@scupit/mcp-ecosystem 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +273 -0
- package/dist/auth0/management-client.d.ts +6 -1
- package/dist/auth0/management-client.d.ts.map +1 -1
- package/dist/auth0/management-client.js +56 -20
- package/dist/auth0/management-client.js.map +1 -1
- package/dist/cli.js +9 -2
- package/dist/cli.js.map +1 -1
- package/dist/commands/add-scope.d.ts.map +1 -1
- package/dist/commands/add-scope.js +5 -1
- package/dist/commands/add-scope.js.map +1 -1
- package/dist/commands/env-root-validation.d.ts +3 -0
- package/dist/commands/env-root-validation.d.ts.map +1 -0
- package/dist/commands/env-root-validation.js +27 -0
- package/dist/commands/env-root-validation.js.map +1 -0
- package/dist/commands/generate-artifacts.d.ts +1 -1
- package/dist/commands/generate-artifacts.d.ts.map +1 -1
- package/dist/commands/generate-artifacts.js +49 -75
- package/dist/commands/generate-artifacts.js.map +1 -1
- package/dist/commands/grant-client.d.ts.map +1 -1
- package/dist/commands/grant-client.js +17 -2
- package/dist/commands/grant-client.js.map +1 -1
- package/dist/commands/reconcile-all.d.ts.map +1 -1
- package/dist/commands/reconcile-all.js +9 -0
- package/dist/commands/reconcile-all.js.map +1 -1
- package/dist/commands/reconcile-client.d.ts +3 -1
- package/dist/commands/reconcile-client.d.ts.map +1 -1
- package/dist/commands/reconcile-client.js +109 -17
- package/dist/commands/reconcile-client.js.map +1 -1
- package/dist/commands/reconcile-server.d.ts.map +1 -1
- package/dist/commands/reconcile-server.js +49 -20
- package/dist/commands/reconcile-server.js.map +1 -1
- package/dist/commands/validated-client-cache.d.ts +7 -0
- package/dist/commands/validated-client-cache.d.ts.map +1 -0
- package/dist/commands/validated-client-cache.js +50 -0
- package/dist/commands/validated-client-cache.js.map +1 -0
- package/dist/commands/verify-tenant.d.ts.map +1 -1
- package/dist/commands/verify-tenant.js +2 -5
- package/dist/commands/verify-tenant.js.map +1 -1
- package/dist/config/defaults.d.ts +19 -0
- package/dist/config/defaults.d.ts.map +1 -0
- package/dist/config/defaults.js +49 -0
- package/dist/config/defaults.js.map +1 -0
- package/dist/config/env-policy.d.ts +7 -0
- package/dist/config/env-policy.d.ts.map +1 -0
- package/dist/config/env-policy.js +30 -0
- package/dist/config/env-policy.js.map +1 -0
- package/dist/config/index.d.ts +3 -1
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +3 -1
- package/dist/config/index.js.map +1 -1
- package/dist/config/loader.d.ts +15 -0
- package/dist/config/loader.d.ts.map +1 -1
- package/dist/config/loader.js +95 -4
- package/dist/config/loader.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/mcp-server/create-server.d.ts +17 -24
- package/dist/mcp-server/create-server.d.ts.map +1 -1
- package/dist/mcp-server/create-server.js +157 -58
- package/dist/mcp-server/create-server.js.map +1 -1
- package/dist/mcp-server/http-app.d.ts +24 -0
- package/dist/mcp-server/http-app.d.ts.map +1 -0
- package/dist/mcp-server/http-app.js +66 -0
- package/dist/mcp-server/http-app.js.map +1 -0
- package/dist/mcp-server/index.d.ts +4 -2
- package/dist/mcp-server/index.d.ts.map +1 -1
- package/dist/mcp-server/index.js +1 -1
- package/dist/mcp-server/index.js.map +1 -1
- package/dist/mcp-server/mcp-configuration.d.ts +35 -0
- package/dist/mcp-server/mcp-configuration.d.ts.map +1 -0
- package/dist/mcp-server/mcp-configuration.js +2 -0
- package/dist/mcp-server/mcp-configuration.js.map +1 -0
- package/dist/mcp-server/stdio-mcp.d.ts +17 -0
- package/dist/mcp-server/stdio-mcp.d.ts.map +1 -0
- package/dist/mcp-server/stdio-mcp.js +28 -0
- package/dist/mcp-server/stdio-mcp.js.map +1 -0
- package/dist/mcp-server/streamable-http-stateful-mcp.d.ts +22 -0
- package/dist/mcp-server/streamable-http-stateful-mcp.d.ts.map +1 -0
- package/dist/mcp-server/streamable-http-stateful-mcp.js +105 -0
