#!/usr/bin/env bash # # user-list.sh — List Authentik users # # Usage: user-list.sh [-f format] [-s search] [-g group] # # Options: # -f format Output format: table (default), json # -s search Search term (matches username, name, email) # -g group Filter by group name # -h Show this help # # Environment variables (or credentials.json): # AUTHENTIK_URL — Authentik instance URL set -euo pipefail MOSAIC_HOME="${MOSAIC_HOME:-$HOME/.config/mosaic}" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$MOSAIC_HOME/tools/_lib/credentials.sh" load_credentials authentik FORMAT="table" SEARCH="" GROUP="" while getopts "f:s:g:h" opt; do case $opt in f) FORMAT="$OPTARG" ;; s) SEARCH="$OPTARG" ;; g) GROUP="$OPTARG" ;; h) head -14 "$0" | grep "^#" | sed 's/^# \?//'; exit 0 ;; *) echo "Usage: $0 [-f format] [-s search] [-g group]" >&2; exit 1 ;; esac done TOKEN=$("$SCRIPT_DIR/auth-token.sh" -q) # Build query params PARAMS="ordering=username" [[ -n "$SEARCH" ]] && PARAMS="${PARAMS}&search=${SEARCH}" [[ -n "$GROUP" ]] && PARAMS="${PARAMS}&groups_by_name=${GROUP}" response=$(curl -sk -w "\n%{http_code}" \ -H "Authorization: Bearer $TOKEN" \ "${AUTHENTIK_URL}/api/v3/core/users/?${PARAMS}") http_code=$(echo "$response" | tail -n1) body=$(echo "$response" | sed '$d') if [[ "$http_code" != "200" ]]; then echo "Error: Failed to list users (HTTP $http_code)" >&2 exit 1 fi if [[ "$FORMAT" == "json" ]]; then echo "$body" | jq '.results' exit 0 fi # Table output echo "USERNAME NAME EMAIL ACTIVE LAST LOGIN" echo "-------------------- ---------------------------- ---------------------------- ------ ----------" echo "$body" | jq -r '.results[] | [ .username, .name, .email, (if .is_active then "yes" else "no" end), (.last_login // "never" | split("T")[0]) ] | @tsv' | while IFS=$'\t' read -r username name email active last_login; do printf "%-20s %-28s %-28s %-6s %s\n" \ "${username:0:20}" "${name:0:28}" "${email:0:28}" "$active" "$last_login" done