chgeuer · July 30, 2020 09:41
diff --git a/fetch-blob-with-device-code.sh b/fetch-blob-with-device-code.sh
 #!/bin/bash

 # --proxy http://127.0.0.1:8888/ --insecure \

 aadTenant="chgeuerfte.onmicrosoft.com"
 subscriptionId="724467b5-bee4-484b-bf13-d6a5505d2b51"
 resourceGroup="longterm"
 storageAccountName="chgeuer"
 containerName="aadtest"
 blobName="index.html"

 echo "Printing the 'Storage Blob Data Reader' groups on container ${storageAccountName}/${containerName}"

 az role assignment list \
    --scope "/subscriptions/${subscriptionId}/resourceGroups/${resourceGroup}/providers/Microsoft.Storage/storageAccounts/${storageAccountName}/blobServices/default/containers/${containerName}" \
    | jq "[ .[] | select(.roleDefinitionName == \"Storage Blob Data Reader\") | {principalName: .principalName, principalType: .principalType}]"

 #
 # https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code#device-authorization-request
 #
 resource="https://storage.azure.com/.default"

 az_cli_clientid="04b07795-8ddb-461a-bbee-02f9e1bf7b46"
 clientId="${az_cli_clientid}"

 deviceResponse="$(curl \
    --silent \
    --request POST \
    --data-urlencode "client_id=${clientId}" \
    --data-urlencode "scope=${resource}" \
    "https://login.microsoftonline.com/${aadTenant}/oauth2/v2.0/devicecode")"

 device_code="$(echo "${deviceResponse}" | jq -r ".device_code")"
 sleep_duration="$(echo "${deviceResponse}" | jq -r ".interval")"
 access_token=""

 while [ "${access_token}" == "" ]
 do
    tokenResponse="$(curl \
        --silent \
        --request POST \
        --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \
        --data-urlencode "client_id=${clientId}" \
        --data-urlencode "device_code=${device_code}" \
        "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token")"

    if [ "$(echo "${tokenResponse}" | jq -r ".error")" == "authorization_pending" ]; then
      echo "$(echo "${deviceResponse}" | jq -r ".message")"
      sleep "${sleep_duration}"
    else
      access_token="$(echo "${tokenResponse}" | jq -r ".access_token")"
      echo "User authenticated"
    fi
 done

 #    --header "x-ms-blob-type: BlockBlob" \
 # https://docs.microsoft.com/en-us/rest/api/storageservices/get-blob
 blobUrl="https://${storageAccountName}.blob.core.windows.net/${containerName}/${blobName}"
 curl \
    --silent \
    --request GET \
    --header "x-ms-version: 2019-12-12" \
    --header "Authorization: Bearer ${access_token}" \
    "${blobUrl}"
	#!/bin/bash

	# --proxy http://127.0.0.1:8888/ --insecure \

	aadTenant="chgeuerfte.onmicrosoft.com"
	subscriptionId="724467b5-bee4-484b-bf13-d6a5505d2b51"
	resourceGroup="longterm"
	storageAccountName="chgeuer"
	containerName="aadtest"
	blobName="index.html"

	echo "Printing the 'Storage Blob Data Reader' groups on container ${storageAccountName}/${containerName}"

	az role assignment list \
	--scope "/subscriptions/${subscriptionId}/resourceGroups/${resourceGroup}/providers/Microsoft.Storage/storageAccounts/${storageAccountName}/blobServices/default/containers/${containerName}" \
	\| jq "[ .[] \| select(.roleDefinitionName == \"Storage Blob Data Reader\") \| {principalName: .principalName, principalType: .principalType}]"

	#
	# https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code#device-authorization-request
	#
	resource="https://storage.azure.com/.default"

	az_cli_clientid="04b07795-8ddb-461a-bbee-02f9e1bf7b46"
	clientId="${az_cli_clientid}"

	deviceResponse="$(curl \
	--silent \
	--request POST \
	--data-urlencode "client_id=${clientId}" \
	--data-urlencode "scope=${resource}" \
	"https://login.microsoftonline.com/${aadTenant}/oauth2/v2.0/devicecode")"

	device_code="$(echo "${deviceResponse}" \| jq -r ".device_code")"
	sleep_duration="$(echo "${deviceResponse}" \| jq -r ".interval")"
	access_token=""

	while [ "${access_token}" == "" ]
	do
	tokenResponse="$(curl \
	--silent \
	--request POST \
	--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \
	--data-urlencode "client_id=${clientId}" \
	--data-urlencode "device_code=${device_code}" \
	"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token")"

	if [ "$(echo "${tokenResponse}" \| jq -r ".error")" == "authorization_pending" ]; then
	echo "$(echo "${deviceResponse}" \| jq -r ".message")"
	sleep "${sleep_duration}"
	else
	access_token="$(echo "${tokenResponse}" \| jq -r ".access_token")"
	echo "User authenticated"
	fi
	done

	# --header "x-ms-blob-type: BlockBlob" \
	# https://docs.microsoft.com/en-us/rest/api/storageservices/get-blob
	blobUrl="https://${storageAccountName}.blob.core.windows.net/${containerName}/${blobName}"
	curl \
	--silent \
	--request GET \
	--header "x-ms-version: 2019-12-12" \
	--header "Authorization: Bearer ${access_token}" \
	"${blobUrl}"