@nuvlore/extension-access-jira 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/README.md +27 -0
- package/package.json +54 -0
- package/skills/jira-sso-crud/SKILL.md +30 -0
- package/src/jiraSsoCrud.mjs +140 -0
- package/tools/jira_sso_comment_create.mjs +34 -0
- package/tools/jira_sso_comment_delete.mjs +33 -0
- package/tools/jira_sso_comment_update.mjs +35 -0
- package/tools/jira_sso_issue.mjs +32 -0
- package/tools/jira_sso_issue_create.mjs +36 -0
- package/tools/jira_sso_issue_delete.mjs +34 -0
- package/tools/jira_sso_issue_transition.mjs +36 -0
- package/tools/jira_sso_issue_update.mjs +35 -0
- package/tools/jira_sso_myself.mjs +26 -0
- package/tools/jira_sso_project.mjs +32 -0
- package/tools/jira_sso_project_versions.mjs +32 -0
- package/tools/jira_sso_projects.mjs +26 -0
- package/tools/jira_sso_read.mjs +34 -0
- package/tools/jira_sso_search.mjs +33 -0
- package/tools/jira_sso_user_assignable_search.mjs +35 -0
- package/tools/jira_sso_verify.mjs +26 -0
- package/vendor/extension-sso/LICENSE +202 -0
- package/vendor/extension-sso/README.md +35 -0
- package/vendor/extension-sso/commands/okta-login.md +10 -0
- package/vendor/extension-sso/package.json +52 -0
- package/vendor/extension-sso/skills/workday-okta-auth/SKILL.md +20 -0
- package/vendor/extension-sso/src/autoAuth.mjs +25 -0
- package/vendor/extension-sso/src/browserLogin.mjs +1 -0
- package/vendor/extension-sso/src/chromeCookies.mjs +1 -0
- package/vendor/extension-sso/src/cookieJar.mjs +1 -0
- package/vendor/extension-sso/src/extensionAccess.mjs +173 -0
- package/vendor/extension-sso/src/htmlSessionExtract.mjs +1 -0
- package/vendor/extension-sso/src/oktaAppAccess.mjs +133 -0
- package/vendor/extension-sso/src/oktaAppCatalog.mjs +118 -0
- package/vendor/extension-sso/src/oktaAppRead.mjs +119 -0
- package/vendor/extension-sso/src/oktaConfig.mjs +12 -0
- package/vendor/extension-sso/src/oktaSession.mjs +32 -0
- package/vendor/extension-sso/src/serviceOperations.mjs +407 -0
- package/vendor/extension-sso/src/serviceReadSearch.mjs +395 -0
- package/vendor/extension-sso/src/serviceReads.mjs +109 -0
- package/vendor/extension-sso/src/serviceRegistry.mjs +497 -0
- package/vendor/extension-sso/src/sessionAuth.mjs +339 -0
- package/vendor/extension-sso/src/sessionManager.mjs +212 -0
- package/vendor/extension-sso/src/sessionValidate.mjs +74 -0
- package/vendor/extension-sso/src/ssoConfig.mjs +31 -0
- package/vendor/extension-sso/src/ssoHttpRead.mjs +292 -0
- package/vendor/extension-sso/tools/extension-access-tools.shared.mjs +16 -0
- package/vendor/extension-sso/tools/okta-app-tools.shared.mjs +5 -0
- package/vendor/extension-sso/tools/okta-tools.shared.mjs +18 -0
- package/vendor/extension-sso/tools/workday_extension_read.mjs +51 -0
- package/vendor/extension-sso/tools/workday_extension_read_access.mjs +65 -0
- package/vendor/extension-sso/tools/workday_list_extension_access.mjs +39 -0
- package/vendor/extension-sso/tools/workday_list_okta_apps.mjs +18 -0
- package/vendor/extension-sso/tools/workday_list_service_operations.mjs +41 -0
- package/vendor/extension-sso/tools/workday_list_service_read_search_capabilities.mjs +34 -0
- package/vendor/extension-sso/tools/workday_list_services.mjs +31 -0
- package/vendor/extension-sso/tools/workday_okta_app_probe_all.mjs +24 -0
- package/vendor/extension-sso/tools/workday_okta_app_read.mjs +30 -0
- package/vendor/extension-sso/tools/workday_okta_app_read_access.mjs +25 -0
- package/vendor/extension-sso/tools/workday_okta_auth_header.mjs +58 -0
- package/vendor/extension-sso/tools/workday_okta_login.mjs +65 -0
- package/vendor/extension-sso/tools/workday_okta_open_app.mjs +63 -0
- package/vendor/extension-sso/tools/workday_okta_open_service.mjs +63 -0
- package/vendor/extension-sso/tools/workday_okta_status.mjs +35 -0
- package/vendor/extension-sso/tools/workday_service_auth.mjs +65 -0
- package/vendor/extension-sso/tools/workday_service_operation_read.mjs +51 -0
- package/vendor/extension-sso/tools/workday_service_read.mjs +56 -0
- package/vendor/extension-sso/tools/workday_service_search.mjs +62 -0
