@rockcarver/frodo-cli 2.0.0-34 → 2.0.0-35

package/CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.0.0-34] - 2023-11-29
+
 ## [2.0.0-33] - 2023-11-26
 
 ## [2.0.0-32] - 2023-11-21
@@ -1433,7 +1435,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Fixed problem with adding connection profiles
 -   Miscellaneous bug fixes
 
-[Unreleased]: https://github.com/rockcarver/frodo-cli/compare/v2.0.0-33...HEAD
+[Unreleased]: https://github.com/rockcarver/frodo-cli/compare/v2.0.0-34...HEAD
+
+[2.0.0-34]: https://github.com/rockcarver/frodo-cli/compare/v2.0.0-33...v2.0.0-34
 
 [2.0.0-33]: https://github.com/rockcarver/frodo-cli/compare/v2.0.0-32...v2.0.0-33
 

package/esm/cli/admin/admin-execute-rfc7523-authz-grant-flow.js

@@ -2,6 +2,7 @@ import { frodo, state } from '@rockcarver/frodo-lib';
 import { Option } from 'commander';
 import fs from 'fs';
 import { v4 as uuidv4 } from 'uuid';
+import * as s from '../../help/SampleData';
 import { executeRfc7523AuthZGrantFlow } from '../../ops/AdminOps.js';
 import { printMessage } from '../../utils/Console.js';
 import { FrodoCommand } from '../FrodoCommand.js';
@@ -9,7 +10,7 @@ const {
   getTokens
 } = frodo.login;
 const program = new FrodoCommand('frodo admin execute-rfc7523-authz-grant-flow');
-program.description('Execute RFC7523 authorization grant flow.').addOption(new Option('--client-id [id]', 'Client id.')).addOption(new Option('--jwk-file [file]', 'Path to JSON Web Key (JWK) file containing private key.')).addOption(new Option('--sub [subject]', 'Subject identifier, typically a UUID. Must resolve to a valid user in the realm.')).addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.')).addOption(new Option('--scope [scope]', 'Space-delimited list of scopes.').default('openid fr:am:* fr:idm:*')).addOption(new Option('--json', 'Output in JSON format.')).action(
+program.description('Execute RFC7523 authorization grant flow.').addOption(new Option('--client-id [id]', 'Client id.')).addOption(new Option('--jwk-file [file]', 'Path to JSON Web Key (JWK) file containing private key.')).addOption(new Option('--sub [subject]', 'Subject identifier, typically a UUID. Must resolve to a valid user in the realm.')).addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.')).addOption(new Option('--scope [scope]', 'Space-delimited list of scopes.').default('openid fr:am:* fr:idm:*')).addOption(new Option('--json', 'Output in JSON format.')).addHelpText('after', `Usage Examples:\n` + `  If you used frodo to create the RFC7523 configuration (see 'Related Commands' below), then you can test your configuration with minimal input and frodo will locate the missing parameters. The command below returns access token and identity token:\n` + `  $ frodo admin execute-rfc7523-authz-grant-flow --client-id rfc7523-client1 ${s.amBaseUrl}\n`['brightCyan'] + `  Same as above but output raw json:\n` + `  $ frodo admin execute-rfc7523-authz-grant-flow --client-id rfc7523-client1 --json ${s.amBaseUrl}'\n`['brightCyan'] + `  Same as first command above but explicitly provide all parameters:\n` + `  $ frodo admin execute-rfc7523-authz-grant-flow --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --jwk-file rfc7523-client1_private.jwk.json ${s.amBaseUrl}'\n`['brightCyan'] + `\nRelated Commands:\n` + `  Run ${'frodo admin generate-rfc7523-authz-grant-artifacts --help'['brightCyan']} to see how to create the required configuration artifacts for ${'frodo admin execute-rfc7523-authz-grant-flow'['brightCyan']}:\n`).action(
 // implement command logic inside action handler
 async (host, realm, user, password, options, command) => {
   command.handleDefaultArgsAndOpts(host, realm, user, password, options, command);

package/esm/cli/admin/admin-execute-rfc7523-authz-grant-flow.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-execute-rfc7523-authz-grant-flow.js","names":["frodo","state","Option","fs","v4","uuidv4","executeRfc7523AuthZGrantFlow","printMessage","FrodoCommand","getTokens","login","program","description","addOption","default","action","host","realm","user","password","options","command","handleDefaultArgsAndOpts","getRealm","clientId","jwk","undefined","jwkFile","data","readFileSync","JSON","parse","toString","error","message","outcome","iss","sub","scope","split","json","process","exitCode"],"sources":["../../../src/cli/admin/admin-execute-rfc7523-authz-grant-flow.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { JwkRsa } from '@rockcarver/frodo-lib/types/ops/JoseOps.js';\nimport { Option } from 'commander';\nimport fs from 'fs';\nimport { v4 as uuidv4 } from 'uuid';\n\nimport { executeRfc7523AuthZGrantFlow } from '../../ops/AdminOps.js';\nimport { printMessage } from '../../utils/Console.js';\nimport { FrodoCommand } from '../FrodoCommand.js';\n\nconst { getTokens } = frodo.login;\n\nconst program = new FrodoCommand(\n  'frodo admin execute-rfc7523-authz-grant-flow'\n);\n\nprogram\n  .description('Execute RFC7523 authorization grant flow.')\n  .addOption(new Option('--client-id [id]', 'Client id.'))\n  .addOption(\n    new Option(\n      '--jwk-file [file]',\n      'Path to JSON Web Key (JWK) file containing private key.'\n    )\n  )\n  .addOption(\n    new Option(\n      '--sub [subject]',\n      'Subject identifier, typically a UUID. Must resolve to a valid user in the realm.'\n    )\n  )\n  .addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.'))\n  .addOption(\n    new Option('--scope [scope]', 'Space-delimited list of scopes.').default(\n      'openid fr:am:* fr:idm:*'\n    )\n  )\n  .addOption(new Option('--json', 'Output in JSON format.'))\n  .action(\n    // implement command logic inside action handler\n    async (host, realm, user, password, options, command) => {\n      command.handleDefaultArgsAndOpts(\n        host,\n        realm,\n        user,\n        password,\n        options,\n        command\n      );\n      if (await getTokens()) {\n        printMessage(\n          `Generating RFC7523 authorization grant artifacts in realm \"${state.getRealm()}\"...`\n        );\n        let clientId = uuidv4();\n        if (options.clientId) {\n          clientId = options.clientId;\n        }\n        let jwk: JwkRsa = undefined;\n        if (options.jwkFile) {\n          try {\n            const data = fs.readFileSync(options.jwkFile);\n            jwk = JSON.parse(data.toString());\n          } catch (error) {\n            printMessage(\n              `Error parsing JWK from file ${options.jwkFile}: ${error.message}`,\n              'error'\n            );\n          }\n        }\n        const outcome = await executeRfc7523AuthZGrantFlow(\n          clientId,\n          options.iss,\n          jwk,\n          options.sub,\n          options.scope.split(' '),\n          options.json\n        );\n        if (!outcome) process.exitCode = 1;\n      } else {\n        process.exitCode = 1;\n      }\n    }\n    // end command logic inside action handler\n  );\n\nprogram.parse();\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAEpD,SAASC,MAAM,QAAQ,WAAW;AAClC,OAAOC,EAAE,MAAM,IAAI;AACnB,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AAEnC,SAASC,4BAA4B,QAAQ,uBAAuB;AACpE,SAASC,YAAY,QAAQ,wBAAwB;AACrD,SAASC,YAAY,QAAQ,oBAAoB;AAEjD,MAAM;EAAEC;AAAU,CAAC,GAAGT,KAAK,CAACU,KAAK;AAEjC,MAAMC,OAAO,GAAG,IAAIH,YAAY,CAC9B,8CACF,CAAC;AAEDG,OAAO,CACJC,WAAW,CAAC,2CAA2C,CAAC,CACxDC,SAAS,CAAC,IAAIX,MAAM,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC,CACvDW,SAAS,CACR,IAAIX,MAAM,CACR,mBAAmB,EACnB,yDACF,CACF,CAAC,CACAW,SAAS,CACR,IAAIX,MAAM,CACR,iBAAiB,EACjB,kFACF,CACF,CAAC,CACAW,SAAS,CAAC,IAAIX,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,CAAC,CAAC,CAC3EW,SAAS,CACR,IAAIX,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,CAACY,OAAO,CACtE,yBACF,CACF,CAAC,CACAD,SAAS,CAAC,IAAIX,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC,CACzDa,MAAM;AACL;AACA,OAAOC,IAAI,EAAEC,KAAK,EAAEC,IAAI,EAAEC,QAAQ,EAAEC,OAAO,EAAEC,OAAO,KAAK;EACvDA,OAAO,CAACC,wBAAwB,CAC9BN,IAAI,EACJC,KAAK,EACLC,IAAI,EACJC,QAAQ,EACRC,OAAO,EACPC,OACF,CAAC;EACD,IAAI,MAAMZ,SAAS,CAAC,CAAC,EAAE;IACrBF,YAAY,CACT,8DAA6DN,KAAK,CAACsB,QAAQ,CAAC,CAAE,MACjF,CAAC;IACD,IAAIC,QAAQ,GAAGnB,MAAM,CAAC,CAAC;IACvB,IAAIe,OAAO,CAACI,QAAQ,EAAE;MACpBA,QAAQ,GAAGJ,OAAO,CAACI,QAAQ;IAC7B;IACA,IAAIC,GAAW,GAAGC,SAAS;IAC3B,IAAIN,OAAO,CAACO,OAAO,EAAE;MACnB,IAAI;QACF,MAAMC,IAAI,GAAGzB,EAAE,CAAC0B,YAAY,CAACT,OAAO,CAACO,OAAO,CAAC;QAC7CF,GAAG,GAAGK,IAAI,CAACC,KAAK,CAACH,IAAI,CAACI,QAAQ,CAAC,CAAC,CAAC;MACnC,CAAC,CAAC,OAAOC,KAAK,EAAE;QACd1B,YAAY,CACT,+BAA8Ba,OAAO,CAACO,OAAQ,KAAIM,KAAK,CAACC,OAAQ,EAAC,EAClE,OACF,CAAC;MACH;IACF;IACA,MAAMC,OAAO,GAAG,MAAM7B,4BAA4B,CAChDkB,QAAQ,EACRJ,OAAO,CAACgB,GAAG,EACXX,GAAG,EACHL,OAAO,CAACiB,GAAG,EACXjB,OAAO,CAACkB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC,EACxBnB,OAAO,CAACoB,IACV,CAAC;IACD,IAAI,CAACL,OAAO,EAAEM,OAAO,CAACC,QAAQ,GAAG,CAAC;EACpC,CAAC,MAAM;IACLD,OAAO,CAACC,QAAQ,GAAG,CAAC;EACtB;AACF;AACA;AACF,CAAC;;AAEH/B,OAAO,CAACoB,KAAK,CAAC,CAAC"}
+{"version":3,"file":"admin-execute-rfc7523-authz-grant-flow.js","names":["frodo","state","Option","fs","v4","uuidv4","s","executeRfc7523AuthZGrantFlow","printMessage","FrodoCommand","getTokens","login","program","description","addOption","default","addHelpText","amBaseUrl","action","host","realm","user","password","options","command","handleDefaultArgsAndOpts","getRealm","clientId","jwk","undefined","jwkFile","data","readFileSync","JSON","parse","toString","error","message","outcome","iss","sub","scope","split","json","process","exitCode"],"sources":["../../../src/cli/admin/admin-execute-rfc7523-authz-grant-flow.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { JwkRsa } from '@rockcarver/frodo-lib/types/ops/JoseOps.js';\nimport { Option } from 'commander';\nimport fs from 'fs';\nimport { v4 as uuidv4 } from 'uuid';\n\nimport * as s from '../../help/SampleData';\nimport { executeRfc7523AuthZGrantFlow } from '../../ops/AdminOps.js';\nimport { printMessage } from '../../utils/Console.js';\nimport { FrodoCommand } from '../FrodoCommand.js';\n\nconst { getTokens } = frodo.login;\n\nconst program = new FrodoCommand(\n  'frodo admin execute-rfc7523-authz-grant-flow'\n);\n\nprogram\n  .description('Execute RFC7523 authorization grant flow.')\n  .addOption(new Option('--client-id [id]', 'Client id.'))\n  .addOption(\n    new Option(\n      '--jwk-file [file]',\n      'Path to JSON Web Key (JWK) file containing private key.'\n    )\n  )\n  .addOption(\n    new Option(\n      '--sub [subject]',\n      'Subject identifier, typically a UUID. Must resolve to a valid user in the realm.'\n    )\n  )\n  .addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.'))\n  .addOption(\n    new Option('--scope [scope]', 'Space-delimited list of scopes.').default(\n      'openid fr:am:* fr:idm:*'\n    )\n  )\n  .addOption(new Option('--json', 'Output in JSON format.'))