You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 26, 2024. It is now read-only.
using the step CLI (https://github.com/smallstep/cli) to get the original token (note i had to add the offline_access scope in order to get a refresh token returned)
bcallaway@bcallaway01:~/git/cli$ ./step oauth --provider=https://oauth2.sigstore.dev/auth --client-id=sigstore --listen localhost:0 --scope=offline_access --scope=openid --scope=email
Your default web browser has been opened to visit:
https://oauth2.sigstore.dev/auth/auth?client_id=sigstore&code_challenge=aluzr7mxRYMJL3RoKpc4RmiV_6QhVtfE7UqyMtiEVs8&code_challenge_method=S256&nonce=4e9be4ae88b7960663afca65aae7635e178a8c456f5045a3a49e6b1d2fcf4db1&redirect_uri=http%3A%2F%2Flocalhost%3A34241&response_type=code&scope=offline_access+openid+email&state=OlBmRKFxTEQ7o37Su1V29lvIsewnLdhg
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOTdjOWI4ZThhMTk3NzEwZTUyYTZiOTg4NTM3YWIwM2U0MDJjNTYifQ.eyJpc3MiOiJodHRwczovL29hdXRoMi5zaWdzdG9yZS5kZXYvYXV0aCIsInN1YiI6IkNoVXhNVGN6TmpFd05UWTBOVFkwT0RnMU9EWXlORE1TRzJoMGRIQnpPaTh2WVdOamIzVnVkSE11WjI5dloyeGxMbU52YlEiLCJhdWQiOiJzaWdzdG9yZSIsImV4cCI6MTY0MzAzNzc3MCwiaWF0IjoxNjQzMDM3NzEwLCJub25jZSI6IjRlOWJlNGFlODhiNzk2MDY2M2FmY2E2NWFhZTc2MzVlMTc4YThjNDU2ZjUwNDVhM2E0OWU2YjFkMmZjZjRkYjEiLCJhdF9oYXNoIjoiQlAwWWlWMHVBNTFKOWxhQVpMNE9sQSIsImVtYWlsIjoiYmNhbGxhd2F5QGdvb2dsZS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmVkZXJhdGVkX2NsYWltcyI6eyJjb25uZWN0b3JfaWQiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJ1c2VyX2lkIjoiMTE3MzYxMDU2NDU2NDg4NTg2MjQzIn19.h5wHyhhX2AVZbs9GRiAYfxeOx3IFan46B4XY2OPnwJZYh2yE2Zn3d9kmCZcFD2189VeBUyXOKoV8OZwPWHouGZq4qxYn8yqdJP2weQybVASSFtu2nDaMeavVfb5_Si9P07V8hmmEn7Gm6wxSsS0bhbvBYpj-90uF7TdEePqPfYZAyNQvEEBV2UmvZUhwt7sCwAmgvWxj6RNYyfmWeooczCUpbiDZxr0-J9K3Fpdd5qYz1mXjb5waoKDAHmWMs6xO5YA4QbvmLyMChcqnBIvBr0nrZvP4qTOS6zCNiW5R0e4u6oIEtJpMzt4BRpEUxEQJlpQ2utWpg5D39-jt-u_9qQ",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOTdjOWI4ZThhMTk3NzEwZTUyYTZiOTg4NTM3YWIwM2U0MDJjNTYifQ.eyJpc3MiOiJodHRwczovL29hdXRoMi5zaWdzdG9yZS5kZXYvYXV0aCIsInN1YiI6IkNoVXhNVGN6TmpFd05UWTBOVFkwT0RnMU9EWXlORE1TRzJoMGRIQnpPaTh2WVdOamIzVnVkSE11WjI5dloyeGxMbU52YlEiLCJhdWQiOiJzaWdzdG9yZSIsImV4cCI6MTY0MzAzNzc3MCwiaWF0IjoxNjQzMDM3NzEwLCJub25jZSI6IjRlOWJlNGFlODhiNzk2MDY2M2FmY2E2NWFhZTc2MzVlMTc4YThjNDU2ZjUwNDVhM2E0OWU2YjFkMmZjZjRkYjEiLCJhdF9oYXNoIjoiTjA1MGR5RGRHa3VyNk9lVUhoVE5yZyIsImNfaGFzaCI6IjBXc0dxdVMxeTVDUnB2SEJBbEk4ckEiLCJlbWFpbCI6ImJjYWxsYXdheUBnb29nbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImZlZGVyYXRlZF9jbGFpbXMiOnsiY29ubmVjdG9yX2lkIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwidXNlcl9pZCI6IjExNzM2MTA1NjQ1NjQ4ODU4NjI0MyJ9fQ.aHHcJ0gL9LgER4Ud2u4NvYKEQlwWFdkGcQKtW8pYpWDCc-WvPbEaiR6woJCH8LdtnCJfnPsw8bJSJhFkD23TgIxTtAStpXjiZQbKhexl_CdLzw88HGQ-ndxpa2ckuT98Bts2XeBwP8u9fUBvSHD3y-79jornv7EDgkr8NRfCN6acEVVIWmxXV7PGUlZhv_4HoiktL3tlBkneDHLHKJUsm_kwlT41dEzGzIQFYJN4fJU-sXuWj9qYcy2fck3o8jVPgWO8cB7E4xLC4jF9wJ5dz4zBxQY4EkabsfrpkiHHeh53dUft8e9vGX9fLnxbZ-xiwR2KG5x831h7nqWoX1tmLA",
"refresh_token": "ChlqaWVxc2RobjVkNTczankzY3Y0bjdoYTd1EhlyMzUzeWtjM3NnNHBrcHd2bmt0Mmxyd2k0",
"expires_in": 59,
"token_type": "bearer"
}
Also note that for every refresh of an id token, Dex issues a new refresh token. This security measure is called refresh token rotation and prevents someone stealing it.
From Bob Callaway (sigtore Slack)
using the step CLI (https://github.com/smallstep/cli) to get the original token (note i had to add the offline_access scope in order to get a refresh token returned)
then
Also note that for every refresh of an id token, Dex issues a new refresh token. This security measure is called refresh token rotation and prevents someone stealing it.