- package/dist/mcp-server/streamable-http-stateful-mcp.js.map +1 -0
- package/dist/mcp-server/streamable-http-stateless-mcp.d.ts +20 -0
- package/dist/mcp-server/streamable-http-stateless-mcp.d.ts.map +1 -0
- package/dist/mcp-server/streamable-http-stateless-mcp.js +58 -0
- package/dist/mcp-server/streamable-http-stateless-mcp.js.map +1 -0
- package/dist/mcp-server/transport-config.d.ts +80 -0
- package/dist/mcp-server/transport-config.d.ts.map +1 -0
- package/dist/mcp-server/transport-config.js +2 -0
- package/dist/mcp-server/transport-config.js.map +1 -0
- package/dist/types/auth0-responses.d.ts +11 -0
- package/dist/types/auth0-responses.d.ts.map +1 -1
- package/dist/types/client-config.d.ts +6 -24
- package/dist/types/client-config.d.ts.map +1 -1
- package/dist/types/client-config.js +4 -7
- package/dist/types/client-config.js.map +1 -1
- package/dist/types/ecosystem-config.d.ts +211 -70
- package/dist/types/ecosystem-config.d.ts.map +1 -1
- package/dist/types/ecosystem-config.js +33 -21
- package/dist/types/ecosystem-config.js.map +1 -1
- package/dist/types/index.d.ts +3 -3
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +1 -1
- package/dist/types/index.js.map +1 -1
- package/dist/types/server-config.js +1 -1
- package/dist/types/server-config.js.map +1 -1
- package/dist/utils/context.d.ts +6 -5
- package/dist/utils/context.d.ts.map +1 -1
- package/dist/utils/context.js +43 -7
- package/dist/utils/context.js.map +1 -1
- package/dist/utils/env-manager.d.ts +113 -0
- package/dist/utils/env-manager.d.ts.map +1 -0
- package/dist/utils/env-manager.js +509 -0
- package/dist/utils/env-manager.js.map +1 -0
- package/dist/utils/env-writer.d.ts +23 -0
- package/dist/utils/env-writer.d.ts.map +1 -0
- package/dist/utils/env-writer.js +131 -0
- package/dist/utils/env-writer.js.map +1 -0
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/package.json +8 -6
package/README.md
ADDED
|
@@ -0,0 +1,273 @@
|
|
|
1
|
+
# @scupit/mcp-ecosystem
|
|
2
|
+
|
|
3
|
+
Provisioning CLI, runtime library, and server bootstrap for building a personal [MCP](https://modelcontextprotocol.io/) ecosystem backed by [Auth0](https://auth0.com/).
|
|
4
|
+
|
|
5
|
+
## What this is
|
|
6
|
+
|
|
7
|
+
This toolkit solves a specific problem: you want to run many MCP servers, each on its own subdomain, each protected by OAuth via Auth0, and you don't want to manually configure Auth0 objects or re-derive security plumbing every time you add a new one.
|
|
8
|
+
|
|
9
|
+
The package gives you three things:
|
|
10
|
+
|
|
11
|
+
1. **A provisioning CLI** that reconciles your desired-state config files against Auth0, creating or updating APIs, Applications, and client grants as needed.
|
|
12
|
+
2. **A server bootstrap** that derives runtime config at startup, selects the requested MCP transport, and wires in Protected Resource Metadata plus bearer-token validation for HTTP transports.
|
|
13
|
+
3. **Runtime helpers** for token validation, scope enforcement, and `WWW-Authenticate` challenge generation that any MCP server can use directly.
|
|
14
|
+
|
|
15
|
+
## How it works
|
|
16
|
+
|
|
17
|
+
The system maps OAuth roles to Auth0 objects:
|
|
18
|
+
|
|
19
|
+
- Each **MCP server** is an Auth0 **API** (resource server)
|
|
20
|
+
- Each **software client** (Cursor, a CLI tool, a web app) is an Auth0 **Application**
|
|
21
|
+
- Each **client-server permission** is an Auth0 **client grant** with specific scopes
|
|
22
|
+
- Your **Auth0 tenant** is the authorization server
|
|
23
|
+
|
|
24
|
+
You describe your desired state in JSON config files inside an **ecosystem directory**. The CLI reads those files, talks to the Auth0 Management API, and makes reality match. Your MCP servers then derive their runtime configuration directly from those source files and environment variables at startup via `createMcpServer()`.
