#!/usr/bin/env bash # Test script for J3 authentication flow # Usage: ./scripts/test-auth-flow.sh set -euo pipefail API_URL="${API_URL:-http://localhost:3000}" echo "=== AgentHub J3 Authentication Flow Test ===" echo "" # 1. Create agent echo "1. Creating agent..." AGENT_RESPONSE=$(curl -s -X POST "${API_URL}/api/v1/agents" \ -H "Content-Type: application/json" \ -d '{ "name": "test-agent-'$(date +%s)'", "displayName": "Test Agent", "role": "agent" }') AGENT_ID=$(echo "$AGENT_RESPONSE" | jq -r '.id') echo " Agent ID: $AGENT_ID" echo "" # 2. List agents echo "2. Listing agents..." curl -s -X GET "${API_URL}/api/v1/agents" | jq '.[0:2]' echo "" # 3. Issue API token echo "3. Issuing API token..." TOKEN_RESPONSE=$(curl -s -X POST "${API_URL}/api/v1/agents/${AGENT_ID}/tokens" \ -H "Content-Type: application/json" \ -d '{"scopes": {"read": true, "write": true}}') API_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.secret') TOKEN_ID=$(echo "$TOKEN_RESPONSE" | jq -r '.id') echo " Token ID: $TOKEN_ID" echo " Token (secret): ${API_TOKEN:0:20}..." echo "" # 4. Exchange API token for JWT echo "4. Exchanging API token for JWT..." JWT_RESPONSE=$(curl -s -X POST "${API_URL}/api/v1/sessions" \ -H "Content-Type: application/json" \ -d "{\"apiToken\": \"${API_TOKEN}\"}") JWT=$(echo "$JWT_RESPONSE" | jq -r '.jwt') EXPIRES_IN=$(echo "$JWT_RESPONSE" | jq -r '.expiresIn') echo " JWT: ${JWT:0:50}..." echo " Expires in: ${EXPIRES_IN} seconds (15 minutes)" echo "" # 5. Verify JWT is valid (decode it) echo "5. Decoding JWT payload..." JWT_PAYLOAD=$(echo "$JWT" | cut -d'.' -f2) # Add padding if needed JWT_PAYLOAD_PADDED="${JWT_PAYLOAD}$(printf '=%.0s' {1..4})" echo "$JWT_PAYLOAD_PADDED" | base64 -d 2>/dev/null | jq '.' echo "" # 6. Test token revocation echo "6. Revoking API token..." curl -s -X DELETE "${API_URL}/api/v1/tokens/${TOKEN_ID}" -w "\n HTTP Status: %{http_code}\n" echo "" # 7. Try to use revoked token (should fail) echo "7. Attempting to use revoked token (should fail with 401)..." curl -s -X POST "${API_URL}/api/v1/sessions" \ -H "Content-Type: application/json" \ -d "{\"apiToken\": \"${API_TOKEN}\"}" \ -w "\n HTTP Status: %{http_code}\n" | jq '.' echo "" echo "=== Test Complete ===" echo "" echo "✓ Agent created" echo "✓ API token issued" echo "✓ JWT exchanged" echo "✓ Token revoked" echo "✓ Revoked token rejected"