_credentials });
} catch (error) { // probably because scopes are required
parser.error(error);
}
}
// Note: It is best practice not to print credentials in clear text.
// Pinterest engineers asked for this capability to make it easier to support partners.
if (args.cleartext) {
console.warn('Please keep clear text tokens secure!');
console.log('clear text access token:', access_token.access_token);
}
console.log('hashed access token:', access_token.hashed());
if (access_token.refresh_token) {
if (args.cleartext) {
console.log('clear text refresh token:', access_token.refresh_token);
}
console.log('hashed refresh token:', access_token.hashed_refresh_token());
}
// Save the token, if requested. The comment at the top of this script provides more
// information about this feature.
if (args.write) {
console.log('writing access token');
access_token.write();
}
// use the access token to get information about the user
const user = new User(api_config, access_token);
const user_data = await user.get();
user.print_summary(user_data);
}
if (!process.env.TEST_ENV) {
main(process.argv.slice(2));
}