\n  .addHelpText(\n    'after',\n    `Usage Examples:\\n` +\n      `  If you used frodo to create the RFC7523 configuration (see 'Related Commands' below), then you can test your configuration with minimal input and frodo will locate the missing parameters. The command below returns access token and identity token:\\n` +\n      `  $ frodo admin execute-rfc7523-authz-grant-flow --client-id rfc7523-client1 ${s.amBaseUrl}\\n`[\n        'brightCyan'\n      ] +\n      `  Same as above but output raw json:\\n` +\n      `  $ frodo admin execute-rfc7523-authz-grant-flow --client-id rfc7523-client1 --json ${s.amBaseUrl}'\\n`[\n        'brightCyan'\n      ] +\n      `  Same as first command above but explicitly provide all parameters:\\n` +\n      `  $ frodo admin execute-rfc7523-authz-grant-flow --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --jwk-file rfc7523-client1_private.jwk.json ${s.amBaseUrl}'\\n`[\n        'brightCyan'\n      ] +\n      `\\nRelated Commands:\\n` +\n      `  Run ${\n        'frodo admin generate-rfc7523-authz-grant-artifacts --help'[\n          'brightCyan'\n        ]\n      } to see how to create the required configuration artifacts for ${\n        'frodo admin execute-rfc7523-authz-grant-flow'['brightCyan']\n      }:\\n`\n  )\n  .action(\n    // implement command logic inside action handler\n    async (host, realm, user, password, options, command) => {\n      command.handleDefaultArgsAndOpts(\n        host,\n        realm,\n        user,\n        password,\n        options,\n        command\n      );\n      if (await getTokens()) {\n        printMessage(\n          `Generating RFC7523 authorization grant artifacts in realm \"${state.getRealm()}\"...`\n        );\n        let clientId = uuidv4();\n        if (options.clientId) {\n          clientId = options.clientId;\n        }\n        let jwk: JwkRsa = undefined;\n        if (options.jwkFile) {\n          try {\n            const data = fs.readFileSync(options.jwkFile);\n            jwk = JSON.parse(data.toString());\n          } catch (error) {\n            printMessage(\n              `Error parsing JWK from file ${options.jwkFile}: ${error.message}`,\n              'error'\n            );\n          }\n        }\n        const outcome = await executeRfc7523AuthZGrantFlow(\n          clientId,\n          options.iss,\n          jwk,\n          options.sub,\n          options.scope.split(' '),\n          options.json\n        );\n        if (!outcome) process.exitCode = 1;\n      } else {\n        process.exitCode = 1;\n      }\n    }\n    // end command logic inside action handler\n  );\n\nprogram.parse();\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAEpD,SAASC,MAAM,QAAQ,WAAW;AAClC,OAAOC,EAAE,MAAM,IAAI;AACnB,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AAEnC,OAAO,KAAKC,CAAC,MAAM,uBAAuB;AAC1C,SAASC,4BAA4B,QAAQ,uBAAuB;AACpE,SAASC,YAAY,QAAQ,wBAAwB;AACrD,SAASC,YAAY,QAAQ,oBAAoB;AAEjD,MAAM;EAAEC;AAAU,CAAC,GAAGV,KAAK,CAACW,KAAK;AAEjC,MAAMC,OAAO,GAAG,IAAIH,YAAY,CAC9B,8CACF,CAAC;AAEDG,OAAO,CACJC,WAAW,CAAC,2CAA2C,CAAC,CACxDC,SAAS,CAAC,IAAIZ,MAAM,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC,CACvDY,SAAS,CACR,IAAIZ,MAAM,CACR,mBAAmB,EACnB,yDACF,CACF,CAAC,CACAY,SAAS,CACR,IAAIZ,MAAM,CACR,iBAAiB,EACjB,kFACF,CACF,CAAC,CACAY,SAAS,CAAC,IAAIZ,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,CAAC,CAAC,CAC3EY,SAAS,CACR,IAAIZ,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,CAACa,OAAO,CACtE,yBACF,CACF,CAAC,CACAD,SAAS,CAAC,IAAIZ,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC,CACzDc,WAAW,CACV,OAAO,EACN,mBAAkB,GAChB,4PAA2P,GAC3P,gFAA+EV,CAAC,CAACW,SAAU,IAAG,CAC7F,YAAY,CACb,GACA,wCAAuC,GACvC,uFAAsFX,CAAC,CAACW,SAAU,KAAI,CACrG,YAAY,CACb,GACA,wEAAuE,GACvE,0MAAyMX,CAAC,CAACW,SAAU,KAAI,CACxN,YAAY,CACb,GACA,uBAAsB,GACtB,SACC,2DAA2D,CACzD,YAAY,CAEf,kEACC,8CAA8C,CAAC,YAAY,CAC5D,KACL,CAAC,CACAC,MAAM;AACL;AACA,OAAOC,IAAI,EAAEC,KAAK,EAAEC,IAAI,EAAEC,QAAQ,EAAEC,OAAO,EAAEC,OAAO,KAAK;EACvDA,OAAO,CAACC,wBAAwB,CAC9BN,IAAI,EACJC,KAAK,EACLC,IAAI,EACJC,QAAQ,EACRC,OAAO,EACPC,OACF,CAAC;EACD,IAAI,MAAMd,SAAS,CAAC,CAAC,EAAE;IACrBF,YAAY,CACT,8DAA6DP,KAAK,CAACyB,QAAQ,CAAC,CAAE,MACjF,CAAC;IACD,IAAIC,QAAQ,GAAGtB,MAAM,CAAC,CAAC;IACvB,IAAIkB,OAAO,CAACI,QAAQ,EAAE;MACpBA,QAAQ,GAAGJ,OAAO,CAACI,QAAQ;IAC7B;IACA,IAAIC,GAAW,GAAGC,SAAS;IAC3B,IAAIN,OAAO,CAACO,OAAO,EAAE;MACnB,IAAI;QACF,MAAMC,IAAI,GAAG5B,EAAE,CAAC6B,YAAY,CAACT,OAAO,CAACO,OAAO,CAAC;QAC7CF,GAAG,GAAGK,IAAI,CAACC,KAAK,CAACH,IAAI,CAACI,QAAQ,CAAC,CAAC,CAAC;MACnC,CAAC,CAAC,OAAOC,KAAK,EAAE;QACd5B,YAAY,CACT,+BAA8Be,OAAO,CAACO,OAAQ,KAAIM,KAAK,CAACC,OAAQ,EAAC,EAClE,OACF,CAAC;MACH;IACF;IACA,MAAMC,OAAO,GAAG,MAAM/B,4BAA4B,CAChDoB,QAAQ,EACRJ,OAAO,CAACgB,GAAG,EACXX,GAAG,EACHL,OAAO,CAACiB,GAAG,EACXjB,OAAO,CAACkB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC,EACxBnB,OAAO,CAACoB,IACV,CAAC;IACD,IAAI,CAACL,OAAO,EAAEM,OAAO,CAACC,QAAQ,GAAG,CAAC;EACpC,CAAC,MAAM;IACLD,OAAO,CAACC,QAAQ,GAAG,CAAC;EACtB;AACF;AACA;AACF,CAAC;;AAEHjC,OAAO,CAACsB,KAAK,CAAC,CAAC"}

package/esm/cli/admin/admin-generate-rfc7523-authz-grant-artifacts.js

@@ -2,6 +2,7 @@ import { frodo, state } from '@rockcarver/frodo-lib';
 import { Option } from 'commander';
 import fs from 'fs';
 import { v4 as uuidv4 } from 'uuid';
+import * as s from '../../help/SampleData';
 import { generateRfc7523AuthZGrantArtifacts } from '../../ops/AdminOps.js';
 import { printMessage } from '../../utils/Console.js';
 import { FrodoCommand } from '../FrodoCommand.js';
@@ -9,7 +10,7 @@ const {
   getTokens
 } = frodo.login;
 const program = new FrodoCommand('frodo admin generate-rfc7523-authz-grant-artifacts');
-program.description('Generate RFC7523 authorization grant artifacts.').addOption(new Option('--client-id [id]', 'Client id.')).addOption(new Option('--jwk-file [file]', 'Path to JSON Web Key (JWK) file containing private key.')).addOption(new Option('--sub [subject]', 'Subject identifier, typically a UUID. Must resolve to a valid user in the realm.')).addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.')).addOption(new Option('--scope [scope]', 'Space-delimited list of scopes.').default('openid fr:am:* fr:idm:*')).addOption(new Option('--no-save', 'Do not save artifacts in AM and to file By default this command creates a fully configured oauth2 client and trusted issuer in AM and saves the generated JWK (private key) and JWKS (public key set) to files.')).addOption(new Option('--json', 'Output in JSON format.')).action(
+program.description('Generate RFC7523 authorization grant artifacts.').addOption(new Option('--client-id [id]', 'Client id.')).addOption(new Option('--jwk-file [file]', 'Path to JSON Web Key (JWK) file containing private key.')).addOption(new Option('--sub [subject]', 'Subject identifier, typically a UUID. Must resolve to a valid user in the realm. Restricts the trusted issuer to only this subject by adding the identifier to the list of allowed subjects. Omitting this option allows the trusted issuer to request tokens for any realm user without restrictions.')).addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.')).addOption(new Option('--scope [scope]', 'Space-delimited list of scopes.').default('openid fr:am:* fr:idm:*')).addOption(new Option('--no-save', 'Do not save artifacts in AM and to file By default this command creates a fully configured oauth2 client and trusted issuer in AM and saves the generated JWK (private key) and JWKS (public key set) to files.')).addOption(new Option('--json', 'Output in JSON format.')).addHelpText('after', `Usage Examples:\n` + `  Generate, output to console, and save all the artifacts for an RFC7523 authorization grant flow configuration limited to one particular subject:\n` + `  - Fully configured OAuth2 client - named '<clientId>'\n` + `  - Fully configured OAuth2 trusted issuer - named '<clientId>-issuer'\n` + `  - Private Key as Json Web Key (JWK) - named '<clientId>_private.jwk.json'\n` + `  - Public Key as Json Web Key Set (JWKS) - named '<clientId>_public.jwks.json'\n` + `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d ${s.amBaseUrl}\n`['brightCyan'] + `  Same as above but use an existing JWK file instead of creating one.\n` + `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --jwk-file rfc7523-client1_private.jwk.json ${s.amBaseUrl}\n`['brightCyan'] + `  Generate and output to console all the artifacts for an RFC7523 authorization grant flow configuration but do not create any configuration or files.\n` + `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --no-save ${s.amBaseUrl}\n`['brightCyan'] + `  Generate and output in json format all the artifacts for an RFC7523 authorization grant flow configuration.\n` + `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --json ${s.amBaseUrl}\n`['brightCyan'] + `\nRelated Commands:\n` + `  Run ${'frodo admin execute-rfc7523-authz-grant-flow --help'['brightCyan']} to see how to test your configuration created with ${'frodo admin generate-rfc7523-authz-grant-artifacts'['brightCyan']}:\n`).action(
 // implement command logic inside action handler
 async (host, realm, user, password, options, command) => {
   command.handleDefaultArgsAndOpts(host, realm, user, password, options, command);

package/esm/cli/admin/admin-generate-rfc7523-authz-grant-artifacts.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-generate-rfc7523-authz-grant-artifacts.js","names":["frodo","state","Option","fs","v4","uuidv4","generateRfc7523AuthZGrantArtifacts","printMessage","FrodoCommand","getTokens","login","program","description","addOption","default","action","host","realm","user","password","options","command","handleDefaultArgsAndOpts","getRealm","clientId","jwk","undefined","jwkFile","data","readFileSync","JSON","parse","toString","error","message","outcome","iss","sub","scope","split","save","json","process","exitCode"],"sources":["../../../src/cli/admin/admin-generate-rfc7523-authz-grant-artifacts.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { JwkRsa } from '@rockcarver/frodo-lib/types/ops/JoseOps.js';\nimport { Option } from 'commander';\nimport fs from 'fs';\nimport { v4 as uuidv4 } from 'uuid';\n\nimport { generateRfc7523AuthZGrantArtifacts } from '../../ops/AdminOps.js';\nimport { printMessage } from '../../utils/Console.js';\nimport { FrodoCommand } from '../FrodoCommand.js';\n\nconst { getTokens } = frodo.login;\n\nconst program = new FrodoCommand(\n  'frodo admin generate-rfc7523-authz-grant-artifacts'\n);\n\nprogram\n  .description('Generate RFC7523 authorization grant artifacts.')\n  .addOption(new Option('--client-id [id]', 'Client id.'))\n  .addOption(\n    new Option(\n      '--jwk-file [file]',\n      'Path to JSON Web Key (JWK) file containing private key.'\n    )\n  )\n  .addOption(\n    new Option(\n      '--sub [subject]',\n      'Subject identifier, typically a UUID. Must resolve to a valid user in the realm.'\n    )\n  )\n  .addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.'))\n  .addOption(\n    new Option('--scope [scope]', 'Space-delimited list of scopes.').default(\n      'openid fr:am:* fr:idm:*'\n    )\n  )\n  .addOption(\n    new Option(\n      '--no-save',\n      'Do not save artifacts in AM and to file By default this command creates a fully configured oauth2 client and trusted issuer in AM and saves the generated JWK (private key) and JWKS (public key set) to files.'\n    )\n  )\n  .addOption(new Option('--json', 'Output in JSON format.'))\n  .action(\n    // implement command logic inside action handler\n    async (host, realm, user, password, options, command) => {\n      command.handleDefaultArgsAndOpts(\n        host,\n        realm,\n        user,\n        password,\n        options,\n        command\n      );\n      if (await getTokens()) {\n        printMessage(\n          `Generating RFC7523 authorization grant artifacts in realm \"${state.getRealm()}\"...