I'm trying to get the cloud foundry oauth-token from a devops pipeline deploy stage:

...
cf push $CF_APP
...

accessToken=$(cf oauth-token | grep bearer | sed -e s/bearer/Bearer/g)
echo accessToken=$accessToken
...
# use token in Auto Scaling API call ...
curl $createPolicyUrl -X 'PUT' -H 'Content-Type:application/json' \
     -H 'Accept:application/json' \
     -H "Authorization:$accessToken" \
     --data-binary @${policyJson} \
     -s -o response.txt -w '%{http_code}\n'

The output from the echo command is:

accessToken=

How can I retrieve the oauth token?

Note that cf push works ok in the script ecen though there isn't a cf login performed in the deploy script. Therefore, I'm assuming cf oauth-token would not need login either. Is this a valid assumption?

Update: I added cf login to my deploy script:

...
cf push $CF_APP
...

cf login
accessToken=$(cf oauth-token | grep bearer | sed -e s/bearer/Bearer/g)
echo accessToken=$accessToken
...

The output:

cf login not allowed.

See also my similar question on reconfiguring availability monitoring in a devops deploy stage.

Make sure to do a cf login to log in before you run the cf oauth-token command. Also make sure to double quote "Authorization:$accessToken" so the variable is substituted.

Update: It looks like you can access the oauth-token from within the script via the $CF_TOKEN environment variable. The token is associated with the owner of the pipeline, not the user running the current pipeline stage.

Can you try

accessToken=$(cf oauth-token)
CF_TOKEN=$(echo $accessToken | grep “Bearer*” | perl -wpe ‘s/.*(Bearer .+)/$1/‘)
CF_TOKEN should now have the token value