Retrieve a CF API OAuth token from a Service Account

With the following commands you can retrieve a Cloud Foundry API OAuth token via your service account credentials:

## Set the required variables:
USERNAME="<service-account-username@some-cf-domain.cloud>"
PASSWORD="<service-account-password>"

### You can find the <system domain> in the API URL.
### For example the <system-domain> in https://api.system.01.cf.eu01.stackit.cloud is "system.01.cf.eu01.stackit.cloud":

curl 'https://login.<system-domain>/oauth/token' -i -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d "client_id=cf&client_secret=&grant_type=password&username=$USERNAME&password=$PASSWORD&token_format=jwt&response_type=token"

You will receive a response similar to this:

{
  "access_token": "ey...prettylongstring...h4",
  "token_type": "bearer",
  "id_token": "ey...prettylongstring...--xQ",
  "refresh_token": "ey...prettylongstring...6TX0",
  "expires_in": 1199,
  "scope": "openid uaa.user cloud_controller.read password.write cloud_controller.write",
  "jti": "ff...shortstring...58"
}

You can then copy the access_token field from this response and use it in the authorization header for subsequent Cloud Foundry API calls:

-H "Authorization: bearer $access_token"

The token_format must be set to jwt! The token_format opaque is not compatible with the Cloud Foundry API.

Also; this is only possible with Service Accounts and will not work with your Personal Account. For further information read; “Create Cloud Foundry Service Accounts”.