|
|
25
|
+
|
|
26
|
+
```text
|
|
27
|
+
my-ecosystem/
|
|
28
|
+
ecosystem-configuration.json # Domain pattern, client groups
|
|
29
|
+
.env # Auth0 tenant domain and credentials
|
|
30
|
+
client-descriptors/ # Reusable client behavior templates
|
|
31
|
+
cursor-like.json
|
|
32
|
+
oauth-clients/ # Concrete Auth0 Application instances
|
|
33
|
+
cursor-primary/
|
|
34
|
+
client-configuration.json
|
|
35
|
+
mcps/ # MCP server configs and implementations
|
|
36
|
+
files/
|
|
37
|
+
mcp-configuration.json # Desired state for this server
|
|
38
|
+
server.ts # Server implementation
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## Quick start
|
|
42
|
+
|
|
43
|
+
### Install
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
npm install @scupit/mcp-ecosystem
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
For MCP servers, also install the peer dependencies:
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
npm install express @modelcontextprotocol/sdk zod
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
### Set up an ecosystem directory
|
|
56
|
+
|
|
57
|
+
Create `ecosystem-configuration.json` with your domain pattern:
|
|
58
|
+
|
|
59
|
+
```json
|
|
60
|
+
{
|
|
61
|
+
"domain": {
|
|
62
|
+
"server_host_pattern": "{slug}-mcp.{base_domain}"
|
|
63
|
+
},
|
|
64
|
+
"client_groups": {
|
|
65
|
+
"interactive-default": ["cursor-primary"]
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
That's the entire config file. The `{base_domain}` placeholder is resolved from the `ECOSYSTEM_BASE_DOMAIN` environment variable in your `.env` file. Do not put `domain.base_domain` in `ecosystem-configuration.json`; deployment-specific domains belong in env. API settings, scope profiles, and client profiles all have sensible [built-in defaults](docs/02-ecosystem-defaults.md) that you only override when needed.
|
|
71
|
+
|
|
72
|
+
Create a root `.env` file with your ecosystem base domain and Auth0 credentials, or export the same variables in your shell:
|
|
73
|
+
|
|
74
|
+
```dotenv
|
|
75
|
+
ECOSYSTEM_BASE_DOMAIN=example.com
|
|
76
|
+
AUTH0_TENANT_DOMAIN=your-tenant.auth0.com
|
|
77
|
+
AUTH0_MGMT_CLIENT_ID=your-management-client-id
|
|
78
|
+
AUTH0_MGMT_CLIENT_SECRET=your-management-client-secret
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
Not all of these variables are used by all parts of the system. During `createMcpServer()` bootstrap, the toolkit removes Auth0 management credentials and auto-generated client credentials from `process.env`, while leaving the shared runtime variables (`ECOSYSTEM_BASE_DOMAIN`, `AUTH0_TENANT_DOMAIN`, `PORT`, and user-defined vars) available to the server. See [Environment Variables](docs/02-ecosystem-defaults.md#environment-variables) for the full breakdown and the exact bootstrap boundary.
|
|
82
|
+
|
|
83
|
+
To bootstrap that file, run `npx mcp-ecosystem generate-artifacts --dir ./my-ecosystem`. It refreshes a managed block in `.env.example` using placeholder values only and preserves any comments or custom example variables you keep outside that block.
|
|
84
|
+
|
|
85
|
+
Replace the placeholder values before running provisioning or authenticated server startup. Placeholder values like `example.com`, `your-tenant.auth0.com`, and `__REQUIRED__` are treated as invalid configuration.
|
|
86
|
+
|
|
87
|
+
Per-server `.env` files are supported for server-local overrides like `PORT`, but they must not redefine shared ecosystem/Auth0 variables such as `ECOSYSTEM_BASE_DOMAIN`, `AUTH0_TENANT_DOMAIN`, or Auth0 client credentials. Those belong in the ecosystem root `.env`.
|
|
88
|
+
|
|
89
|
+
Auto-generated `AUTH0_{KEY}_CLIENT_ID` and `AUTH0_{KEY}_CLIENT_SECRET` entries are tool-owned and must live only inside the root `.env` managed block. If they appear in user-authored content outside that block, reconciliation fails with a corrective error.