`\n        );\n        let clientId = uuidv4();\n        if (options.clientId) {\n          clientId = options.clientId;\n        }\n        let jwk: JwkRsa = undefined;\n        if (options.jwkFile) {\n          try {\n            const data = fs.readFileSync(options.jwkFile);\n            jwk = JSON.parse(data.toString());\n          } catch (error) {\n            printMessage(\n              `Error parsing JWK from file ${options.jwkFile}: ${error.message}`,\n              'error'\n            );\n          }\n        }\n        const outcome = await generateRfc7523AuthZGrantArtifacts(\n          clientId,\n          options.iss,\n          jwk,\n          options.sub,\n          options.scope.split(' '),\n          { save: options.save },\n          options.json\n        );\n        if (!outcome) process.exitCode = 1;\n      } else {\n        process.exitCode = 1;\n      }\n    }\n    // end command logic inside action handler\n  );\n\nprogram.parse();\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAEpD,SAASC,MAAM,QAAQ,WAAW;AAClC,OAAOC,EAAE,MAAM,IAAI;AACnB,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AAEnC,SAASC,kCAAkC,QAAQ,uBAAuB;AAC1E,SAASC,YAAY,QAAQ,wBAAwB;AACrD,SAASC,YAAY,QAAQ,oBAAoB;AAEjD,MAAM;EAAEC;AAAU,CAAC,GAAGT,KAAK,CAACU,KAAK;AAEjC,MAAMC,OAAO,GAAG,IAAIH,YAAY,CAC9B,oDACF,CAAC;AAEDG,OAAO,CACJC,WAAW,CAAC,iDAAiD,CAAC,CAC9DC,SAAS,CAAC,IAAIX,MAAM,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC,CACvDW,SAAS,CACR,IAAIX,MAAM,CACR,mBAAmB,EACnB,yDACF,CACF,CAAC,CACAW,SAAS,CACR,IAAIX,MAAM,CACR,iBAAiB,EACjB,kFACF,CACF,CAAC,CACAW,SAAS,CAAC,IAAIX,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,CAAC,CAAC,CAC3EW,SAAS,CACR,IAAIX,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,CAACY,OAAO,CACtE,yBACF,CACF,CAAC,CACAD,SAAS,CACR,IAAIX,MAAM,CACR,WAAW,EACX,iNACF,CACF,CAAC,CACAW,SAAS,CAAC,IAAIX,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC,CACzDa,MAAM;AACL;AACA,OAAOC,IAAI,EAAEC,KAAK,EAAEC,IAAI,EAAEC,QAAQ,EAAEC,OAAO,EAAEC,OAAO,KAAK;EACvDA,OAAO,CAACC,wBAAwB,CAC9BN,IAAI,EACJC,KAAK,EACLC,IAAI,EACJC,QAAQ,EACRC,OAAO,EACPC,OACF,CAAC;EACD,IAAI,MAAMZ,SAAS,CAAC,CAAC,EAAE;IACrBF,YAAY,CACT,8DAA6DN,KAAK,CAACsB,QAAQ,CAAC,CAAE,MACjF,CAAC;IACD,IAAIC,QAAQ,GAAGnB,MAAM,CAAC,CAAC;IACvB,IAAIe,OAAO,CAACI,QAAQ,EAAE;MACpBA,QAAQ,GAAGJ,OAAO,CAACI,QAAQ;IAC7B;IACA,IAAIC,GAAW,GAAGC,SAAS;IAC3B,IAAIN,OAAO,CAACO,OAAO,EAAE;MACnB,IAAI;QACF,MAAMC,IAAI,GAAGzB,EAAE,CAAC0B,YAAY,CAACT,OAAO,CAACO,OAAO,CAAC;QAC7CF,GAAG,GAAGK,IAAI,CAACC,KAAK,CAACH,IAAI,CAACI,QAAQ,CAAC,CAAC,CAAC;MACnC,CAAC,CAAC,OAAOC,KAAK,EAAE;QACd1B,YAAY,CACT,+BAA8Ba,OAAO,CAACO,OAAQ,KAAIM,KAAK,CAACC,OAAQ,EAAC,EAClE,OACF,CAAC;MACH;IACF;IACA,MAAMC,OAAO,GAAG,MAAM7B,kCAAkC,CACtDkB,QAAQ,EACRJ,OAAO,CAACgB,GAAG,EACXX,GAAG,EACHL,OAAO,CAACiB,GAAG,EACXjB,OAAO,CAACkB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC,EACxB;MAAEC,IAAI,EAAEpB,OAAO,CAACoB;IAAK,CAAC,EACtBpB,OAAO,CAACqB,IACV,CAAC;IACD,IAAI,CAACN,OAAO,EAAEO,OAAO,CAACC,QAAQ,GAAG,CAAC;EACpC,CAAC,MAAM;IACLD,OAAO,CAACC,QAAQ,GAAG,CAAC;EACtB;AACF;AACA;AACF,CAAC;;AAEHhC,OAAO,CAACoB,KAAK,CAAC,CAAC"}
+{"version":3,"file":"admin-generate-rfc7523-authz-grant-artifacts.js","names":["frodo","state","Option","fs","v4","uuidv4","s","generateRfc7523AuthZGrantArtifacts","printMessage","FrodoCommand","getTokens","login","program","description","addOption","default","addHelpText","amBaseUrl","action","host","realm","user","password","options","command","handleDefaultArgsAndOpts","getRealm","clientId","jwk","undefined","jwkFile","data","readFileSync","JSON","parse","toString","error","message","outcome","iss","sub","scope","split","save","json","process","exitCode"],"sources":["../../../src/cli/admin/admin-generate-rfc7523-authz-grant-artifacts.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { JwkRsa } from '@rockcarver/frodo-lib/types/ops/JoseOps.js';\nimport { Option } from 'commander';\nimport fs from 'fs';\nimport { v4 as uuidv4 } from 'uuid';\n\nimport * as s from '../../help/SampleData';\nimport { generateRfc7523AuthZGrantArtifacts } from '../../ops/AdminOps.js';\nimport { printMessage } from '../../utils/Console.js';\nimport { FrodoCommand } from '../FrodoCommand.js';\n\nconst { getTokens } = frodo.login;\n\nconst program = new FrodoCommand(\n  'frodo admin generate-rfc7523-authz-grant-artifacts'\n);\n\nprogram\n  .description('Generate RFC7523 authorization grant artifacts.')\n  .addOption(new Option('--client-id [id]', 'Client id.'))\n  .addOption(\n    new Option(\n      '--jwk-file [file]',\n      'Path to JSON Web Key (JWK) file containing private key.'\n    )\n  )\n  .addOption(\n    new Option(\n      '--sub [subject]',\n      'Subject identifier, typically a UUID. Must resolve to a valid user in the realm. Restricts the trusted issuer to only this subject by adding the identifier to the list of allowed subjects. Omitting this option allows the trusted issuer to request tokens for any realm user without restrictions.'\n    )\n  )\n  .addOption(new Option('--iss [issuer]', 'Trusted issuer, typically a URL.'))\n  .addOption(\n    new Option('--scope [scope]', 'Space-delimited list of scopes.').default(\n      'openid fr:am:* fr:idm:*'\n    )\n  )\n  .addOption(\n    new Option(\n      '--no-save',\n      'Do not save artifacts in AM and to file By default this command creates a fully configured oauth2 client and trusted issuer in AM and saves the generated JWK (private key) and JWKS (public key set) to files.'\n    )\n  )\n  .addOption(new Option('--json', 'Output in JSON format.'))\n  .addHelpText(\n    'after',\n    `Usage Examples:\\n` +\n      `  Generate, output to console, and save all the artifacts for an RFC7523 authorization grant flow configuration limited to one particular subject:\\n` +\n      `  - Fully configured OAuth2 client - named '<clientId>'\\n` +\n      `  - Fully configured OAuth2 trusted issuer - named '<clientId>-issuer'\\n` +\n      `  - Private Key as Json Web Key (JWK) - named '<clientId>_private.jwk.json'\\n` +\n      `  - Public Key as Json Web Key Set (JWKS) - named '<clientId>_public.jwks.json'\\n` +\n      `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d ${s.amBaseUrl}\\n`[\n        'brightCyan'\n      ] +\n      `  Same as above but use an existing JWK file instead of creating one.\\n` +\n      `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --jwk-file rfc7523-client1_private.jwk.json ${s.amBaseUrl}\\n`[\n        'brightCyan'\n      ] +\n      `  Generate and output to console all the artifacts for an RFC7523 authorization grant flow configuration but do not create any configuration or files.\\n` +\n      `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --no-save ${s.amBaseUrl}\\n`[\n        'brightCyan'\n      ] +\n      `  Generate and output in json format all the artifacts for an RFC7523 authorization grant flow configuration.\\n` +\n      `  $ frodo admin generate-rfc7523-authz-grant-artifacts --client-id rfc7523-client1 --iss https://my-issuer.com/issuer --sub 146c2230-9448-4442-b86d-eb4a81a0121d --json ${s.amBaseUrl}\\n`[\n        'brightCyan'\n      ] +\n      `\\nRelated Commands:\\n` +\n      `  Run ${\n        'frodo admin execute-rfc7523-authz-grant-flow --help'['brightCyan']\n      } to see how to test your configuration created with ${\n        'frodo admin generate-rfc7523-authz-grant-artifacts'['brightCyan']\n      }:\\n`\n  )\n  .action(\n    // implement command logic inside action handler\n    async (host, realm, user, password, options, command) => {\n      command.handleDefaultArgsAndOpts(\n        host,\n        realm,\n        user,\n        password,\n        options,\n        command\n      );\n      if (await getTokens()) {\n        printMessage(\n          `Generating RFC7523 authorization grant artifacts in realm \"${state.getRealm()}\"...`\n        );\n        let clientId = uuidv4();\n        if (options.clientId) {\n          clientId = options.clientId;\n        }\n        let jwk: JwkRsa = undefined;\n        if (options.jwkFile) {\n          try {\n            const data = fs.readFileSync(options.jwkFile);\n            jwk = JSON.parse(data.toString());\n          } catch (error) {\n            printMessage(\n              `Error parsing JWK from file ${options.jwkFile}: ${error.message}`,\n              'error'\n            );\n          }\n        }\n        const outcome = await generateRfc7523AuthZGrantArtifacts(\n          clientId,\n          options.iss,\n          jwk,\n          options.sub,\n          options.scope.split(' '),\n          { save: options.save },\n          options.json\n        );\n        if (!outcome) process.exitCode = 1;\n      } else {\n        process.exitCode = 1;\n      }\n    }\n    // end command logic inside action handler\n  );\n\nprogram.parse();\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAEpD,SAASC,MAAM,QAAQ,WAAW;AAClC,OAAOC,EAAE,MAAM,IAAI;AACnB,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AAEnC,OAAO,KAAKC,CAAC,MAAM,uBAAuB;AAC1C,SAASC,kCAAkC,QAAQ,uBAAuB;AAC1E,SAASC,YAAY,QAAQ,wBAAwB;AACrD,SAASC,YAAY,QAAQ,oBAAoB;AAEjD,MAAM;EAAEC;AAAU,CAAC,GAAGV,KAAK,CAACW,KAAK;AAEjC,MAAMC,OAAO,GAAG,IAAIH,YAAY,CAC9B,oDACF,CAAC;AAEDG,OAAO,CACJC,WAAW,CAAC,iDAAiD,CAAC,CAC9DC,SAAS,CAAC,IAAIZ,MAAM,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC,CACvDY,SAAS,CACR,IAAIZ,MAAM,CACR,mBAAmB,EACnB,yDACF,CACF,CAAC,CACAY,SAAS,CACR,IAAIZ,MAAM,CACR,iBAAiB,EACjB,wSACF,CACF,CAAC,CACAY,SAAS,CAAC,IAAIZ,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,CAAC,CAAC,CAC3EY,SAAS,CACR,IAAIZ,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,CAACa,OAAO,CACtE,yBACF,CACF,CAAC,CACAD,SAAS,CACR,IAAIZ,MAAM,CACR,WAAW,EACX,iNACF,CACF,CAAC,CACAY,SAAS,CAAC,IAAIZ,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC,CACzDc,WAAW,CACV,OAAO,EACN,mBAAkB,GAChB,sJAAqJ,GACrJ,2DAA0D,GAC1D,0EAAyE,GACzE,+EAA8E,GAC9E,mFAAkF,GAClF,oKAAmKV,CAAC,CAACW,SAAU,IAAG,CACjL,YAAY,CACb,GACA,yEAAwE,GACxE,gNAA+MX,CAAC,CAACW,SAAU,IAAG,CAC7N,YAAY,CACb,GACA,0JAAyJ,GACzJ,8KAA6KX,CAAC,CAACW,SAAU,IAAG,CAC3L,YAAY,CACb,GACA,iHAAgH,GAChH,2KAA0KX,CAAC,CAACW,SAAU,IAAG,CACxL,YAAY,CACb,GACA,uBAAsB,GACtB,SACC,qDAAqD,CAAC,YAAY,CACnE,uDACC,oDAAoD,CAAC,YAAY,CAClE,KACL,CAAC,CACAC,MAAM;AACL;AACA,OAAOC,IAAI,EAAEC,KAAK,EAAEC,IAAI,EAAEC,QAAQ,EAAEC,OAAO,EAAEC,OAAO,KAAK;EACvDA,OAAO,CAACC,wBAAwB,CAC9BN,IAAI,EACJC,KAAK,EACLC,IAAI,EACJC,QAAQ,EACRC,OAAO,EACPC,OACF,CAAC;EACD,IAAI,MAAMd,SAAS,CAAC,CAAC,EAAE;IACrBF,YAAY,CACT,8DAA6DP,KAAK,CAACyB,QAAQ,CAAC,CAAE,MACjF,CAAC;IACD,IAAIC,QAAQ,GAAGtB,MAAM,CAAC,CAAC;IACvB,IAAIkB,OAAO,CAACI,QAAQ,EAAE;MACpBA,QAAQ,GAAGJ,OAAO,CAACI,QAAQ;IAC7B;IACA,IAAIC,GAAW,GAAGC,SAAS;IAC3B,IAAIN,OAAO,CAACO,OAAO,EAAE;MACnB,IAAI;QACF,MAAMC,IAAI,GAAG5B,EAAE,CAAC6B,YAAY,CAACT,OAAO,CAACO,OAAO,CAAC;QAC7CF,GAAG,GAAGK,IAAI,CAACC,KAAK,CAACH,IAAI,CAACI,QAAQ,CAAC,CAAC,CAAC;MACnC,CAAC,CAAC,OAAOC,KAAK,EAAE;QACd5B,YAAY,CACT,+BAA8Be,OAAO,CAACO,OAAQ,KAAIM,KAAK,CAACC,OAAQ,EAAC,EAClE,OACF,CAAC;MACH;IACF;IACA,MAAMC,OAAO,GAAG,MAAM/B,kCAAkC,CACtDoB,QAAQ,EACRJ,OAAO,CAACgB,GAAG,EACXX,GAAG,EACHL,OAAO,CAACiB,GAAG,EACXjB,OAAO,CAACkB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC,EACxB;MAAEC,IAAI,EAAEpB,OAAO,CAACoB;IAAK,CAAC,EACtBpB,OAAO,CAACqB,IACV,CAAC;IACD,IAAI,CAACN,OAAO,EAAEO,OAAO,CAACC,QAAQ,GAAG,CAAC;EACpC,CAAC,MAAM;IACLD,OAAO,CAACC,QAAQ,GAAG,CAAC;EACtB;AACF;AACA;AACF,CAAC;;AAEHlC,OAAO,CAACsB,KAAK,CAAC,CAAC"}

package/esm/ops/AdminOps.js

@@ -91,36 +91,48 @@ export async function executeRfc7523AuthZGrantFlow(clientId, iss, jwk, sub, scop
   let tokenResponse;
   let spinnerId;
   try {
-    spinnerId = createProgressIndicator('indeterminate', 0, 'Executing rfc7523 authz grant flow...');
     let issuer;
     // make sure we have an issuer
     if (!iss) {
+      let issSpinnerId;
       try {
+        issSpinnerId = createProgressIndicator('indeterminate', 0, 'No issuer provided, attempting to find suitable issuer...');
         if (!issuer) issuer = await readOAuth2TrustedJwtIssuer(clientId + '-issuer');
-        iss = issuer.issuer;
+        iss = issuer.issuer.value;
+        stopProgressIndicator(issSpinnerId, `Found suitable issuer: ${clientId + '-issuer'} - ${iss}`, 'success');
       } catch (error) {
-        throw new Error(`No issuer provided and no suitable issuer could be found: ${error.message}`);
+        stopProgressIndicator(issSpinnerId, `No issuer provided and no suitable issuer could be found: ${error.message}`, 'fail');
       }
     }
     // make sure we have a JWK
     if (!jwk) {
+      let jwkSpinnerId;
       try {
+        jwkSpinnerId = createProgressIndicator('indeterminate', 0, 'No JWK provided, attempting to locate a suitable JWK...');
         jwk = JSON.parse(fs.readFileSync(getJwkFilePath(clientId), 'utf8'));
+        stopProgressIndicator(jwkSpinnerId, `Loaded private key JWK from: ${getJwkFilePath(clientId)}`, 'success');
       } catch (error) {
-        throw new Error(`No JWK provided and no suitable JWK could be loaded from file: ${error.message}`);
+        stopProgressIndicator(jwkSpinnerId, `No JWK provided and no suitable JWK could be loaded from file: ${error.message}`, 'fail');
       }
     }
     // make sure we have a subject
     if (!sub) {
+      let subSpinnerId;
       try {
+        subSpinnerId = createProgressIndicator('indeterminate', 0, 'Executing rfc7523 authz grant flow...');
         if (!issuer) issuer = await frodo.oauth2oidc.issuer.readOAuth2TrustedJwtIssuer(clientId + '-issuer');
-        if (issuer.allowedSubjects && issuer.allowedSubjects.length) sub = issuer.allowedSubjects[0];
+        if (issuer.allowedSubjects.value && issuer.allowedSubjects.value.length) sub = issuer.allowedSubjects.value[0];
       } catch (error) {
-        throw new Error(`No subject provided and no suitable subject could be extracted from the trusted issuer configuration: ${error.message}`);
+        stopProgressIndicator(subSpinnerId, `No subject provided and no suitable subject could be extracted from the trusted issuer configuration: ${error.message}`, 'fail');
+      }
+      if (sub) {
+        stopProgressIndicator(subSpinnerId, `Using first subject from issuer's allowed subjects: ${sub}`, 'success');
+      } else {
+        stopProgressIndicator(subSpinnerId, `No subject provided and no suitable subject could be extracted from the trusted issuer's list of allowed subjects.`, 'success');
       }
-      if (!sub) throw new Error(`No subject provided and no suitable subject could be extracted from the trusted issuer's list of allowed subjects.`);
     }
     // we got everything we need, let's get that token
+    spinnerId = createProgressIndicator('indeterminate', 0, 'Executing rfc7523 authz grant flow...');
     tokenResponse = await _executeRfc7523AuthZGrantFlow(clientId, iss, jwk, sub, scope);
     stopProgressIndicator(spinnerId, 'Successfully executed rfc7523 authz grant flow.', 'success');
   } catch (error) {

package/esm/ops/AdminOps.js.map

@@ -1 +1 @@
-{"version":3,"file":"AdminOps.js","names":["frodo","state","fs","cleanupProgressIndicators","createKeyValueTable","createProgressIndicator","printMessage","stopProgressIndicator","updateProgressIndicator","extractScriptToFile","getRealmName","getTypedFilename","titleCase","saveJsonToFile","getFilePath","getWorkingDirectory","utils","exportFullConfiguration","generateRfc7523AuthZGrantArtifacts","_generateRfc7523AuthZGrantArtifacts","executeRfc7523AuthZGrantFlow","_executeRfc7523AuthZGrantFlow","admin","stringify","json","readOAuth2TrustedJwtIssuer","oauth2oidc","issuer","getJwkFilePath","clientId","getJwksFilePath","iss","jwk","sub","scope","options","artifacts","barId","save","jwkFile","jwksFile","jwkBarId","jwksBarId","jwks","_artifacts$issuer$all","_artifacts$issuer$all2","getRealm","client","push","coreOAuth2ClientConfig","scopes","value","join","clientType","advancedOAuth2ClientConfig","grantTypes","isConsentImplied","tokenEndpointAuthMethod","signEncOAuth2ClientConfig","publicKeyLocation","toString","_id","allowedSubjects","length","error","tokenResponse","spinnerId","Error","message","JSON","parse","readFileSync","_error$response","response","data","access_token","id_token","exportEverythingToFile","file","useStringArrays","noDecode","exportData","fileName","exportEverythingToFiles","extract","meta","baseDirectory","Object","entries","forEach","type","obj","existsSync","mkdirSync","samlData","saml","cot","hosted","metadata","remote","id","concat","filename","entityId","samlType","authentication","name","includes","slice","lastIndexOf","recursive"],"sources":["../../src/ops/AdminOps.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { Writable } from '@rockcarver/frodo-lib/types/api/ApiTypes';\nimport { OAuth2ClientSkeleton } from '@rockcarver/frodo-lib/types/api/OAuth2ClientApi';\nimport { AccessTokenResponseType } from '@rockcarver/frodo-lib/types/api/OAuth2OIDCApi';\nimport { OAuth2TrustedJwtIssuerSkeleton } from '@rockcarver/frodo-lib/types/api/OAuth2TrustedJwtIssuerApi';\nimport {\n  FullExportInterface,\n  FullExportOptions,\n} from '@rockcarver/frodo-lib/types/ops/AdminOps';\nimport { JwkRsa, JwksInterface } from '@rockcarver/frodo-lib/types/ops/JoseOps';\nimport { ScriptExportInterface } from '@rockcarver/frodo-lib/types/ops/ScriptOps';\nimport fs from 'fs';\n\nimport {\n  cleanupProgressIndicators,\n  createKeyValueTable,\n  createProgressIndicator,\n  printMessage,\n  stopProgressIndicator,\n  updateProgressIndicator,\n} from '../utils/Console';\nimport { extractScriptToFile } from './ScriptOps';\n\nconst {\n  getRealmName,\n  getTypedFilename,\n  titleCase,\n  saveJsonToFile,\n  getFilePath,\n  getWorkingDirectory,\n} = frodo.utils;\nconst {\n  exportFullConfiguration,\n  generateRfc7523AuthZGrantArtifacts: _generateRfc7523AuthZGrantArtifacts,\n  executeRfc7523AuthZGrantFlow: _executeRfc7523AuthZGrantFlow,\n} = frodo.admin;\nconst { stringify } = frodo.utils.json;\nconst { readOAuth2TrustedJwtIssuer } = frodo.oauth2oidc.issuer;\n\nfunction getJwkFilePath(clientId: string): string {\n  return getFilePath(getTypedFilename(clientId + '_private', 'jwk'), true);\n}\n\nfunction getJwksFilePath(clientId: string): string {\n  return getFilePath(getTypedFilename(clientId + '_public', 'jwks'), true);\n}\n\nexport async function generateRfc7523AuthZGrantArtifacts(\n  clientId: string,\n  iss: string,\n  jwk?: JwkRsa,\n  sub?: string,\n  scope?: string[],\n  options?: { save: boolean },\n  json?: boolean\n): Promise<boolean> {\n  let artifacts: {\n    jwk: JwkRsa;\n    jwks: JwksInterface;\n    client: OAuth2ClientSkeleton;\n    issuer: OAuth2TrustedJwtIssuerSkeleton;\n  };\n  try {\n    const barId = createProgressIndicator(\n      'determinate',\n      options.save ? 3 : 1,\n      'Generating artifacts...'\n    );\n    artifacts = await _generateRfc7523AuthZGrantArtifacts(\n      clientId,\n      iss,\n      jwk,\n      sub,\n      scope,\n      options\n    );\n    updateProgressIndicator(barId, 'Successfully generated artifacts.');\n    let jwkFile: string;\n    let jwksFile: string;\n    if (options.save) {\n      const jwkBarId = createProgressIndicator(\n        'determinate',\n        1,\n        'Saving JWK (private key)...'\n      );\n      jwkFile = getJwkFilePath(clientId);\n      saveJsonToFile(artifacts.jwk, jwkFile, false);\n      updateProgressIndicator(jwkBarId, `Saved JWK to ${jwkFile}.`);\n      updateProgressIndicator(barId, 'Successfully saved JWK (private key).');\n      stopProgressIndicator(jwkBarId);\n      const jwksBarId = createProgressIndicator(\n        'determinate',\n        1,\n        'Saving JWKS (public key)...'\n      );\n      jwksFile = getJwksFilePath(clientId);\n      saveJsonToFile(artifacts.jwks, jwksFile, false);\n      updateProgressIndicator(jwksBarId, `Saved JWKS to ${jwksFile}.`);\n      stopProgressIndicator(jwksBarId);\n      updateProgressIndicator(barId, 'Successfully saved JWKS (public key).');\n    }\n    stopProgressIndicator(\n      barId,\n      `Successfully generated ${\n        options.save ? 'and saved artifacts' : 'artifacts'\n      }.`\n    );\n    cleanupProgressIndicators();\n\n    if (json) {\n      printMessage(artifacts, 'data');\n    } else {\n      printMessage(\n        options.save\n          ? `\\nCreated oauth2 client in the ${state.getRealm()} realm:`\n          : `\\nIn AM, create an OAuth2 client in the ${state.getRealm()} realm with the following information:`\n      );\n      const client = createKeyValueTable();\n      client.push(['Client ID'['brightCyan'], clientId]);\n      client.push(['Client Name'['brightCyan'], clientId]);\n      client.push([\n        'Scopes'['brightCyan'],\n        (\n          artifacts.client.coreOAuth2ClientConfig.scopes as Writable<string[]>\n        ).value.join(', '),\n      ]);\n      client.push([\n        'Client Type'['brightCyan'],\n        (artifacts.client.coreOAuth2ClientConfig.clientType as Writable<string>)\n          .value,\n      ]);\n      client.push([\n        'Grant Types'['brightCyan'],\n        (\n          artifacts.client.advancedOAuth2ClientConfig.grantTypes as Writable<\n            string[]\n          >\n        ).value.join(', '),\n      ]);\n      client.push([\n        'Implied Consent'['brightCyan'],\n        (\n          artifacts.client.advancedOAuth2ClientConfig\n            .isConsentImplied as Writable<boolean>\n        ).value,\n      ]);\n      client.push([\n        'Token Endpoint Authentication '['brightCyan'],\n        (\n          artifacts.client.advancedOAuth2ClientConfig\n            .tokenEndpointAuthMethod as Writable<string>\n        ).value,\n      ]);\n      client.push([\n        'Public Key Selector'['brightCyan'],\n        (\n          artifacts.client.signEncOAuth2ClientConfig\n            .publicKeyLocation as Writable<string>\n        ).value,\n      ]);\n      client.push([\n        'JWKS (Public Key)'['brightCyan'],\n        options.save ? `${jwksFile}` : 'See below',\n      ]);\n      printMessage(`\\n${client.toString()}`);\n\n      printMessage(\n        options.save\n          ? `\\nCreated oauth2 trusted issuer in the ${state.getRealm()} realm:`\n          : `\\nIn AM, create a trusted issuer in the ${state.getRealm()} realm with the following information:`\n      );\n      const issuer = createKeyValueTable();\n      issuer.push(['Name'['brightCyan'], artifacts.issuer._id]);\n      issuer.push([\n        'JWT Issuer'['brightCyan'],\n        (artifacts.issuer.issuer as Writable<string>).value,\n      ]);\n      issuer.push([\n        'Allowed Subjects              '['brightCyan'],\n        (artifacts.issuer.allowedSubjects as Writable<string[]>)?.value.length\n          ? (\n              artifacts.issuer.allowedSubjects as Writable<string[]>\n            )?.value.join(', ')\n          : `Any ${state.getRealm()} realm user`,\n      ]);\n      issuer.push([\n        'JWKS (Public Key)'['brightCyan'],\n        options.save ? `${jwksFile}` : 'See below',\n      ]);\n      printMessage(`\\n${issuer.toString()}`);\n      if (!options.save) {\n        printMessage('\\nJWK (Private Key)'['brightCyan']);\n        printMessage(stringify(artifacts.jwk));\n        printMessage('\\nJWKS (Public Key)'['brightCyan']);\n        printMessage(stringify(artifacts.jwks));\n      }\n    }\n    return true;\n  } catch (error) {\n    printMessage(error, 'error');\n    return false;\n  }\n}\n\nexport async function executeRfc7523AuthZGrantFlow(\n  clientId: string,\n  iss?: string,\n  jwk?: JwkRsa,\n  sub?: string,\n  scope?: string[],\n  json?: boolean\n): Promise<boolean> {\n  let tokenResponse: AccessTokenResponseType;\n  let spinnerId: string;\n  try {\n    spinnerId = createProgressIndicator(\n      'indeterminate',\n      0,\n      'Executing rfc7523 authz grant flow...'\n    );\n    let issuer: OAuth2TrustedJwtIssuerSkeleton;\n    // make sure we have an issuer\n    if (!iss) {\n      try {\n        if (!issuer)\n          issuer = await readOAuth2TrustedJwtIssuer(clientId + '-issuer');\n        iss = issuer.issuer as string;\n      } catch (error) {\n        throw new Error(\n          `No issuer provided and no suitable issuer could be found: ${error.message}`\n        );\n      }\n    }\n    // make sure we have a JWK\n    if (!jwk) {\n      try {\n        jwk = JSON.parse(fs.readFileSync(getJwkFilePath(clientId), 'utf8'));\n      } catch (error) {\n        throw new Error(\n          `No JWK provided and no suitable JWK could be loaded from file: ${error.message}`\n        );\n      }\n    }\n    // make sure we have a subject\n    if (!sub) {\n      try {\n        if (!issuer)\n          issuer = await frodo.oauth2oidc.issuer.readOAuth2TrustedJwtIssuer(\n            clientId + '-issuer'\n          );\n        if (\n          (issuer.allowedSubjects as string[]) &&\n          (issuer.allowedSubjects as string[]).length\n        )\n          sub = (issuer.allowedSubjects as string[])[0];\n      } catch (error) {\n        throw new Error(\n          `No subject provided and no suitable subject could be extracted from the trusted issuer configuration: ${error.message}`\n        );\n      }\n      if (!sub)\n        throw new Error(\n          `No subject provided and no suitable subject could be extracted from the trusted issuer's list of allowed subjects.`\n        );\n    }\n    // we got everything we need, let's get that token\n    tokenResponse = await _executeRfc7523AuthZGrantFlow(\n      clientId,\n      iss,\n      jwk,\n      sub,\n      scope\n    );\n    stopProgressIndicator(\n      spinnerId,\n      'Successfully executed rfc7523 authz grant flow.',\n      'success'\n    );\n  } catch (error) {\n    stopProgressIndicator(\n      spinnerId,\n      `Error executing rfc7523 authz grant flow: ${stringify(\n        error.response?.data || error.message\n      )}`,\n      'fail'\n    );\n    return false;\n  }\n  cleanupProgressIndicators();\n\n  if (json) {\n    printMessage(tokenResponse, 'data');\n  } else {\n    printMessage('\\nAccess Token'['brightCyan']);\n    printMessage(tokenResponse.access_token);\n    if (tokenResponse.id_token) {\n      printMessage('\\nIdentity Token'['brightCyan']);\n      printMessage(tokenResponse.id_token);\n    }\n  }\n  return true;\n}\n\n/**\n * Export everything to separate files\n * @param file file name\n * @param {FullExportOptions} options export options\n */\nexport async function exportEverythingToFile(\n  file,\n  options: FullExportOptions = {\n    useStringArrays: true,\n    noDecode: false,\n  }\n): Promise<void> {\n  const exportData = await exportFullConfiguration(options);\n  let fileName = getTypedFilename(\n    `${titleCase(getRealmName(state.getRealm()))}`,\n    `everything`\n  );\n  if (file) {\n    fileName = file;\n  }\n  saveJsonToFile(exportData, getFilePath(fileName, true));\n}\n\n/**\n * Export everything to separate files\n * @param extract Extracts the scripts from the exports into separate files if true\n * @param {FullExportOptions} options export options\n */\nexport async function exportEverythingToFiles(\n  extract = false,\n  options: FullExportOptions = {\n    useStringArrays: true,\n    noDecode: false,\n  }\n): Promise<void> {\n  const exportData: FullExportInterface =\n    await exportFullConfiguration(options);\n  delete exportData.meta;\n  const baseDirectory = getWorkingDirectory(true);\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  Object.entries(exportData).forEach(([type, obj]: [string, any]) => {\n    if (obj) {\n      if (!fs.existsSync(`${baseDirectory}/${type}`)) {\n        fs.mkdirSync(`${baseDirectory}/${type}`);\n      }\n      if (type == 'saml') {\n        const samlData = {\n          saml: {\n            cot: {},\n            hosted: {},\n            metadata: {},\n            remote: {},\n          },\n        };\n        if (obj.cot) {\n          if (!fs.existsSync(`${baseDirectory}/cot`)) {\n            fs.mkdirSync(`${baseDirectory}/cot`);\n          }\n          // eslint-disable-next-line @typescript-eslint/no-explicit-any\n          Object.entries(obj.cot).forEach(([id, value]: [string, any]) => {\n            samlData.saml.cot = {\n              [id]: value,\n            };\n            saveJsonToFile(\n              samlData,\n              `${baseDirectory}/cot/${getTypedFilename(id, 'cot.saml')}`\n            );\n          });\n          samlData.saml.cot = {};\n        }\n        Object.entries(obj.hosted)\n          .concat(Object.entries(obj.remote))\n          // eslint-disable-next-line @typescript-eslint/no-explicit-any\n          .forEach(([id, value]: [string, any]) => {\n            const filename = getTypedFilename(\n              value.entityId ? value.entityId : id,\n              type\n            );\n            const samlType = obj.hosted[id] ? 'hosted' : 'remote';\n            samlData.saml[samlType][id] = value;\n            samlData.saml.metadata = {\n              [id]: obj.metadata[id],\n            };\n            saveJsonToFile(samlData, `${baseDirectory}/${type}/${filename}`);\n            samlData.saml[samlType] = {};\n          });\n      } else if (type == 'authentication') {\n        const fileName = getTypedFilename(\n          `${frodo.utils.getRealmName(state.getRealm())}Realm`,\n          'authentication.settings'\n        );\n        saveJsonToFile(\n          {\n            authentication: obj,\n          },\n          `${baseDirectory}/${type}/${fileName}`\n        );\n      } else {\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        Object.entries(obj).forEach(([id, value]: [string, any]) => {\n          const filename =\n            type == 'config'\n              ? `${id}.json`\n              : getTypedFilename(value.name ? value.name : id, type);\n          if (type == 'config' && filename.includes('/')) {\n            fs.mkdirSync(\n              `${baseDirectory}/${type}/${filename.slice(\n                0,\n                filename.lastIndexOf('/')\n              )}`,\n              {\n                recursive: true,\n              }\n            );\n          }\n          if (extract && type == 'script') {\n            extractScriptToFile(exportData as ScriptExportInterface, id, type);\n          }\n          saveJsonToFile(\n            {\n              [type]: {\n                [id]: value,\n              },\n            },\n            `${baseDirectory}/${type}/${filename}`\n          );\n        });\n      }\n    }\n  });\n}\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAWpD,OAAOC,EAAE,MAAM,IAAI;AAEnB,SACEC,yBAAyB,EACzBC,mBAAmB,EACnBC,uBAAuB,EACvBC,YAAY,EACZC,qBAAqB,EACrBC,uBAAuB,QAClB,kBAAkB;AACzB,SAASC,mBAAmB,QAAQ,aAAa;AAEjD,MAAM;EACJC,YAAY;EACZC,gBAAgB;EAChBC,SAAS;EACTC,cAAc;EACdC,WAAW;EACXC;AACF,CAAC,GAAGf,KAAK,CAACgB,KAAK;AACf,MAAM;EACJC,uBAAuB;EACvBC,kCAAkC,EAAEC,mCAAmC;EACvEC,4BAA4B,EAAEC;AAChC,CAAC,GAAGrB,KAAK,CAACsB,KAAK;AACf,MAAM;EAAEC;AAAU,CAAC,GAAGvB,KAAK,CAACgB,KAAK,CAACQ,IAAI;AACtC,MAAM;EAAEC;AAA2B,CAAC,GAAGzB,KAAK,CAAC0B,UAAU,CAACC,MAAM;AAE9D,SAASC,cAAcA,CAACC,QAAgB,EAAU;EAChD,OAAOf,WAAW,CAACH,gBAAgB,CAACkB,QAAQ,GAAG,UAAU,EAAE,KAAK,CAAC,EAAE,IAAI,CAAC;AAC1E;AAEA,SAASC,eAAeA,CAACD,QAAgB,EAAU;EACjD,OAAOf,WAAW,CAACH,gBAAgB,CAACkB,QAAQ,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC;AAC1E;AAEA,OAAO,eAAeX,kCAAkCA,CACtDW,QAAgB,EAChBE,GAAW,EACXC,GAAY,EACZC,GAAY,EACZC,KAAgB,EAChBC,OAA2B,EAC3BX,IAAc,EACI;EAClB,IAAIY,SAKH;EACD,IAAI;IACF,MAAMC,KAAK,GAAGhC,uBAAuB,CACnC,aAAa,EACb8B,OAAO,CAACG,IAAI,GAAG,CAAC,GAAG,CAAC,EACpB,yBACF,CAAC;IACDF,SAAS,GAAG,MAAMjB,mCAAmC,CACnDU,QAAQ,EACRE,GAAG,EACHC,GAAG,EACHC,GAAG,EACHC,KAAK,EACLC,OACF,CAAC;IACD3B,uBAAuB,CAAC6B,KAAK,EAAE,mCAAmC,CAAC;IACnE,IAAIE,OAAe;IACnB,IAAIC,QAAgB;IACpB,IAAIL,OAAO,CAACG,IAAI,EAAE;MAChB,MAAMG,QAAQ,GAAGpC,uBAAuB,CACtC,aAAa,EACb,CAAC,EACD,6BACF,CAAC;MACDkC,OAAO,GAAGX,cAAc,CAACC,QAAQ,CAAC;MAClChB,cAAc,CAACuB,SAAS,CAACJ,GAAG,EAAEO,OAAO,EAAE,KAAK,CAAC;MAC7C/B,uBAAuB,CAACiC,QAAQ,EAAG,gBAAeF,OAAQ,GAAE,CAAC;MAC7D/B,uBAAuB,CAAC6B,KAAK,EAAE,uCAAuC,CAAC;MACvE9B,qBAAqB,CAACkC,QAAQ,CAAC;MAC/B,MAAMC,SAAS,GAAGrC,uBAAuB,CACvC,aAAa,EACb,CAAC,EACD,6BACF,CAAC;MACDmC,QAAQ,GAAGV,eAAe,CAACD,QAAQ,CAAC;MACpChB,cAAc,CAACuB,SAAS,CAACO,IAAI,EAAEH,QAAQ,EAAE,KAAK,CAAC;MAC/ChC,uBAAuB,CAACkC,SAAS,EAAG,iBAAgBF,QAAS,GAAE,CAAC;MAChEjC,qBAAqB,CAACmC,SAAS,CAAC;MAChClC,uBAAuB,CAAC6B,KAAK,EAAE,uCAAuC,CAAC;IACzE;IACA9B,qBAAqB,CACnB8B,KAAK,EACJ,0BACCF,OAAO,CAACG,IAAI,GAAG,qBAAqB,GAAG,WACxC,GACH,CAAC;IACDnC,yBAAyB,CAAC,CAAC;IAE3B,IAAIqB,IAAI,EAAE;MACRlB,YAAY,CAAC8B,SAAS,EAAE,MAAM,CAAC;IACjC,CAAC,MAAM;MAAA,IAAAQ,qBAAA,EAAAC,sBAAA;MACLvC,YAAY,CACV6B,OAAO,CAACG,IAAI,GACP,kCAAiCrC,KAAK,CAAC6C,QAAQ,CAAC,CAAE,SAAQ,GAC1D,2CAA0C7C,KAAK,CAAC6C,QAAQ,CAAC,CAAE,wCAClE,CAAC;MACD,MAAMC,MAAM,GAAG3C,mBAAmB,CAAC,CAAC;MACpC2C,MAAM,CAACC,IAAI,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,EAAEnB,QAAQ,CAAC,CAAC;MAClDkB,MAAM,CAACC,IAAI,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,EAAEnB,QAAQ,CAAC,CAAC;MACpDkB,MAAM,CAACC,IAAI,CAAC,CACV,QAAQ,CAAC,YAAY,CAAC,EAEpBZ,SAAS,CAACW,MAAM,CAACE,sBAAsB,CAACC,MAAM,CAC9CC,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;MACFL,MAAM,CAACC,IAAI,CAAC,CACV,aAAa,CAAC,YAAY,CAAC,EAC1BZ,SAAS,CAACW,MAAM,CAACE,sBAAsB,CAACI,UAAU,CAChDF,KAAK,CACT,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,aAAa,CAAC,YAAY,CAAC,EAEzBZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CAACC,UAAU,CAGtDJ,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;MACFL,MAAM,CAACC,IAAI,CAAC,CACV,iBAAiB,CAAC,YAAY,CAAC,EAE7BZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CACxCE,gBAAgB,CACnBL,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,gCAAgC,CAAC,YAAY,CAAC,EAE5CZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CACxCG,uBAAuB,CAC1BN,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,qBAAqB,CAAC,YAAY,CAAC,EAEjCZ,SAAS,CAACW,MAAM,CAACW,yBAAyB,CACvCC,iBAAiB,CACpBR,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,mBAAmB,CAAC,YAAY,CAAC,EACjCb,OAAO,CAACG,IAAI,GAAI,GAAEE,QAAS,EAAC,GAAG,WAAW,CAC3C,CAAC;MACFlC,YAAY,CAAE,KAAIyC,MAAM,CAACa,QAAQ,CAAC,CAAE,EAAC,CAAC;MAEtCtD,YAAY,CACV6B,OAAO,CAACG,IAAI,GACP,0CAAyCrC,KAAK,CAAC6C,QAAQ,CAAC,CAAE,SAAQ,GAClE,2CAA0C7C,KAAK,CAAC6C,QAAQ,CAAC,CAAE,wCAClE,CAAC;MACD,MAAMnB,MAAM,GAAGvB,mBAAmB,CAAC,CAAC;MACpCuB,MAAM,CAACqB,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,EAAEZ,SAAS,CAACT,MAAM,CAACkC,GAAG,CAAC,CAAC;MACzDlC,MAAM,CAACqB,IAAI,CAAC,CACV,YAAY,CAAC,YAAY,CAAC,EACzBZ,SAAS,CAACT,MAAM,CAACA,MAAM,CAAsBwB,KAAK,CACpD,CAAC;MACFxB,MAAM,CAACqB,IAAI,CAAC,CACV,gCAAgC,CAAC,YAAY,CAAC,EAC9C,CAAAJ,qBAAA,GAACR,SAAS,CAACT,MAAM,CAACmC,eAAe,cAAAlB,qBAAA,eAAjCA,qBAAA,CAA0DO,KAAK,CAACY,MAAM,IAAAlB,sBAAA,GAEhET,SAAS,CAACT,MAAM,CAACmC,eAAe,cAAAjB,sBAAA,uBADlCA,sBAAA,CAEGM,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,GAClB,OAAMnD,KAAK,CAAC6C,QAAQ,CAAC,CAAE,aAAY,CACzC,CAAC;MACFnB,MAAM,CAACqB,IAAI,CAAC,CACV,mBAAmB,CAAC,YAAY,CAAC,EACjCb,OAAO,CAACG,IAAI,GAAI,GAAEE,QAAS,EAAC,GAAG,WAAW,CAC3C,CAAC;MACFlC,YAAY,CAAE,KAAIqB,MAAM,CAACiC,QAAQ,CAAC,CAAE,EAAC,CAAC;MACtC,IAAI,CAACzB,OAAO,CAACG,IAAI,EAAE;QACjBhC,YAAY,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACjDA,YAAY,CAACiB,SAAS,CAACa,SAAS,CAACJ,GAAG,CAAC,CAAC;QACtC1B,YAAY,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACjDA,YAAY,CAACiB,SAAS,CAACa,SAAS,CAACO,IAAI,CAAC,CAAC;MACzC;IACF;IACA,OAAO,IAAI;EACb,CAAC,CAAC,OAAOqB,KAAK,EAAE;IACd1D,YAAY,CAAC0D,KAAK,EAAE,OAAO,CAAC;IAC5B,OAAO,KAAK;EACd;AACF;AAEA,OAAO,eAAe5C,4BAA4BA,CAChDS,QAAgB,EAChBE,GAAY,EACZC,GAAY,EACZC,GAAY,EACZC,KAAgB,EAChBV,IAAc,EACI;EAClB,IAAIyC,aAAsC;EAC1C,IAAIC,SAAiB;EACrB,IAAI;IACFA,SAAS,GAAG7D,uBAAuB,CACjC,eAAe,EACf,CAAC,EACD,uCACF,CAAC;IACD,IAAIsB,MAAsC;IAC1C;IACA,IAAI,CAACI,GAAG,EAAE;MACR,IAAI;QACF,IAAI,CAACJ,MAAM,EACTA,MAAM,GAAG,MAAMF,0BAA0B,CAACI,QAAQ,GAAG,SAAS,CAAC;QACjEE,GAAG,GAAGJ,MAAM,CAACA,MAAgB;MAC/B,CAAC,CAAC,OAAOqC,KAAK,EAAE;QACd,MAAM,IAAIG,KAAK,CACZ,6DAA4DH,KAAK,CAACI,OAAQ,EAC7E,CAAC;MACH;IACF;IACA;IACA,IAAI,CAACpC,GAAG,EAAE;MACR,IAAI;QACFA,GAAG,GAAGqC,IAAI,CAACC,KAAK,CAACpE,EAAE,CAACqE,YAAY,CAAC3C,cAAc,CAACC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;MACrE,CAAC,CAAC,OAAOmC,KAAK,EAAE;QACd,MAAM,IAAIG,KAAK,CACZ,kEAAiEH,KAAK,CAACI,OAAQ,EAClF,CAAC;MACH;IACF;IACA;IACA,IAAI,CAACnC,GAAG,EAAE;MACR,IAAI;QACF,IAAI,CAACN,MAAM,EACTA,MAAM,GAAG,MAAM3B,KAAK,CAAC0B,UAAU,CAACC,MAAM,CAACF,0BAA0B,CAC/DI,QAAQ,GAAG,SACb,CAAC;QACH,IACGF,MAAM,CAACmC,eAAe,IACtBnC,MAAM,CAACmC,eAAe,CAAcC,MAAM,EAE3C9B,GAAG,GAAIN,MAAM,CAACmC,eAAe,CAAc,CAAC,CAAC;MACjD,CAAC,CAAC,OAAOE,KAAK,EAAE;QACd,MAAM,IAAIG,KAAK,CACZ,yGAAwGH,KAAK,CAACI,OAAQ,EACzH,CAAC;MACH;MACA,IAAI,CAACnC,GAAG,EACN,MAAM,IAAIkC,KAAK,CACZ,oHACH,CAAC;IACL;IACA;IACAF,aAAa,GAAG,MAAM5C,6BAA6B,CACjDQ,QAAQ,EACRE,GAAG,EACHC,GAAG,EACHC,GAAG,EACHC,KACF,CAAC;IACD3B,qBAAqB,CACnB2D,SAAS,EACT,iDAAiD,EACjD,SACF,CAAC;EACH,CAAC,CAAC,OAAOF,KAAK,EAAE;IAAA,IAAAQ,eAAA;IACdjE,qBAAqB,CACnB2D,SAAS,EACR,6CAA4C3C,SAAS,CACpD,EAAAiD,eAAA,GAAAR,KAAK,CAACS,QAAQ,cAAAD,eAAA,uBAAdA,eAAA,CAAgBE,IAAI,KAAIV,KAAK,CAACI,OAChC,CAAE,EAAC,EACH,MACF,CAAC;IACD,OAAO,KAAK;EACd;EACAjE,yBAAyB,CAAC,CAAC;EAE3B,IAAIqB,IAAI,EAAE;IACRlB,YAAY,CAAC2D,aAAa,EAAE,MAAM,CAAC;EACrC,CAAC,MAAM;IACL3D,YAAY,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAC5CA,YAAY,CAAC2D,aAAa,CAACU,YAAY,CAAC;IACxC,IAAIV,aAAa,CAACW,QAAQ,EAAE;MAC1BtE,YAAY,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;MAC9CA,YAAY,CAAC2D,aAAa,CAACW,QAAQ,CAAC;IACtC;EACF;EACA,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,sBAAsBA,CAC1CC,IAAI,EACJ3C,OAA0B,GAAG;EAC3B4C,eAAe,EAAE,IAAI;EACrBC,QAAQ,EAAE;AACZ,CAAC,EACc;EACf,MAAMC,UAAU,GAAG,MAAMhE,uBAAuB,CAACkB,OAAO,CAAC;EACzD,IAAI+C,QAAQ,GAAGvE,gBAAgB,CAC5B,GAAEC,SAAS,CAACF,YAAY,CAACT,KAAK,CAAC6C,QAAQ,CAAC,CAAC,CAAC,CAAE,EAAC,EAC7C,YACH,CAAC;EACD,IAAIgC,IAAI,EAAE;IACRI,QAAQ,GAAGJ,IAAI;EACjB;EACAjE,cAAc,CAACoE,UAAU,EAAEnE,WAAW,CAACoE,QAAQ,EAAE,IAAI,CAAC,CAAC;AACzD;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,uBAAuBA,CAC3CC,OAAO,GAAG,KAAK,EACfjD,OAA0B,GAAG;EAC3B4C,eAAe,EAAE,IAAI;EACrBC,QAAQ,EAAE;AACZ,CAAC,EACc;EACf,MAAMC,UAA+B,GACnC,MAAMhE,uBAAuB,CAACkB,OAAO,CAAC;EACxC,OAAO8C,UAAU,CAACI,IAAI;EACtB,MAAMC,aAAa,GAAGvE,mBAAmB,CAAC,IAAI,CAAC;EAC/C;EACAwE,MAAM,CAACC,OAAO,CAACP,UAAU,CAAC,CAACQ,OAAO,CAAC,CAAC,CAACC,IAAI,EAAEC,GAAG,CAAgB,KAAK;IACjE,IAAIA,GAAG,EAAE;MACP,IAAI,CAACzF,EAAE,CAAC0F,UAAU,CAAE,GAAEN,aAAc,IAAGI,IAAK,EAAC,CAAC,EAAE;QAC9CxF,EAAE,CAAC2F,SAAS,CAAE,GAAEP,aAAc,IAAGI,IAAK,EAAC,CAAC;MAC1C;MACA,IAAIA,IAAI,IAAI,MAAM,EAAE;QAClB,MAAMI,QAAQ,GAAG;UACfC,IAAI,EAAE;YACJC,GAAG,EAAE,CAAC,CAAC;YACPC,MAAM,EAAE,CAAC,CAAC;YACVC,QAAQ,EAAE,CAAC,CAAC;YACZC,MAAM,EAAE,CAAC;UACX;QACF,CAAC;QACD,IAAIR,GAAG,CAACK,GAAG,EAAE;UACX,IAAI,CAAC9F,EAAE,CAAC0F,UAAU,CAAE,GAAEN,aAAc,MAAK,CAAC,EAAE;YAC1CpF,EAAE,CAAC2F,SAAS,CAAE,GAAEP,aAAc,MAAK,CAAC;UACtC;UACA;UACAC,MAAM,CAACC,OAAO,CAACG,GAAG,CAACK,GAAG,CAAC,CAACP,OAAO,CAAC,CAAC,CAACW,EAAE,EAAEjD,KAAK,CAAgB,KAAK;YAC9D2C,QAAQ,CAACC,IAAI,CAACC,GAAG,GAAG;cAClB,CAACI,EAAE,GAAGjD;YACR,CAAC;YACDtC,cAAc,CACZiF,QAAQ,EACP,GAAER,aAAc,QAAO3E,gBAAgB,CAACyF,EAAE,EAAE,UAAU,CAAE,EAC3D,CAAC;UACH,CAAC,CAAC;UACFN,QAAQ,CAACC,IAAI,CAACC,GAAG,GAAG,CAAC,CAAC;QACxB;QACAT,MAAM,CAACC,OAAO,CAACG,GAAG,CAACM,MAAM,CAAC,CACvBI,MAAM,CAACd,MAAM,CAACC,OAAO,CAACG,GAAG,CAACQ,MAAM,CAAC;QAClC;QAAA,CACCV,OAAO,CAAC,CAAC,CAACW,EAAE,EAAEjD,KAAK,CAAgB,KAAK;UACvC,MAAMmD,QAAQ,GAAG3F,gBAAgB,CAC/BwC,KAAK,CAACoD,QAAQ,GAAGpD,KAAK,CAACoD,QAAQ,GAAGH,EAAE,EACpCV,IACF,CAAC;UACD,MAAMc,QAAQ,GAAGb,GAAG,CAACM,MAAM,CAACG,EAAE,CAAC,GAAG,QAAQ,GAAG,QAAQ;UACrDN,QAAQ,CAACC,IAAI,CAACS,QAAQ,CAAC,CAACJ,EAAE,CAAC,GAAGjD,KAAK;UACnC2C,QAAQ,CAACC,IAAI,CAACG,QAAQ,GAAG;YACvB,CAACE,EAAE,GAAGT,GAAG,CAACO,QAAQ,CAACE,EAAE;UACvB,CAAC;UACDvF,cAAc,CAACiF,QAAQ,EAAG,GAAER,aAAc,IAAGI,IAAK,IAAGY,QAAS,EAAC,CAAC;UAChER,QAAQ,CAACC,IAAI,CAACS,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC,CAAC;MACN,CAAC,MAAM,IAAId,IAAI,IAAI,gBAAgB,EAAE;QACnC,MAAMR,QAAQ,GAAGvE,gBAAgB,CAC9B,GAAEX,KAAK,CAACgB,KAAK,CAACN,YAAY,CAACT,KAAK,CAAC6C,QAAQ,CAAC,CAAC,CAAE,OAAM,EACpD,yBACF,CAAC;QACDjC,cAAc,CACZ;UACE4F,cAAc,EAAEd;QAClB,CAAC,EACA,GAAEL,aAAc,IAAGI,IAAK,IAAGR,QAAS,EACvC,CAAC;MACH,CAAC,MAAM;QACL;QACAK,MAAM,CAACC,OAAO,CAACG,GAAG,CAAC,CAACF,OAAO,CAAC,CAAC,CAACW,EAAE,EAAEjD,KAAK,CAAgB,KAAK;UAC1D,MAAMmD,QAAQ,GACZZ,IAAI,IAAI,QAAQ,GACX,GAAEU,EAAG,OAAM,GACZzF,gBAAgB,CAACwC,KAAK,CAACuD,IAAI,GAAGvD,KAAK,CAACuD,IAAI,GAAGN,EAAE,EAAEV,IAAI,CAAC;UAC1D,IAAIA,IAAI,IAAI,QAAQ,IAAIY,QAAQ,CAACK,QAAQ,CAAC,GAAG,CAAC,EAAE;YAC9CzG,EAAE,CAAC2F,SAAS,CACT,GAAEP,aAAc,IAAGI,IAAK,IAAGY,QAAQ,CAACM,KAAK,CACxC,CAAC,EACDN,QAAQ,CAACO,WAAW,CAAC,GAAG,CAC1B,CAAE,EAAC,EACH;cACEC,SAAS,EAAE;YACb,CACF,CAAC;UACH;UACA,IAAI1B,OAAO,IAAIM,IAAI,IAAI,QAAQ,EAAE;YAC/BjF,mBAAmB,CAACwE,UAAU,EAA2BmB,EAAE,EAAEV,IAAI,CAAC;UACpE;UACA7E,cAAc,CACZ;YACE,CAAC6E,IAAI,GAAG;cACN,CAACU,EAAE,GAAGjD;YACR;UACF,CAAC,EACA,GAAEmC,aAAc,IAAGI,IAAK,IAAGY,QAAS,EACvC,CAAC;QACH,CAAC,CAAC;MACJ;IACF;EACF,CAAC,CAAC;AACJ"}
+{"version":3,"file":"AdminOps.js","names":["frodo","state","fs","cleanupProgressIndicators","createKeyValueTable","createProgressIndicator","printMessage","stopProgressIndicator","updateProgressIndicator","extractScriptToFile","getRealmName","getTypedFilename","titleCase","saveJsonToFile","getFilePath","getWorkingDirectory","utils","exportFullConfiguration","generateRfc7523AuthZGrantArtifacts","_generateRfc7523AuthZGrantArtifacts","executeRfc7523AuthZGrantFlow","_executeRfc7523AuthZGrantFlow","admin","stringify","json","readOAuth2TrustedJwtIssuer","oauth2oidc","issuer","getJwkFilePath","clientId","getJwksFilePath","iss","jwk","sub","scope","options","artifacts","barId","save","jwkFile","jwksFile","jwkBarId","jwksBarId","jwks","_artifacts$issuer$all","_artifacts$issuer$all2","getRealm","client","push","coreOAuth2ClientConfig","scopes","value","join","clientType","advancedOAuth2ClientConfig","grantTypes","isConsentImplied","tokenEndpointAuthMethod","signEncOAuth2ClientConfig","publicKeyLocation","toString","_id","allowedSubjects","length","error","tokenResponse","spinnerId","issSpinnerId","message","jwkSpinnerId","JSON","parse","readFileSync","subSpinnerId","_error$response","response","data","access_token","id_token","exportEverythingToFile","file","useStringArrays","noDecode","exportData","fileName","exportEverythingToFiles","extract","meta","baseDirectory","Object","entries","forEach","type","obj","existsSync","mkdirSync","samlData","saml","cot","hosted","metadata","remote","id","concat","filename","entityId","samlType","authentication","name","includes","slice","lastIndexOf","recursive"],"sources":["../../src/ops/AdminOps.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { Writable } from '@rockcarver/frodo-lib/types/api/ApiTypes';\nimport { OAuth2ClientSkeleton } from '@rockcarver/frodo-lib/types/api/OAuth2ClientApi';\nimport { AccessTokenResponseType } from '@rockcarver/frodo-lib/types/api/OAuth2OIDCApi';\nimport { OAuth2TrustedJwtIssuerSkeleton } from '@rockcarver/frodo-lib/types/api/OAuth2TrustedJwtIssuerApi';\nimport {\n  FullExportInterface,\n  FullExportOptions,\n} from '@rockcarver/frodo-lib/types/ops/AdminOps';\nimport { JwkRsa, JwksInterface } from '@rockcarver/frodo-lib/types/ops/JoseOps';\nimport { ScriptExportInterface } from '@rockcarver/frodo-lib/types/ops/ScriptOps';\nimport fs from 'fs';\n\nimport {\n  cleanupProgressIndicators,\n  createKeyValueTable,\n  createProgressIndicator,\n  printMessage,\n  stopProgressIndicator,\n  updateProgressIndicator,\n} from '../utils/Console';\nimport { extractScriptToFile } from './ScriptOps';\n\nconst {\n  getRealmName,\n  getTypedFilename,\n  titleCase,\n  saveJsonToFile,\n  getFilePath,\n  getWorkingDirectory,\n} = frodo.utils;\nconst {\n  exportFullConfiguration,\n  generateRfc7523AuthZGrantArtifacts: _generateRfc7523AuthZGrantArtifacts,\n  executeRfc7523AuthZGrantFlow: _executeRfc7523AuthZGrantFlow,\n} = frodo.admin;\nconst { stringify } = frodo.utils.json;\nconst { readOAuth2TrustedJwtIssuer } = frodo.oauth2oidc.issuer;\n\nfunction getJwkFilePath(clientId: string): string {\n  return getFilePath(getTypedFilename(clientId + '_private', 'jwk'), true);\n}\n\nfunction getJwksFilePath(clientId: string): string {\n  return getFilePath(getTypedFilename(clientId + '_public', 'jwks'), true);\n}\n\nexport async function generateRfc7523AuthZGrantArtifacts(\n  clientId: string,\n  iss: string,\n  jwk?: JwkRsa,\n  sub?: string,\n  scope?: string[],\n  options?: { save: boolean },\n  json?: boolean\n): Promise<boolean> {\n  let artifacts: {\n    jwk: JwkRsa;\n    jwks: JwksInterface;\n    client: OAuth2ClientSkeleton;\n    issuer: OAuth2TrustedJwtIssuerSkeleton;\n  };\n  try {\n    const barId = createProgressIndicator(\n      'determinate',\n      options.save ? 3 : 1,\n      'Generating artifacts...'\n    );\n    artifacts = await _generateRfc7523AuthZGrantArtifacts(\n      clientId,\n      iss,\n      jwk,\n      sub,\n      scope,\n      options\n    );\n    updateProgressIndicator(barId, 'Successfully generated artifacts.');\n    let jwkFile: string;\n    let jwksFile: string;\n    if (options.save) {\n      const jwkBarId = createProgressIndicator(\n        'determinate',\n        1,\n        'Saving JWK (private key)...'\n      );\n      jwkFile = getJwkFilePath(clientId);\n      saveJsonToFile(artifacts.jwk, jwkFile, false);\n      updateProgressIndicator(jwkBarId, `Saved JWK to ${jwkFile}.`);\n      updateProgressIndicator(barId, 'Successfully saved JWK (private key).');\n      stopProgressIndicator(jwkBarId);\n      const jwksBarId = createProgressIndicator(\n        'determinate',\n        1,\n        'Saving JWKS (public key)...'\n      );\n      jwksFile = getJwksFilePath(clientId);\n      saveJsonToFile(artifacts.jwks, jwksFile, false);\n      updateProgressIndicator(jwksBarId, `Saved JWKS to ${jwksFile}.`);\n      stopProgressIndicator(jwksBarId);\n      updateProgressIndicator(barId, 'Successfully saved JWKS (public key).');\n    }\n    stopProgressIndicator(\n      barId,\n      `Successfully generated ${\n        options.save ? 'and saved artifacts' : 'artifacts'\n      }.`\n    );\n    cleanupProgressIndicators();\n\n    if (json) {\n      printMessage(artifacts, 'data');\n    } else {\n      printMessage(\n        options.save\n          ? `\\nCreated oauth2 client in the ${state.getRealm()} realm:`\n          : `\\nIn AM, create an OAuth2 client in the ${state.getRealm()} realm with the following information:`\n      );\n      const client = createKeyValueTable();\n      client.push(['Client ID'['brightCyan'], clientId]);\n      client.push(['Client Name'['brightCyan'], clientId]);\n      client.push([\n        'Scopes'['brightCyan'],\n        (\n          artifacts.client.coreOAuth2ClientConfig.scopes as Writable<string[]>\n        ).value.join(', '),\n      ]);\n      client.push([\n        'Client Type'['brightCyan'],\n        (artifacts.client.coreOAuth2ClientConfig.clientType as Writable<string>)\n          .value,\n      ]);\n      client.push([\n        'Grant Types'['brightCyan'],\n        (\n          artifacts.client.advancedOAuth2ClientConfig.grantTypes as Writable<\n            string[]\n          >\n        ).value.join(', '),\n      ]);\n      client.push([\n        'Implied Consent'['brightCyan'],\n        (\n          artifacts.client.advancedOAuth2ClientConfig\n            .isConsentImplied as Writable<boolean>\n        ).value,\n      ]);\n      client.push([\n        'Token Endpoint Authentication '['brightCyan'],\n        (\n          artifacts.client.advancedOAuth2ClientConfig\n            .tokenEndpointAuthMethod as Writable<string>\n        ).value,\n      ]);\n      client.push([\n        'Public Key Selector'['brightCyan'],\n        (\n          artifacts.client.signEncOAuth2ClientConfig\n            .publicKeyLocation as Writable<string>\n        ).value,\n      ]);\n      client.push([\n        'JWKS (Public Key)'['brightCyan'],\n        options.save ? `${jwksFile}` : 'See below',\n      ]);\n      printMessage(`\\n${client.toString()}`);\n\n      printMessage(\n        options.save\n          ? `\\nCreated oauth2 trusted issuer in the ${state.getRealm()} realm:`\n          : `\\nIn AM, create a trusted issuer in the ${state.getRealm()} realm with the following information:`\n      );\n      const issuer = createKeyValueTable();\n      issuer.push(['Name'['brightCyan'], artifacts.issuer._id]);\n      issuer.push([\n        'JWT Issuer'['brightCyan'],\n        (artifacts.issuer.issuer as Writable<string>).value,\n      ]);\n      issuer.push([\n        'Allowed Subjects              '['brightCyan'],\n        (artifacts.issuer.allowedSubjects as Writable<string[]>)?.value.length\n          ? (\n              artifacts.issuer.allowedSubjects as Writable<string[]>\n            )?.value.join(', ')\n          : `Any ${state.getRealm()} realm user`,\n      ]);\n      issuer.push([\n        'JWKS (Public Key)'['brightCyan'],\n        options.save ? `${jwksFile}` : 'See below',\n      ]);\n      printMessage(`\\n${issuer.toString()}`);\n      if (!options.save) {\n        printMessage('\\nJWK (Private Key)'['brightCyan']);\n        printMessage(stringify(artifacts.jwk));\n        printMessage('\\nJWKS (Public Key)'['brightCyan']);\n        printMessage(stringify(artifacts.jwks));\n      }\n    }\n    return true;\n  } catch (error) {\n    printMessage(error, 'error');\n    return false;\n  }\n}\n\nexport async function executeRfc7523AuthZGrantFlow(\n  clientId: string,\n  iss?: string,\n  jwk?: JwkRsa,\n  sub?: string,\n  scope?: string[],\n  json?: boolean\n): Promise<boolean> {\n  let tokenResponse: AccessTokenResponseType;\n  let spinnerId: string;\n  try {\n    let issuer: OAuth2TrustedJwtIssuerSkeleton;\n    // make sure we have an issuer\n    if (!iss) {\n      let issSpinnerId: string;\n      try {\n        issSpinnerId = createProgressIndicator(\n          'indeterminate',\n          0,\n          'No issuer provided, attempting to find suitable issuer...'\n        );\n        if (!issuer)\n          issuer = await readOAuth2TrustedJwtIssuer(clientId + '-issuer');\n        iss = (issuer.issuer as Writable<string>).value;\n        stopProgressIndicator(\n          issSpinnerId,\n          `Found suitable issuer: ${clientId + '-issuer'} - ${iss}`,\n          'success'\n        );\n      } catch (error) {\n        stopProgressIndicator(\n          issSpinnerId,\n          `No issuer provided and no suitable issuer could be found: ${error.message}`,\n          'fail'\n        );\n      }\n    }\n    // make sure we have a JWK\n    if (!jwk) {\n      let jwkSpinnerId: string;\n      try {\n        jwkSpinnerId = createProgressIndicator(\n          'indeterminate',\n          0,\n          'No JWK provided, attempting to locate a suitable JWK...'\n        );\n        jwk = JSON.parse(fs.readFileSync(getJwkFilePath(clientId), 'utf8'));\n        stopProgressIndicator(\n          jwkSpinnerId,\n          `Loaded private key JWK from: ${getJwkFilePath(clientId)}`,\n          'success'\n        );\n      } catch (error) {\n        stopProgressIndicator(\n          jwkSpinnerId,\n          `No JWK provided and no suitable JWK could be loaded from file: ${error.message}`,\n          'fail'\n        );\n      }\n    }\n    // make sure we have a subject\n    if (!sub) {\n      let subSpinnerId: string;\n      try {\n        subSpinnerId = createProgressIndicator(\n          'indeterminate',\n          0,\n          'Executing rfc7523 authz grant flow...'\n        );\n        if (!issuer)\n          issuer = await frodo.oauth2oidc.issuer.readOAuth2TrustedJwtIssuer(\n            clientId + '-issuer'\n          );\n        if (\n          (issuer.allowedSubjects as Writable<string[]>).value &&\n          (issuer.allowedSubjects as Writable<string[]>).value.length\n        )\n          sub = (issuer.allowedSubjects as Writable<string[]>).value[0];\n      } catch (error) {\n        stopProgressIndicator(\n          subSpinnerId,\n          `No subject provided and no suitable subject could be extracted from the trusted issuer configuration: ${error.message}`,\n          'fail'\n        );\n      }\n      if (sub) {\n        stopProgressIndicator(\n          subSpinnerId,\n          `Using first subject from issuer's allowed subjects: ${sub}`,\n          'success'\n        );\n      } else {\n        stopProgressIndicator(\n          subSpinnerId,\n          `No subject provided and no suitable subject could be extracted from the trusted issuer's list of allowed subjects.`,\n          'success'\n        );\n      }\n    }\n    // we got everything we need, let's get that token\n    spinnerId = createProgressIndicator(\n      'indeterminate',\n      0,\n      'Executing rfc7523 authz grant flow...'\n    );\n    tokenResponse = await _executeRfc7523AuthZGrantFlow(\n      clientId,\n      iss,\n      jwk,\n      sub,\n      scope\n    );\n    stopProgressIndicator(\n      spinnerId,\n      'Successfully executed rfc7523 authz grant flow.',\n      'success'\n    );\n  } catch (error) {\n    stopProgressIndicator(\n      spinnerId,\n      `Error executing rfc7523 authz grant flow: ${stringify(\n        error.response?.data || error.message\n      )}`,\n      'fail'\n    );\n    return false;\n  }\n  cleanupProgressIndicators();\n\n  if (json) {\n    printMessage(tokenResponse, 'data');\n  } else {\n    printMessage('\\nAccess Token'['brightCyan']);\n    printMessage(tokenResponse.access_token);\n    if (tokenResponse.id_token) {\n      printMessage('\\nIdentity Token'['brightCyan']);\n      printMessage(tokenResponse.id_token);\n    }\n  }\n  return true;\n}\n\n/**\n * Export everything to separate files\n * @param file file name\n * @param {FullExportOptions} options export options\n */\nexport async function exportEverythingToFile(\n  file,\n  options: FullExportOptions = {\n    useStringArrays: true,\n    noDecode: false,\n  }\n): Promise<void> {\n  const exportData = await exportFullConfiguration(options);\n  let fileName = getTypedFilename(\n    `${titleCase(getRealmName(state.getRealm()))}`,\n    `everything`\n  );\n  if (file) {\n    fileName = file;\n  }\n  saveJsonToFile(exportData, getFilePath(fileName, true));\n}\n\n/**\n * Export everything to separate files\n * @param extract Extracts the scripts from the exports into separate files if true\n * @param {FullExportOptions} options export options\n */\nexport async function exportEverythingToFiles(\n  extract = false,\n  options: FullExportOptions = {\n    useStringArrays: true,\n    noDecode: false,\n  }\n): Promise<void> {\n  const exportData: FullExportInterface =\n    await exportFullConfiguration(options);\n  delete exportData.meta;\n  const baseDirectory = getWorkingDirectory(true);\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  Object.entries(exportData).forEach(([type, obj]: [string, any]) => {\n    if (obj) {\n      if (!fs.existsSync(`${baseDirectory}/${type}`)) {\n        fs.mkdirSync(`${baseDirectory}/${type}`);\n      }\n      if (type == 'saml') {\n        const samlData = {\n          saml: {\n            cot: {},\n            hosted: {},\n            metadata: {},\n            remote: {},\n          },\n        };\n        if (obj.cot) {\n          if (!fs.existsSync(`${baseDirectory}/cot`)) {\n            fs.mkdirSync(`${baseDirectory}/cot`);\n          }\n          // eslint-disable-next-line @typescript-eslint/no-explicit-any\n          Object.entries(obj.cot).forEach(([id, value]: [string, any]) => {\n            samlData.saml.cot = {\n              [id]: value,\n            };\n            saveJsonToFile(\n              samlData,\n              `${baseDirectory}/cot/${getTypedFilename(id, 'cot.saml')}`\n            );\n          });\n          samlData.saml.cot = {};\n        }\n        Object.entries(obj.hosted)\n          .concat(Object.entries(obj.remote))\n          // eslint-disable-next-line @typescript-eslint/no-explicit-any\n          .forEach(([id, value]: [string, any]) => {\n            const filename = getTypedFilename(\n              value.entityId ? value.entityId : id,\n              type\n            );\n            const samlType = obj.hosted[id] ? 