- package/vendor/extension-sso/tools/workday_sso_cookie_header.mjs +59 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/LICENSE +202 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/README.md +16 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/package.json +47 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/autoAuth.mjs +47 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/browserHttpRead.mjs +76 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/browserLogin.mjs +24 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/chromeCookies.mjs +192 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/cookieJar.mjs +132 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/devops-data-paths.mjs +222 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/devops-diagnostics.mjs +440 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/enterprise-api-read.mjs +180 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-command-pack.mjs +1 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-plan.mjs +45 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-shell-policy.d.mts +26 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/extensions/toolkit/read-only-shell-policy.mjs +170 -0
- package/vendor/extension-sso/vendor/extension-browser-sso/src/htmlSessionExtract.mjs +64 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/LICENSE +202 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/README.md +29 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/package.json +43 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/devops-data-paths.mjs +222 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/devops-diagnostics.mjs +440 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/enterprise-api-read.mjs +180 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-command-pack.mjs +1 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-plan.mjs +45 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-shell-policy.d.mts +26 -0
- package/vendor/extension-sso/vendor/extension-read-only-toolkit/src/read-only-shell-policy.mjs +170 -0
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
export const description = "Read-only access status for one Okta UserHome app (GET probe only, never writes).";
|
|
2
|
+
import { getOktaAppReadAccess, listOktaApps, oktaAppReadGet, probeAllOktaApps } from "../src/oktaAppAccess.mjs";
|
|
3
|
+
|
|
4
|
+
function textResult(text) {
|
|
5
|
+
return { content: [{ type: "text", text }] };
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
export default {
|
|
11
|
+
name: "workday_okta_app_read_access",
|
|
12
|
+
description: "Read-only access status for one Okta UserHome app (GET probe only, never writes).",
|
|
13
|
+
inputSchema: {
|
|
14
|
+
type: "object",
|
|
15
|
+
properties: {
|
|
16
|
+
app: { type: "string", description: "Okta app label, e.g. JIRA2, Bitbucket, Slack" }
|
|
17
|
+
},
|
|
18
|
+
required: ["app"]
|
|
19
|
+
},
|
|
20
|
+
meta: { permissions: { rule: "allow" } },
|
|
21
|
+
async handler(args) {
|
|
22
|
+
const access = await getOktaAppReadAccess(String(args.app));
|
|
23
|
+
return textResult(JSON.stringify(access, null, 2));
|
|
24
|
+
}
|
|
25
|
+
};
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
export const description = "Return Cookie header for the Okta org from the shared browser session (legacy name; not a Bearer token).";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
+
|
|
17
|
+
function textResult(text) {
|
|
18
|
+
return { content: [{ type: "text", text }] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
export default {
|
|
24
|
+
name: "workday_okta_auth_header",
|
|
25
|
+
description:
|
|
26
|
+
"Return Cookie header for the Okta org from the shared browser session (legacy name; not a Bearer token).",
|
|
27
|
+
inputSchema: { type: "object", properties: {} },
|
|
28
|
+
meta: {
|
|
29
|
+
permissions: { rule: "allow" },
|
|
30
|
+
secret_provider: "keychain"
|
|
31
|
+
},
|
|
32
|
+
async handler() {
|
|
33
|
+
const config = getSsoConfig();
|
|
34
|
+
const result = await ensureSsoSession({ config, openBrowserOnMissing: true });
|
|
35
|
+
const cookie = getOktaCookieHeader(result.jar, config);
|
|
36
|
+
if (!result.summary.authenticated || !cookie) {
|
|
37
|
+
return textResult(
|
|
38
|
+
JSON.stringify({
|
|
39
|
+
ok: false,
|
|
40
|
+
message: "No valid Okta browser session. Run workday_okta_login first."
|
|
41
|
+
}, null, 2)
|
|
42
|
+
);
|
|
43
|
+
}
|
|
44
|
+
return textResult(
|
|
45
|
+
JSON.stringify(
|
|
46
|
+
{
|
|
47
|
+
ok: true,
|
|
48
|
+
cookie,
|
|
49
|
+
headerName: "Cookie",
|
|
50
|
+
validatedAt: result.summary.validatedAt,
|
|
51
|
+
mode: "browser-session"
|
|
52
|
+
},
|
|
53
|
+
null,
|
|
54
|
+
2
|
|
55
|
+
)
|
|
56
|
+
);
|
|
57
|
+
}
|
|
58
|
+
};
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
export const description = "Ensure Okta SSO via browser session. Reuses Chrome cookies when already logged in; opens Chrome only when no valid session exists.";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
+
|
|
17
|
+
function textResult(text) {
|
|
18
|
+
return { content: [{ type: "text", text }] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
export default {
|
|
24
|
+
name: "workday_okta_login",
|
|
25
|
+
description:
|
|
26
|
+
"Ensure Okta SSO via browser session. Reuses Chrome cookies when already logged in; opens Chrome only when no valid session exists.",
|
|
27
|
+
inputSchema: {
|
|
28
|
+
type: "object",
|
|
29
|
+
properties: {
|
|
30
|
+
forceBrowser: {
|
|
31
|
+
type: "boolean",
|
|
32
|
+
description: "Always open the Okta dashboard even if cookies may already exist.",
|
|
33
|
+
default: false
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
},
|
|
37
|
+
meta: {
|
|
38
|
+
permissions: { rule: "ask" }
|
|
39
|
+
},
|
|
40
|
+
async handler(args = {}) {
|
|
41
|
+
const config = getSsoConfig();
|
|
42
|
+
const statuses = [];
|
|
43
|
+
const result = await ensureSsoSession({
|
|
44
|
+
config,
|
|
45
|
+
openBrowserOnMissing: true,
|
|
46
|
+
forceBrowser: args.forceBrowser === true,
|
|
47
|
+
onStatus: (status) => statuses.push(status)
|
|
48
|
+
});
|
|
49
|
+
return textResult(
|
|
50
|
+
JSON.stringify(
|
|
51
|
+
{
|
|
52
|
+
ok: result.summary.authenticated,
|
|
53
|
+
message: result.summary.authenticated
|
|
54
|
+
? "Okta browser session ready. Cookies saved for Workday service access."
|
|
55
|
+
: "Okta login incomplete. Complete MFA in Chrome and retry.",
|
|
56
|
+
openedBrowser: result.openedBrowser,
|
|
57
|
+
statuses,
|
|
58
|
+
...result.summary
|
|
59
|
+
},
|
|
60
|
+
null,
|
|
61
|
+
2
|
|
62
|
+
)
|
|
63
|
+
);
|
|
64
|
+
}
|
|
65
|
+
};
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
export const description = "Open an Okta app page in Chrome so you can sign in when session cookies are missing or stale.";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
+
|
|
17
|
+
function textResult(text) {
|
|
18
|
+
return { content: [{ type: "text", text }] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
export default {
|
|
24
|
+
name: "workday_okta_open_app",
|
|
25
|
+
description:
|
|
26
|
+
"Open an Okta app page in Chrome so you can sign in when session cookies are missing or stale.",
|
|
27
|
+
inputSchema: {
|
|
28
|
+
type: "object",
|
|
29
|
+
properties: {
|
|
30
|
+
app: { type: "string", description: "Okta app name from the catalog, e.g. Slack, Sana" }
|
|
31
|
+
},
|
|
32
|
+
required: ["app"]
|
|
33
|
+
},
|
|
34
|
+
meta: {
|
|
35
|
+
permissions: { rule: "ask" }
|
|
36
|
+
},
|
|
37
|
+
async handler(args = {}) {
|
|
38
|
+
const appName = String(args.app || "").trim();
|
|
39
|
+
getOktaApp(appName);
|
|
40
|
+
const config = getSsoConfig();
|
|
41
|
+
const statuses = [];
|
|
42
|
+
const result = await openOktaAppForAuth(appName, {
|
|
43
|
+
config,
|
|
44
|
+
onStatus: (status) => statuses.push(status)
|
|
45
|
+
});
|
|
46
|
+
return textResult(
|
|
47
|
+
JSON.stringify(
|
|
48
|
+
{
|
|
49
|
+
ok: result.ready,
|
|
50
|
+
app: appName,
|
|
51
|
+
authUrl: result.authUrl,
|
|
52
|
+
openedBrowser: result.openedBrowser,
|
|
53
|
+
message: result.ready
|
|
54
|
+
? `Session cookies ready for ${appName}.`
|
|
55
|
+
: `Complete login in Chrome at ${result.authUrl}, then retry.`,
|
|
56
|
+
statuses
|
|
57
|
+
},
|
|
58
|
+
null,
|
|
59
|
+
2
|
|
60
|
+
)
|
|
61
|
+
);
|
|
62
|
+
}
|
|
63
|
+
};
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
export const description = "Open a Workday Okta-protected service in Chrome so you can sign in when session is missing or stale.";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
+
|
|
17
|
+
function textResult(text) {
|
|
18
|
+
return { content: [{ type: "text", text }] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
export default {
|
|
24
|
+
name: "workday_okta_open_service",
|
|
25
|
+
description:
|
|
26
|
+
"Open a Workday Okta-protected service in Chrome so you can sign in when session is missing or stale.",
|
|
27
|
+
inputSchema: {
|
|
28
|
+
type: "object",
|
|
29
|
+
properties: {
|
|
30
|
+
service: { type: "string", description: "Service id, e.g. jira, bitbucket, pharos" }
|
|
31
|
+
},
|
|
32
|
+
required: ["service"]
|
|
33
|
+
},
|
|
34
|
+
meta: {
|
|
35
|
+
permissions: { rule: "ask" }
|
|
36
|
+
},
|
|
37
|
+
async handler(args = {}) {
|
|
38
|
+
const serviceId = String(args.service).toLowerCase();
|
|
39
|
+
getWorkdayService(serviceId);
|
|
40
|
+
const config = getSsoConfig();
|
|
41
|
+
const statuses = [];
|
|
42
|
+
const result = await openServiceForAuth(serviceId, {
|
|
43
|
+
config,
|
|
44
|
+
onStatus: (status) => statuses.push(status)
|
|
45
|
+
});
|
|
46
|
+
return textResult(
|
|
47
|
+
JSON.stringify(
|
|
48
|
+
{
|
|
49
|
+
ok: result.ready,
|
|
50
|
+
service: serviceId,
|
|
51
|
+
authUrl: result.authUrl,
|
|
52
|
+
openedBrowser: result.openedBrowser,
|
|
53
|
+
message: result.ready
|
|
54
|
+
? `Session cookies ready for ${serviceId}.`
|
|
55
|
+
: `Complete login in Chrome at ${result.authUrl}, then retry.`,
|
|
56
|
+
statuses
|
|
57
|
+
},
|
|
58
|
+
null,
|
|
59
|
+
2
|
|
60
|
+
)
|
|
61
|
+
);
|
|
62
|
+
}
|
|
63
|
+
};
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export const description = "Check whether a valid Okta browser SSO session exists (imports Chrome cookies when needed).";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
+
|
|
17
|
+
function textResult(text) {
|
|
18
|
+
return { content: [{ type: "text", text }] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
export default {
|
|
24
|
+
name: "workday_okta_status",
|
|
25
|
+
description: "Check whether a valid Okta browser SSO session exists (imports Chrome cookies when needed).",
|
|
26
|
+
inputSchema: { type: "object", properties: {} },
|
|
27
|
+
meta: {
|
|
28
|
+
permissions: { rule: "allow" }
|
|
29
|
+
},
|
|
30
|
+
async handler() {
|
|
31
|
+
const config = getSsoConfig();
|
|
32
|
+
const result = await ensureSsoSession({ config, openBrowserOnMissing: true });
|
|
33
|
+
return textResult(JSON.stringify(result.summary, null, 2));
|
|
34
|
+
}
|
|
35
|
+
};
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
export const description = "Check Okta SSO readiness for a Workday service using stored browser cookies.";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { verifySsoAccess } from "../src/ssoHttpRead.mjs";
|
|
15
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
16
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
17
|
+
|
|
18
|
+
function textResult(text) {
|
|
19
|
+
return { content: [{ type: "text", text }] };
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
export default {
|
|
25
|
+
name: "workday_service_auth",
|
|
26
|
+
description: "Check Okta SSO readiness for a Workday service using stored browser cookies.",
|
|
27
|
+
inputSchema: {
|
|
28
|
+
type: "object",
|
|
29
|
+
properties: {
|
|
30
|
+
service: { type: "string", description: "Service id, e.g. bamboo, jira, pharos" }
|
|
31
|
+
},
|
|
32
|
+
required: ["service"]
|
|
33
|
+
},
|
|
34
|
+
meta: { permissions: { rule: "allow" } },
|
|
35
|
+
async handler(args) {
|
|
36
|
+
const serviceId = String(args.service).toLowerCase();
|
|
37
|
+
const service = getWorkdayService(serviceId);
|
|
38
|
+
const result = await getServiceCookieHeader(serviceId, { openBrowserOnMissing: true });
|
|
39
|
+
const verification = await verifySsoAccess(serviceId, {
|
|
40
|
+
openBrowserOnMissing: false,
|
|
41
|
+
autoAuth: false
|
|
42
|
+
});
|
|
43
|
+
const serviceReady = Boolean(result.serviceReady && verification.accessible);
|
|
44
|
+
return textResult(
|
|
45
|
+
JSON.stringify(
|
|
46
|
+
{
|
|
47
|
+
service,
|
|
48
|
+
okta: result.summary,
|
|
49
|
+
host: result.host,
|
|
50
|
+
hasCookies: Boolean(result.cookie),
|
|
51
|
+
serviceReady,
|
|
52
|
+
verification,
|
|
53
|
+
authUrl: result.authUrl,
|
|
54
|
+
recommendation: serviceReady
|
|
55
|
+
? `Use workday_sso_cookie_header with service=${serviceId} for HTTP calls.`
|
|
56
|
+
: result.authUrl
|
|
57
|
+
? `Open ${result.authUrl} in Chrome via Okta, or run workday_okta_open_service.`
|
|
58
|
+
: "Run workday_okta_login first."
|
|
59
|
+
},
|
|
60
|
+
null,
|
|
61
|
+
2
|
|
62
|
+
)
|
|
63
|
+
);
|
|
64
|
+
}
|
|
65
|
+
};
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
export const description = "Run a named read-only service operation with structured parameters. Uses GET only and blocks unknown operations.";
|
|
2
|
+
import {
|
|
3
|
+
extensionReadGet,
|
|
4
|
+
getExtensionReadAccess,
|
|
5
|
+
listExtensionReadAccess
|
|
6
|
+
} from "../src/extensionAccess.mjs";
|
|
7
|
+
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
+
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
+
import {
|
|
10
|
+
listServiceReadSearchCapabilities,
|
|
11
|
+
readAnyService,
|
|
12
|
+
searchAnyService
|
|
13
|
+
} from "../src/serviceReadSearch.mjs";
|
|
14
|
+
|
|
15
|
+
function textResult(text) {
|
|
16
|
+
return { content: [{ type: "text", text }] };
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
export default {
|
|
22
|
+
name: "workday_service_operation_read",
|
|
23
|
+
description:
|
|
24
|
+
"Run a named read-only service operation with structured parameters. Uses GET only and blocks unknown operations.",
|
|
25
|
+
inputSchema: {
|
|
26
|
+
type: "object",
|
|
27
|
+
properties: {
|
|
28
|
+
service: { type: "string", description: "Service id, e.g. jira, bitbucket, confluence, bamboo" },
|
|
29
|
+
operation: { type: "string", description: "Operation id from workday_list_service_operations" },
|
|
30
|
+
params: {
|
|
31
|
+
type: "object",
|
|
32
|
+
description: "Operation parameters, e.g. {\"issueKey\":\"BDS-123\"}",
|
|
33
|
+
additionalProperties: true
|
|
34
|
+
}
|
|
35
|
+
},
|
|
36
|
+
required: ["service", "operation"]
|
|
37
|
+
},
|
|
38
|
+
meta: {
|
|
39
|
+
permissions: { rule: "ask" },
|
|
40
|
+
secret_provider: "keychain"
|
|
41
|
+
},
|
|
42
|
+
annotations: { readOnlyHint: true, destructiveHint: false, openWorldHint: true },
|
|
43
|
+
async handler(args) {
|
|
44
|
+
const result = await readServiceOperation(
|
|
45
|
+
String(args.service).toLowerCase(),
|
|
46
|
+
String(args.operation),
|
|
47
|
+
args.params ?? {}
|
|
48
|
+
);
|
|
49
|
+
return textResult(JSON.stringify(result, null, 2));
|
|
50
|
+
}
|
|
51
|
+
};
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
export const description = "Read any registered Workday service with a GET-only default/provided path. Generated Okta app services route through Okta app read.";
|
|
2
|
+
import {
|
|
3
|
+
extensionReadGet,
|
|
4
|
+
getExtensionReadAccess,
|
|
5
|
+
listExtensionReadAccess
|
|
6
|
+
} from "../src/extensionAccess.mjs";
|
|
7
|
+
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
+
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
+
import {
|
|
10
|
+
listServiceReadSearchCapabilities,
|
|
11
|
+
readAnyService,
|
|
12
|
+
searchAnyService
|
|
13
|
+
} from "../src/serviceReadSearch.mjs";
|
|
14
|
+
|
|
15
|
+
function textResult(text) {
|
|
16
|
+
return { content: [{ type: "text", text }] };
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
export default {
|
|
22
|
+
name: "workday_service_read",
|
|
23
|
+
description:
|
|
24
|
+
"Read any registered Workday service with a GET-only default/provided path. Generated Okta app services route through Okta app read.",
|
|
25
|
+
inputSchema: {
|
|
26
|
+
type: "object",
|
|
27
|
+
properties: {
|
|
28
|
+
service: { type: "string" },
|
|
29
|
+
scope: { type: "string", description: "Optional provider read scope, e.g. Slack ai-capabilities/bot-history/bot-thread" },
|
|
30
|
+
restPath: { type: "string" },
|
|
31
|
+
baseUrl: { type: "string" },
|
|
32
|
+
limit: { type: "number" },
|
|
33
|
+
threadTs: { type: "string" },
|
|
34
|
+
followRedirects: { type: "boolean" },
|
|
35
|
+
query: { type: "object", additionalProperties: true }
|
|
36
|
+
},
|
|
37
|
+
required: ["service"]
|
|
38
|
+
},
|
|
39
|
+
meta: {
|
|
40
|
+
permissions: { rule: "ask" },
|
|
41
|
+
secret_provider: "keychain"
|
|
42
|
+
},
|
|
43
|
+
annotations: { readOnlyHint: true, destructiveHint: false, openWorldHint: true },
|
|
44
|
+
async handler(args) {
|
|
45
|
+
const result = await readAnyService(String(args.service).toLowerCase(), {
|
|
46
|
+
scope: args.scope,
|
|
47
|
+
restPath: args.restPath,
|
|
48
|
+
baseUrl: args.baseUrl,
|
|
49
|
+
limit: args.limit,
|
|
50
|
+
threadTs: args.threadTs,
|
|
51
|
+
followRedirects: args.followRedirects,
|
|
52
|
+
query: args.query
|
|
53
|
+
});
|
|
54
|
+
return textResult(JSON.stringify(result, null, 2));
|
|
55
|
+
}
|
|
56
|
+
};
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
export const description = "Search any registered Workday service. Uses structured provider search when known; otherwise requires a service-specific GET searchPath.";
|
|
2
|
+
import {
|
|
3
|
+
extensionReadGet,
|
|
4
|
+
getExtensionReadAccess,
|
|
5
|
+
listExtensionReadAccess
|
|
6
|
+
} from "../src/extensionAccess.mjs";
|
|
7
|
+
import { getServiceByExtension } from "../src/serviceRegistry.mjs";
|
|
8
|
+
import { listServiceOperations, readServiceOperation } from "../src/serviceOperations.mjs";
|
|
9
|
+
import {
|
|
10
|
+
listServiceReadSearchCapabilities,
|
|
11
|
+
readAnyService,
|
|
12
|
+
searchAnyService
|
|
13
|
+
} from "../src/serviceReadSearch.mjs";
|
|
14
|
+
|
|
15
|
+
function textResult(text) {
|
|
16
|
+
return { content: [{ type: "text", text }] };
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
export default {
|
|
22
|
+
name: "workday_service_search",
|
|
23
|
+
description:
|
|
24
|
+
"Search any registered Workday service. Uses structured provider search when known; otherwise requires a service-specific GET searchPath.",
|
|
25
|
+
inputSchema: {
|
|
26
|
+
type: "object",
|
|
27
|
+
properties: {
|
|
28
|
+
service: { type: "string" },
|
|
29
|
+
query: { type: "string" },
|
|
30
|
+
scope: { type: "string", description: "Optional provider search scope, e.g. Slack messages/files/all/autocomplete" },
|
|
31
|
+
searchPath: { type: "string" },
|
|
32
|
+
params: { type: "object", additionalProperties: true },
|
|
33
|
+
baseUrl: { type: "string" },
|
|
34
|
+
count: { type: "number" },
|
|
35
|
+
sort: { type: "string" },
|
|
36
|
+
sortDir: { type: "string" },
|
|
37
|
+
types: { type: "string" },
|
|
38
|
+
highlight: { type: "boolean" }
|
|
39
|
+
},
|
|
40
|
+
required: ["service"]
|
|
41
|
+
},
|
|
42
|
+
meta: {
|
|
43
|
+
permissions: { rule: "ask" },
|
|
44
|
+
secret_provider: "keychain"
|
|
45
|
+
},
|
|
46
|
+
annotations: { readOnlyHint: true, destructiveHint: false, openWorldHint: true },
|
|
47
|
+
async handler(args) {
|
|
48
|
+
const result = await searchAnyService(String(args.service).toLowerCase(), {
|
|
49
|
+
...(args.params ?? {}),
|
|
50
|
+
query: args.query,
|
|
51
|
+
scope: args.scope,
|
|
52
|
+
searchPath: args.searchPath,
|
|
53
|
+
baseUrl: args.baseUrl,
|
|
54
|
+
count: args.count,
|
|
55
|
+
sort: args.sort,
|
|
56
|
+
sortDir: args.sortDir,
|
|
57
|
+
types: args.types,
|
|
58
|
+
highlight: args.highlight
|
|
59
|
+
});
|
|
60
|
+
return textResult(JSON.stringify(result, null, 2));
|
|
61
|
+
}
|
|
62
|
+
};
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
export const description = "Return Cookie header for a Workday Okta-protected service host.";
|
|
2
|
+
import { getSsoConfig } from "../src/ssoConfig.mjs";
|
|
3
|
+
import {
|
|
4
|
+
ensureSsoSession,
|
|
5
|
+
getOktaCookieHeader,
|
|
6
|
+
jarSummary,
|
|
7
|
+
loadCookieJar
|
|
8
|
+
} from "../src/sessionManager.mjs";
|
|
9
|
+
import {
|
|
10
|
+
getServiceCookieHeader,
|
|
11
|
+
openOktaAppForAuth,
|
|
12
|
+
openServiceForAuth
|
|
13
|
+
} from "../src/sessionAuth.mjs";
|
|
14
|
+
import { getOktaApp } from "../src/oktaAppCatalog.mjs";
|
|
15
|
+
import { getWorkdayService, listWorkdayServices } from "../src/serviceRegistry.mjs";
|
|
16
|
+
|
|
17
|
+
function textResult(text) {
|
|
18
|
+
return { content: [{ type: "text", text }] };
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
export default {
|
|
24
|
+
name: "workday_sso_cookie_header",
|
|
25
|
+
description: "Return Cookie header for a Workday Okta-protected service host.",
|
|
26
|
+
inputSchema: {
|
|
27
|
+
type: "object",
|
|
28
|
+
properties: {
|
|
29
|
+
service: { type: "string", description: "Service id, e.g. jira, bitbucket, pharos" }
|
|
30
|
+
},
|
|
31
|
+
required: ["service"]
|
|
32
|
+
},
|
|
33
|
+
meta: {
|
|
34
|
+
permissions: { rule: "allow" },
|
|
35
|
+
secret_provider: "keychain"
|
|
36
|
+
},
|
|
37
|
+
async handler(args) {
|
|
38
|
+
const serviceId = String(args.service).toLowerCase();
|
|
39
|
+
const service = getWorkdayService(serviceId);
|
|
40
|
+
const result = await getServiceCookieHeader(serviceId);
|
|
41
|
+
return textResult(
|
|
42
|
+
JSON.stringify(
|
|
43
|
+
{
|
|
44
|
+
service,
|
|
45
|
+
ok: result.ok,
|
|
46
|
+
host: result.host,
|
|
47
|
+
domains: result.domains,
|
|
48
|
+
cookie: result.cookie,
|
|
49
|
+
headerName: "Cookie",
|
|
50
|
+
serviceReady: result.serviceReady,
|
|
51
|
+
summary: result.summary,
|
|
52
|
+
message: result.message
|
|
53
|
+
},
|
|
54
|
+
null,
|
|
55
|
+
2
|
|
56
|
+
)
|
|
57
|
+
);
|
|
58
|
+
}
|
|
59
|
+
};
|