Last active
April 28, 2026 20:18
-
-
Save warroyo/1a8bc8e467839603e6cd6ec0a22fcda2 to your computer and use it in GitHub Desktop.
test api token
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import urllib3 | |
| import json | |
| # Disable SSL warnings | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| # --- Configuration --- | |
| FQDN = "auto-a.site-a.vcf.lab" | |
| TENANT_NAME = "Broadcom" | |
| USERNAME = "your_username" | |
| PASSWORD = "your_password" | |
| BASE_URL = f"https://{FQDN}" | |
| def get_vcf9_refresh_token_jwt(): | |
| session = requests.Session() | |
| session.verify = False | |
| # --- STEP 1: Basic Auth Login to get the Session JWT --- | |
| login_url = f"{BASE_URL}/cloudapi/1.0.0/sessions" | |
| login_headers = {"Accept": "application/json;version=40.0"} | |
| vcd_user = f"{USERNAME}@{TENANT_NAME}" | |
| print(f"[*] Logging in as {vcd_user}...") | |
| l_res = session.post(login_url, auth=(vcd_user, PASSWORD), headers=login_headers) | |
| # This is the 'Bearer' token we need | |
| session_jwt = l_res.headers.get("x-vmware-vcloud-access-token") | |
| if not session_jwt: | |
| print("[-] Failed to get session JWT.") | |
| return | |
| print("[+] Session JWT acquired.") | |
| # --- STEP 2: Register the Client --- | |
| reg_url = f"{BASE_URL}/oauth/tenant/{TENANT_NAME}/register" | |
| reg_headers = { | |
| "Authorization": f"Bearer {session_jwt}", | |
| "Content-Type": "application/json", | |
| "Accept": "application/json;version=40.0" | |
| } | |
| print(f"[*] Registering OAuth Client...") | |
| r_res = session.post(reg_url, json={"client_name": "VCF_JWT_Flow_Script"}, headers=reg_headers) | |
| if r_res.status_code not in [200, 201]: | |
| print(f"[-] Registration failed: {r_res.text}") | |
| return | |
| client_info = r_res.json() | |
| client_id = client_info.get('client_id') | |
| print(f"[+] Client Registered: {client_id}") | |
| # --- STEP 3: JWT Bearer Exchange (The one from your screenshot) --- | |
| token_url = f"{BASE_URL}/oauth/tenant/{TENANT_NAME}/token" | |
| # We send the session_jwt AS the assertion/assertion_type | |
| token_payload = { | |
| "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", | |
| "assertion": session_jwt, | |
| "client_id": client_id, | |
| "scope": "openid offline_access" | |
| } | |
| token_headers = { | |
| "Content-Type": "application/x-www-form-urlencoded", | |
| "Accept": "application/json" | |
| } | |
| print(f"[*] Exchanging JWT Bearer for Refresh Token...") | |
| t_res = session.post(token_url, data=token_payload, headers=token_headers) | |
| if t_res.status_code == 200: | |
| refresh_token = t_res.json().get("refresh_token") | |
| print("\n" + "="*50) | |
| print("SUCCESS! REFRESH TOKEN ACQUIRED") | |
| print("="*50) | |
| print(refresh_token) | |
| print("="*50) | |
| else: | |
| print(f"[-] Exchange failed ({t_res.status_code}): {t_res.text}") | |
| if __name__ == "__main__": | |
| get_vcf9_refresh_token_jwt() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment