kaboot/server/tests/get-token.ts

const AUTHENTIK_URL = process.env.AUTHENTIK_URL || 'http://localhost:9000';
const CLIENT_ID = process.env.CLIENT_ID || 'kaboot-spa';
const APP_SLUG = process.env.APP_SLUG || 'kaboot';
const USERNAME = process.env.TEST_USERNAME || 'kaboottest';
const PASSWORD = process.env.TEST_PASSWORD || 'kaboottest';

async function getTokenViaPasswordGrant(): Promise<string> {
  const tokenUrl = `${AUTHENTIK_URL}/application/o/token/`;

  const params = new URLSearchParams({
    grant_type: 'client_credentials',
    client_id: CLIENT_ID,
    username: USERNAME,
    password: PASSWORD,
    scope: 'openid profile email',
  });

  console.log(`Token URL: ${tokenUrl}`);

  const response = await fetch(tokenUrl, {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: params.toString(),
  });

  if (!response.ok) {
    const error = await response.text();
    throw new Error(`Password grant failed: ${response.status} - ${error}`);
  }

  const data = await response.json();
  return data.access_token;
}

async function main() {
  console.log('Kaboot API Token Generator');
  console.log('==========================\n');
  console.log(`Authentik URL: ${AUTHENTIK_URL}`);
  console.log(`Client ID: ${CLIENT_ID}`);
  console.log(`Username: ${USERNAME}`);
  console.log('');

  try {
    console.log('Attempting password/client_credentials grant...');
    const token = await getTokenViaPasswordGrant();
    console.log('\n✓ Token obtained successfully!\n');
    console.log('=== ACCESS TOKEN ===');
    console.log(token);
    console.log('\n=== EXPORT COMMAND ===');
    console.log(`export TEST_TOKEN="${token}"`);
    return;
  } catch (error) {
    console.log(`✗ ${error instanceof Error ? error.message : error}\n`);
  }

  console.log('=== MANUAL TOKEN SETUP ===\n');
  console.log('Option 1: Create a Service Account in Authentik');
  console.log('  1. Go to: Admin > Directory > Users');
  console.log('  2. Click "Create Service Account"');
  console.log('  3. Give it a name (e.g., "kaboot-test")');
  console.log('  4. Copy the username and token generated');
  console.log('  5. Run: TEST_USERNAME=<username> TEST_PASSWORD=<token> npm run test:get-token\n');

  console.log('Option 2: Get token from browser');
  console.log('  1. Log into Kaboot frontend with Authentik');
  console.log('  2. Open browser DevTools > Application > Local Storage');
  console.log('  3. Find the oidc.user entry');
  console.log('  4. Copy the access_token value');
  console.log('  5. Run: export TEST_TOKEN="<token>"\n');

  console.log('Option 3: Use Authentik API directly');
  console.log('  1. Go to: Admin > Directory > Tokens & App passwords');
  console.log('  2. Create a new token for your user');
  console.log('  3. Use that token for API testing\n');

  process.exit(1);
}

main();