Jean-Gabriel Gill-Couture
a4b3d18bd6
Caller must pass `UserPassCredentials` to `FleetNatsScore::user_pass` — no more `e2e-admin`/`e2e-device` defaults shipped in the library. The deploy binary reads `HARMONY_FLEET_*` env vars (default namespace `harmony-fleet-system`) and fails fast when NATS creds aren't set. Also: `style/dist/` gitignored, `manual_mint/mint.py` moved next to `nats/callout/` with README + secrets gitignore (the real RSA key that was sitting untracked has been removed), `architecture_review.md` moved to `docs/adr/drafts/024-`, three low-value ROADMAP docs deleted. Updates pre-merge checklist (§1.6, §1.8, §3.1, §5).
45 lines
1.1 KiB
Python
45 lines
1.1 KiB
Python
import jwt, time, requests
|
|
|
|
# nats api client id
|
|
client_id='371158654990221333'
|
|
key_id ='371358469099356247'
|
|
user_id = '371358469065801815'
|
|
project_id = '366378028009259037'
|
|
# Current value for fleet project id in zitadel
|
|
project_id = '371158654839160853'
|
|
|
|
|
|
key = open("./ops.pem").read()
|
|
now = int(time.time())
|
|
assertion = jwt.encode(
|
|
{
|
|
"iss": user_id,
|
|
"sub": user_id,
|
|
"aud":"http://sso.fleet.local:8080",
|
|
"exp": now+60,
|
|
"iat": now,
|
|
},
|
|
key,
|
|
algorithm="RS256",
|
|
headers={"kid":key_id}
|
|
)
|
|
|
|
r = requests.post("http://sso.fleet.local:8080/oauth/v2/token",
|
|
data={
|
|
"grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer",
|
|
"assertion":assertion,
|
|
"scope":f"openid urn:zitadel:iam:org:projects:roles "
|
|
f"urn:zitadel:iam:org:project:id:{project_id}:aud"
|
|
}
|
|
)
|
|
|
|
print(r.json())
|
|
print("only token")
|
|
token = r.json()["access_token"]
|
|
|
|
print(token)
|
|
|
|
print("Decoded")
|
|
|
|
print(jwt.decode(token, options={'verify_signature': False}))
|