'hosted' : 'remote';\n            samlData.saml[samlType][id] = value;\n            samlData.saml.metadata = {\n              [id]: obj.metadata[id],\n            };\n            saveJsonToFile(samlData, `${baseDirectory}/${type}/${filename}`);\n            samlData.saml[samlType] = {};\n          });\n      } else if (type == 'authentication') {\n        const fileName = getTypedFilename(\n          `${frodo.utils.getRealmName(state.getRealm())}Realm`,\n          'authentication.settings'\n        );\n        saveJsonToFile(\n          {\n            authentication: obj,\n          },\n          `${baseDirectory}/${type}/${fileName}`\n        );\n      } else {\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        Object.entries(obj).forEach(([id, value]: [string, any]) => {\n          const filename =\n            type == 'config'\n              ? `${id}.json`\n              : getTypedFilename(value.name ? value.name : id, type);\n          if (type == 'config' && filename.includes('/')) {\n            fs.mkdirSync(\n              `${baseDirectory}/${type}/${filename.slice(\n                0,\n                filename.lastIndexOf('/')\n              )}`,\n              {\n                recursive: true,\n              }\n            );\n          }\n          if (extract && type == 'script') {\n            extractScriptToFile(exportData as ScriptExportInterface, id, type);\n          }\n          saveJsonToFile(\n            {\n              [type]: {\n                [id]: value,\n              },\n            },\n            `${baseDirectory}/${type}/${filename}`\n          );\n        });\n      }\n    }\n  });\n}\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAWpD,OAAOC,EAAE,MAAM,IAAI;AAEnB,SACEC,yBAAyB,EACzBC,mBAAmB,EACnBC,uBAAuB,EACvBC,YAAY,EACZC,qBAAqB,EACrBC,uBAAuB,QAClB,kBAAkB;AACzB,SAASC,mBAAmB,QAAQ,aAAa;AAEjD,MAAM;EACJC,YAAY;EACZC,gBAAgB;EAChBC,SAAS;EACTC,cAAc;EACdC,WAAW;EACXC;AACF,CAAC,GAAGf,KAAK,CAACgB,KAAK;AACf,MAAM;EACJC,uBAAuB;EACvBC,kCAAkC,EAAEC,mCAAmC;EACvEC,4BAA4B,EAAEC;AAChC,CAAC,GAAGrB,KAAK,CAACsB,KAAK;AACf,MAAM;EAAEC;AAAU,CAAC,GAAGvB,KAAK,CAACgB,KAAK,CAACQ,IAAI;AACtC,MAAM;EAAEC;AAA2B,CAAC,GAAGzB,KAAK,CAAC0B,UAAU,CAACC,MAAM;AAE9D,SAASC,cAAcA,CAACC,QAAgB,EAAU;EAChD,OAAOf,WAAW,CAACH,gBAAgB,CAACkB,QAAQ,GAAG,UAAU,EAAE,KAAK,CAAC,EAAE,IAAI,CAAC;AAC1E;AAEA,SAASC,eAAeA,CAACD,QAAgB,EAAU;EACjD,OAAOf,WAAW,CAACH,gBAAgB,CAACkB,QAAQ,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC;AAC1E;AAEA,OAAO,eAAeX,kCAAkCA,CACtDW,QAAgB,EAChBE,GAAW,EACXC,GAAY,EACZC,GAAY,EACZC,KAAgB,EAChBC,OAA2B,EAC3BX,IAAc,EACI;EAClB,IAAIY,SAKH;EACD,IAAI;IACF,MAAMC,KAAK,GAAGhC,uBAAuB,CACnC,aAAa,EACb8B,OAAO,CAACG,IAAI,GAAG,CAAC,GAAG,CAAC,EACpB,yBACF,CAAC;IACDF,SAAS,GAAG,MAAMjB,mCAAmC,CACnDU,QAAQ,EACRE,GAAG,EACHC,GAAG,EACHC,GAAG,EACHC,KAAK,EACLC,OACF,CAAC;IACD3B,uBAAuB,CAAC6B,KAAK,EAAE,mCAAmC,CAAC;IACnE,IAAIE,OAAe;IACnB,IAAIC,QAAgB;IACpB,IAAIL,OAAO,CAACG,IAAI,EAAE;MAChB,MAAMG,QAAQ,GAAGpC,uBAAuB,CACtC,aAAa,EACb,CAAC,EACD,6BACF,CAAC;MACDkC,OAAO,GAAGX,cAAc,CAACC,QAAQ,CAAC;MAClChB,cAAc,CAACuB,SAAS,CAACJ,GAAG,EAAEO,OAAO,EAAE,KAAK,CAAC;MAC7C/B,uBAAuB,CAACiC,QAAQ,EAAG,gBAAeF,OAAQ,GAAE,CAAC;MAC7D/B,uBAAuB,CAAC6B,KAAK,EAAE,uCAAuC,CAAC;MACvE9B,qBAAqB,CAACkC,QAAQ,CAAC;MAC/B,MAAMC,SAAS,GAAGrC,uBAAuB,CACvC,aAAa,EACb,CAAC,EACD,6BACF,CAAC;MACDmC,QAAQ,GAAGV,eAAe,CAACD,QAAQ,CAAC;MACpChB,cAAc,CAACuB,SAAS,CAACO,IAAI,EAAEH,QAAQ,EAAE,KAAK,CAAC;MAC/ChC,uBAAuB,CAACkC,SAAS,EAAG,iBAAgBF,QAAS,GAAE,CAAC;MAChEjC,qBAAqB,CAACmC,SAAS,CAAC;MAChClC,uBAAuB,CAAC6B,KAAK,EAAE,uCAAuC,CAAC;IACzE;IACA9B,qBAAqB,CACnB8B,KAAK,EACJ,0BACCF,OAAO,CAACG,IAAI,GAAG,qBAAqB,GAAG,WACxC,GACH,CAAC;IACDnC,yBAAyB,CAAC,CAAC;IAE3B,IAAIqB,IAAI,EAAE;MACRlB,YAAY,CAAC8B,SAAS,EAAE,MAAM,CAAC;IACjC,CAAC,MAAM;MAAA,IAAAQ,qBAAA,EAAAC,sBAAA;MACLvC,YAAY,CACV6B,OAAO,CAACG,IAAI,GACP,kCAAiCrC,KAAK,CAAC6C,QAAQ,CAAC,CAAE,SAAQ,GAC1D,2CAA0C7C,KAAK,CAAC6C,QAAQ,CAAC,CAAE,wCAClE,CAAC;MACD,MAAMC,MAAM,GAAG3C,mBAAmB,CAAC,CAAC;MACpC2C,MAAM,CAACC,IAAI,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,EAAEnB,QAAQ,CAAC,CAAC;MAClDkB,MAAM,CAACC,IAAI,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,EAAEnB,QAAQ,CAAC,CAAC;MACpDkB,MAAM,CAACC,IAAI,CAAC,CACV,QAAQ,CAAC,YAAY,CAAC,EAEpBZ,SAAS,CAACW,MAAM,CAACE,sBAAsB,CAACC,MAAM,CAC9CC,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;MACFL,MAAM,CAACC,IAAI,CAAC,CACV,aAAa,CAAC,YAAY,CAAC,EAC1BZ,SAAS,CAACW,MAAM,CAACE,sBAAsB,CAACI,UAAU,CAChDF,KAAK,CACT,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,aAAa,CAAC,YAAY,CAAC,EAEzBZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CAACC,UAAU,CAGtDJ,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;MACFL,MAAM,CAACC,IAAI,CAAC,CACV,iBAAiB,CAAC,YAAY,CAAC,EAE7BZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CACxCE,gBAAgB,CACnBL,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,gCAAgC,CAAC,YAAY,CAAC,EAE5CZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CACxCG,uBAAuB,CAC1BN,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,qBAAqB,CAAC,YAAY,CAAC,EAEjCZ,SAAS,CAACW,MAAM,CAACW,yBAAyB,CACvCC,iBAAiB,CACpBR,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,mBAAmB,CAAC,YAAY,CAAC,EACjCb,OAAO,CAACG,IAAI,GAAI,GAAEE,QAAS,EAAC,GAAG,WAAW,CAC3C,CAAC;MACFlC,YAAY,CAAE,KAAIyC,MAAM,CAACa,QAAQ,CAAC,CAAE,EAAC,CAAC;MAEtCtD,YAAY,CACV6B,OAAO,CAACG,IAAI,GACP,0CAAyCrC,KAAK,CAAC6C,QAAQ,CAAC,CAAE,SAAQ,GAClE,2CAA0C7C,KAAK,CAAC6C,QAAQ,CAAC,CAAE,wCAClE,CAAC;MACD,MAAMnB,MAAM,GAAGvB,mBAAmB,CAAC,CAAC;MACpCuB,MAAM,CAACqB,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,EAAEZ,SAAS,CAACT,MAAM,CAACkC,GAAG,CAAC,CAAC;MACzDlC,MAAM,CAACqB,IAAI,CAAC,CACV,YAAY,CAAC,YAAY,CAAC,EACzBZ,SAAS,CAACT,MAAM,CAACA,MAAM,CAAsBwB,KAAK,CACpD,CAAC;MACFxB,MAAM,CAACqB,IAAI,CAAC,CACV,gCAAgC,CAAC,YAAY,CAAC,EAC9C,CAAAJ,qBAAA,GAACR,SAAS,CAACT,MAAM,CAACmC,eAAe,cAAAlB,qBAAA,eAAjCA,qBAAA,CAA0DO,KAAK,CAACY,MAAM,IAAAlB,sBAAA,GAEhET,SAAS,CAACT,MAAM,CAACmC,eAAe,cAAAjB,sBAAA,uBADlCA,sBAAA,CAEGM,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,GAClB,OAAMnD,KAAK,CAAC6C,QAAQ,CAAC,CAAE,aAAY,CACzC,CAAC;MACFnB,MAAM,CAACqB,IAAI,CAAC,CACV,mBAAmB,CAAC,YAAY,CAAC,EACjCb,OAAO,CAACG,IAAI,GAAI,GAAEE,QAAS,EAAC,GAAG,WAAW,CAC3C,CAAC;MACFlC,YAAY,CAAE,KAAIqB,MAAM,CAACiC,QAAQ,CAAC,CAAE,EAAC,CAAC;MACtC,IAAI,CAACzB,OAAO,CAACG,IAAI,EAAE;QACjBhC,YAAY,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACjDA,YAAY,CAACiB,SAAS,CAACa,SAAS,CAACJ,GAAG,CAAC,CAAC;QACtC1B,YAAY,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACjDA,YAAY,CAACiB,SAAS,CAACa,SAAS,CAACO,IAAI,CAAC,CAAC;MACzC;IACF;IACA,OAAO,IAAI;EACb,CAAC,CAAC,OAAOqB,KAAK,EAAE;IACd1D,YAAY,CAAC0D,KAAK,EAAE,OAAO,CAAC;IAC5B,OAAO,KAAK;EACd;AACF;AAEA,OAAO,eAAe5C,4BAA4BA,CAChDS,QAAgB,EAChBE,GAAY,EACZC,GAAY,EACZC,GAAY,EACZC,KAAgB,EAChBV,IAAc,EACI;EAClB,IAAIyC,aAAsC;EAC1C,IAAIC,SAAiB;EACrB,IAAI;IACF,IAAIvC,MAAsC;IAC1C;IACA,IAAI,CAACI,GAAG,EAAE;MACR,IAAIoC,YAAoB;MACxB,IAAI;QACFA,YAAY,GAAG9D,uBAAuB,CACpC,eAAe,EACf,CAAC,EACD,2DACF,CAAC;QACD,IAAI,CAACsB,MAAM,EACTA,MAAM,GAAG,MAAMF,0BAA0B,CAACI,QAAQ,GAAG,SAAS,CAAC;QACjEE,GAAG,GAAIJ,MAAM,CAACA,MAAM,CAAsBwB,KAAK;QAC/C5C,qBAAqB,CACnB4D,YAAY,EACX,0BAAyBtC,QAAQ,GAAG,SAAU,MAAKE,GAAI,EAAC,EACzD,SACF,CAAC;MACH,CAAC,CAAC,OAAOiC,KAAK,EAAE;QACdzD,qBAAqB,CACnB4D,YAAY,EACX,6DAA4DH,KAAK,CAACI,OAAQ,EAAC,EAC5E,MACF,CAAC;MACH;IACF;IACA;IACA,IAAI,CAACpC,GAAG,EAAE;MACR,IAAIqC,YAAoB;MACxB,IAAI;QACFA,YAAY,GAAGhE,uBAAuB,CACpC,eAAe,EACf,CAAC,EACD,yDACF,CAAC;QACD2B,GAAG,GAAGsC,IAAI,CAACC,KAAK,CAACrE,EAAE,CAACsE,YAAY,CAAC5C,cAAc,CAACC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QACnEtB,qBAAqB,CACnB8D,YAAY,EACX,gCAA+BzC,cAAc,CAACC,QAAQ,CAAE,EAAC,EAC1D,SACF,CAAC;MACH,CAAC,CAAC,OAAOmC,KAAK,EAAE;QACdzD,qBAAqB,CACnB8D,YAAY,EACX,kEAAiEL,KAAK,CAACI,OAAQ,EAAC,EACjF,MACF,CAAC;MACH;IACF;IACA;IACA,IAAI,CAACnC,GAAG,EAAE;MACR,IAAIwC,YAAoB;MACxB,IAAI;QACFA,YAAY,GAAGpE,uBAAuB,CACpC,eAAe,EACf,CAAC,EACD,uCACF,CAAC;QACD,IAAI,CAACsB,MAAM,EACTA,MAAM,GAAG,MAAM3B,KAAK,CAAC0B,UAAU,CAACC,MAAM,CAACF,0BAA0B,CAC/DI,QAAQ,GAAG,SACb,CAAC;QACH,IACGF,MAAM,CAACmC,eAAe,CAAwBX,KAAK,IACnDxB,MAAM,CAACmC,eAAe,CAAwBX,KAAK,CAACY,MAAM,EAE3D9B,GAAG,GAAIN,MAAM,CAACmC,eAAe,CAAwBX,KAAK,CAAC,CAAC,CAAC;MACjE,CAAC,CAAC,OAAOa,KAAK,EAAE;QACdzD,qBAAqB,CACnBkE,YAAY,EACX,yGAAwGT,KAAK,CAACI,OAAQ,EAAC,EACxH,MACF,CAAC;MACH;MACA,IAAInC,GAAG,EAAE;QACP1B,qBAAqB,CACnBkE,YAAY,EACX,uDAAsDxC,GAAI,EAAC,EAC5D,SACF,CAAC;MACH,CAAC,MAAM;QACL1B,qBAAqB,CACnBkE,YAAY,EACX,oHAAmH,EACpH,SACF,CAAC;MACH;IACF;IACA;IACAP,SAAS,GAAG7D,uBAAuB,CACjC,eAAe,EACf,CAAC,EACD,uCACF,CAAC;IACD4D,aAAa,GAAG,MAAM5C,6BAA6B,CACjDQ,QAAQ,EACRE,GAAG,EACHC,GAAG,EACHC,GAAG,EACHC,KACF,CAAC;IACD3B,qBAAqB,CACnB2D,SAAS,EACT,iDAAiD,EACjD,SACF,CAAC;EACH,CAAC,CAAC,OAAOF,KAAK,EAAE;IAAA,IAAAU,eAAA;IACdnE,qBAAqB,CACnB2D,SAAS,EACR,6CAA4C3C,SAAS,CACpD,EAAAmD,eAAA,GAAAV,KAAK,CAACW,QAAQ,cAAAD,eAAA,uBAAdA,eAAA,CAAgBE,IAAI,KAAIZ,KAAK,CAACI,OAChC,CAAE,EAAC,EACH,MACF,CAAC;IACD,OAAO,KAAK;EACd;EACAjE,yBAAyB,CAAC,CAAC;EAE3B,IAAIqB,IAAI,EAAE;IACRlB,YAAY,CAAC2D,aAAa,EAAE,MAAM,CAAC;EACrC,CAAC,MAAM;IACL3D,YAAY,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAC5CA,YAAY,CAAC2D,aAAa,CAACY,YAAY,CAAC;IACxC,IAAIZ,aAAa,CAACa,QAAQ,EAAE;MAC1BxE,YAAY,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;MAC9CA,YAAY,CAAC2D,aAAa,CAACa,QAAQ,CAAC;IACtC;EACF;EACA,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,sBAAsBA,CAC1CC,IAAI,EACJ7C,OAA0B,GAAG;EAC3B8C,eAAe,EAAE,IAAI;EACrBC,QAAQ,EAAE;AACZ,CAAC,EACc;EACf,MAAMC,UAAU,GAAG,MAAMlE,uBAAuB,CAACkB,OAAO,CAAC;EACzD,IAAIiD,QAAQ,GAAGzE,gBAAgB,CAC5B,GAAEC,SAAS,CAACF,YAAY,CAACT,KAAK,CAAC6C,QAAQ,CAAC,CAAC,CAAC,CAAE,EAAC,EAC7C,YACH,CAAC;EACD,IAAIkC,IAAI,EAAE;IACRI,QAAQ,GAAGJ,IAAI;EACjB;EACAnE,cAAc,CAACsE,UAAU,EAAErE,WAAW,CAACsE,QAAQ,EAAE,IAAI,CAAC,CAAC;AACzD;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,uBAAuBA,CAC3CC,OAAO,GAAG,KAAK,EACfnD,OAA0B,GAAG;EAC3B8C,eAAe,EAAE,IAAI;EACrBC,QAAQ,EAAE;AACZ,CAAC,EACc;EACf,MAAMC,UAA+B,GACnC,MAAMlE,uBAAuB,CAACkB,OAAO,CAAC;EACxC,OAAOgD,UAAU,CAACI,IAAI;EACtB,MAAMC,aAAa,GAAGzE,mBAAmB,CAAC,IAAI,CAAC;EAC/C;EACA0E,MAAM,CAACC,OAAO,CAACP,UAAU,CAAC,CAACQ,OAAO,CAAC,CAAC,CAACC,IAAI,EAAEC,GAAG,CAAgB,KAAK;IACjE,IAAIA,GAAG,EAAE;MACP,IAAI,CAAC3F,EAAE,CAAC4F,UAAU,CAAE,GAAEN,aAAc,IAAGI,IAAK,EAAC,CAAC,EAAE;QAC9C1F,EAAE,CAAC6F,SAAS,CAAE,GAAEP,aAAc,IAAGI,IAAK,EAAC,CAAC;MAC1C;MACA,IAAIA,IAAI,IAAI,MAAM,EAAE;QAClB,MAAMI,QAAQ,GAAG;UACfC,IAAI,EAAE;YACJC,GAAG,EAAE,CAAC,CAAC;YACPC,MAAM,EAAE,CAAC,CAAC;YACVC,QAAQ,EAAE,CAAC,CAAC;YACZC,MAAM,EAAE,CAAC;UACX;QACF,CAAC;QACD,IAAIR,GAAG,CAACK,GAAG,EAAE;UACX,IAAI,CAAChG,EAAE,CAAC4F,UAAU,CAAE,GAAEN,aAAc,MAAK,CAAC,EAAE;YAC1CtF,EAAE,CAAC6F,SAAS,CAAE,GAAEP,aAAc,MAAK,CAAC;UACtC;UACA;UACAC,MAAM,CAACC,OAAO,CAACG,GAAG,CAACK,GAAG,CAAC,CAACP,OAAO,CAAC,CAAC,CAACW,EAAE,EAAEnD,KAAK,CAAgB,KAAK;YAC9D6C,QAAQ,CAACC,IAAI,CAACC,GAAG,GAAG;cAClB,CAACI,EAAE,GAAGnD;YACR,CAAC;YACDtC,cAAc,CACZmF,QAAQ,EACP,GAAER,aAAc,QAAO7E,gBAAgB,CAAC2F,EAAE,EAAE,UAAU,CAAE,EAC3D,CAAC;UACH,CAAC,CAAC;UACFN,QAAQ,CAACC,IAAI,CAACC,GAAG,GAAG,CAAC,CAAC;QACxB;QACAT,MAAM,CAACC,OAAO,CAACG,GAAG,CAACM,MAAM,CAAC,CACvBI,MAAM,CAACd,MAAM,CAACC,OAAO,CAACG,GAAG,CAACQ,MAAM,CAAC;QAClC;QAAA,CACCV,OAAO,CAAC,CAAC,CAACW,EAAE,EAAEnD,KAAK,CAAgB,KAAK;UACvC,MAAMqD,QAAQ,GAAG7F,gBAAgB,CAC/BwC,KAAK,CAACsD,QAAQ,GAAGtD,KAAK,CAACsD,QAAQ,GAAGH,EAAE,EACpCV,IACF,CAAC;UACD,MAAMc,QAAQ,GAAGb,GAAG,CAACM,MAAM,CAACG,EAAE,CAAC,GAAG,QAAQ,GAAG,QAAQ;UACrDN,QAAQ,CAACC,IAAI,CAACS,QAAQ,CAAC,CAACJ,EAAE,CAAC,GAAGnD,KAAK;UACnC6C,QAAQ,CAACC,IAAI,CAACG,QAAQ,GAAG;YACvB,CAACE,EAAE,GAAGT,GAAG,CAACO,QAAQ,CAACE,EAAE;UACvB,CAAC;UACDzF,cAAc,CAACmF,QAAQ,EAAG,GAAER,aAAc,IAAGI,IAAK,IAAGY,QAAS,EAAC,CAAC;UAChER,QAAQ,CAACC,IAAI,CAACS,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC,CAAC;MACN,CAAC,MAAM,IAAId,IAAI,IAAI,gBAAgB,EAAE;QACnC,MAAMR,QAAQ,GAAGzE,gBAAgB,CAC9B,GAAEX,KAAK,CAACgB,KAAK,CAACN,YAAY,CAACT,KAAK,CAAC6C,QAAQ,CAAC,CAAC,CAAE,OAAM,EACpD,yBACF,CAAC;QACDjC,cAAc,CACZ;UACE8F,cAAc,EAAEd;QAClB,CAAC,EACA,GAAEL,aAAc,IAAGI,IAAK,IAAGR,QAAS,EACvC,CAAC;MACH,CAAC,MAAM;QACL;QACAK,MAAM,CAACC,OAAO,CAACG,GAAG,CAAC,CAACF,OAAO,CAAC,CAAC,CAACW,EAAE,EAAEnD,KAAK,CAAgB,KAAK;UAC1D,MAAMqD,QAAQ,GACZZ,IAAI,IAAI,QAAQ,GACX,GAAEU,EAAG,OAAM,GACZ3F,gBAAgB,CAACwC,KAAK,CAACyD,IAAI,GAAGzD,KAAK,CAACyD,IAAI,GAAGN,EAAE,EAAEV,IAAI,CAAC;UAC1D,IAAIA,IAAI,IAAI,QAAQ,IAAIY,QAAQ,CAACK,QAAQ,CAAC,GAAG,CAAC,EAAE;YAC9C3G,EAAE,CAAC6F,SAAS,CACT,GAAEP,aAAc,IAAGI,IAAK,IAAGY,QAAQ,CAACM,KAAK,CACxC,CAAC,EACDN,QAAQ,CAACO,WAAW,CAAC,GAAG,CAC1B,CAAE,EAAC,EACH;cACEC,SAAS,EAAE;YACb,CACF,CAAC;UACH;UACA,IAAI1B,OAAO,IAAIM,IAAI,IAAI,QAAQ,EAAE;YAC/BnF,mBAAmB,CAAC0E,UAAU,EAA2BmB,EAAE,EAAEV,IAAI,CAAC;UACpE;UACA/E,cAAc,CACZ;YACE,CAAC+E,IAAI,GAAG;cACN,CAACU,EAAE,GAAGnD;YACR;UACF,CAAC,EACA,GAAEqC,aAAc,IAAGI,IAAK,IAAGY,QAAS,EACvC,CAAC;QACH,CAAC,CAAC;MACJ;IACF;EACF,CAAC,CAAC;AACJ"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rockcarver/frodo-cli",
-  "version": "2.0.0-34",
+  "version": "2.0.0-35",
   "type": "module",
   "description": "A command line interface to manage ForgeRock Identity Cloud tenants, ForgeOps deployments, and classic deployments.",
   "keywords": [