Snyk App Examples

This repository provides Python examples for working with the Snyk API and OAuth2 app integrations. Each script demonstrates a specific step in the Snyk OAuth2 flow or app management process. These examples are intended for educational purposes and to help you automate Snyk integrations.

---

Contents

• register_app_example.py: Register a new Snyk App via the API.
• pkce_examples.py: Generate PKCE code verifier, code challenge, and state for OAuth2.
• generate_auth_url_example.py: Build the Snyk OAuth2 authorization URL.
• exchange_code_for_token_example.py: Exchange an authorization code for an access token.
• refresh_token_example.py: Refresh an access token using a refresh token.

---

Example Scripts

1. Register a Snyk App

register_app_example.py

Creates a new Snyk App in your organization using the Snyk REST API.

Usage:

python register_app_example.py --org-id <ORG_ID> --auth-token <API_TOKEN> --name <APP_NAME>

• You can specify scopes and redirect URIs as needed.

Returns: (What's important)

client_id & client_secret

---

2. PKCE Utilities

pkce_examples.py

Generates PKCE values required for OAuth2 flows:

• Code verifier: High-entropy secret.
• Code challenge: SHA-256 hash of the verifier.
• State: Random string for CSRF protection.

Usage:

python pkce_examples.py --generate verifier
python pkce_examples.py --generate challenge --verifier <CODE_VERIFIER>
python pkce_examples.py --generate state
python pkce_examples.py --generate all

Returns: (What's important)

verifier, challenge, & state

---

3. Generate OAuth2 Authorization URL

generate_auth_url_example.py

Builds the URL to start the Snyk OAuth2 authorization flow.

Usage:

python generate_auth_url_example.py --client-id <CLIENT_ID> --redirect-uri <REDIRECT_URI> --scopes <SCOPES> --state <STATE> --code-challenge <CHALLENGE>

• Outputs a URL to open in your browser.

Returns: (What's important)

The authorization URL (keep redirect url if no callback is set back up)

---

4. Exchange Authorization Code for Token

exchange_code_for_token_example.py

Exchanges the authorization code (from the OAuth2 callback) for an access token and refresh token.

Usage:

python exchange_code_for_token_example.py --code <CODE> --code-verifier <VERIFIER> --client-id <CLIENT_ID> --client-secret <CLIENT_SECRET> --redirect-uri <REDIRECT_URI>

Returns: (What's important)

The authorization & refresh token

---

5. Refresh Access Token

refresh_token_example.py

Uses a refresh token to obtain a new access token.

Usage:

python refresh_token_example.py --refresh-token <REFRESH_TOKEN> --client-id <CLIENT_ID> --client-secret <CLIENT_SECRET>

Returns: (What's important)

The authorization & refresh token

---

How to Use

1. Register your app to get client credentials.
2. Generate PKCE values for your OAuth2 flow.
3. Build the authorization URL and authorize your app in the browser.
4. If you do not have an OAuth redirect callback set up, after authorizing, you will see a redirect URL in your browser's address bar. Copy the full redirect URL (including the code and state parameters) and use it in the "Exchange Authorization Code for Token" step.
5. Exchange the code you receive for an access token.
6. Refresh your token as needed.

---

Requirements

• Python 3.9+
• requests

Install dependencies:

pip install -r requirements.txt