|
|
90
|
+
|
|
91
|
+
### Verify your Auth0 tenant
|
|
92
|
+
|
|
93
|
+
```bash
|
|
94
|
+
npx mcp-ecosystem verify-tenant --dir ./my-ecosystem
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
This checks that Resource Parameter Compatibility Profile is enabled (required for MCP's `resource` parameter to work with Auth0).
|
|
98
|
+
|
|
99
|
+
### Add an MCP server
|
|
100
|
+
|
|
101
|
+
Create `mcps/my-server/mcp-configuration.json`:
|
|
102
|
+
|
|
103
|
+
```json
|
|
104
|
+
{
|
|
105
|
+
"name": "My Server",
|
|
106
|
+
"slug": "my-server",
|
|
107
|
+
"scope_profile": "standard",
|
|
108
|
+
"auth0": { "create_api_if_missing": true },
|
|
109
|
+
"grants": { "client_groups": ["interactive-default"] },
|
|
110
|
+
"access_policy": { "user": "require_client_grant", "client": "deny_all" }
|
|
111
|
+
}
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
Provision it:
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
npx mcp-ecosystem reconcile-server my-server --dir ./my-ecosystem
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
### Write the server
|
|
121
|
+
|
|
122
|
+
```typescript
|
|
123
|
+
import { createMcpServer } from "@scupit/mcp-ecosystem/server";
|
|
124
|
+
import { z } from "zod";
|
|
125
|
+
|
|
126
|
+
const mcp = await createMcpServer(import.meta.url, {
|
|
127
|
+
transport: { type: "streamable-http-stateless", port: 3000 },
|
|
128
|
+
});
|
|
129
|
+
|
|
130
|
+
mcp.builder.registerTool(
|
|
131
|
+
"hello",
|
|
132
|
+
{
|
|
133
|
+
description: "Say hello",
|
|
134
|
+
inputSchema: { name: z.string() },
|
|
135
|
+
},
|
|
136
|
+
async ({ name }) => {
|
|
137
|
+
return {
|
|
138
|
+
content: [{ type: "text", text: `Hello, ${name}!` }],
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
);
|
|
142
|
+
|
|
143
|
+
await mcp.begin();
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
This gives you:
|
|
147
|
+
|
|
148
|
+
- `/.well-known/oauth-protected-resource` -- MCP-required metadata discovery
|
|
149
|
+
- `/mcp` -- Streamable HTTP MCP endpoint with bearer token validation
|
|
150
|
+
- `/health` -- health check
|
|
151
|
+
|
|
152
|
+
## CLI commands
|
|
153
|
+
|
|
154
|
+
All commands support `--dry-run`, `--verbose`, `--json`, and `--dir <path>`.
|
|
155
|
+
|
|
156
|
+
| Command | What it does |
|
|
157
|
+
| --- | --- |
|
|
158
|
+
| `verify-tenant` | Checks Auth0 tenant prerequisites (Resource Parameter Compatibility Profile, DCR status) |
|
|
159
|
+
| `reconcile-client <key>` | Creates or reuses an Auth0 Application for a software client |
|
|
160
|
+
| `reconcile-server <slug>` | Reconciles the Auth0 API, scopes, access policy, and client grants for an MCP server |
|
|
161
|
+
| `reconcile-all` | Full ecosystem reconciliation: tenant, then all clients, then all servers |
|
|
162
|
+
| `add-scope <slug> <scope>` | Adds a scope to local config and updates the Auth0 API |
|
|
163
|
+
| `grant-client <slug> <key> [scopes...]` | Creates or updates a client grant for a specific client/server pair |
|
|
164
|
+
| `generate-artifacts` | Refreshes the managed `.env.example` block with placeholders |
|
|
165
|
+
|
|
166
|
+
## Package exports
|
|
167
|
+
|
|
168
|
+
### `@scupit/mcp-ecosystem`
|
|
169
|
+
|
|
170
|
+
The main entry point. Types, config loading, Auth0 Management API client, and lightweight runtime helpers (token validation, scope enforcement, `WWW-Authenticate` challenges). No heavy dependencies.
|
|
171
|
+
|
|
172
|
+
### `@scupit/mcp-ecosystem/server`
|
|
173
|
+
|
|
174
|
+
The server bootstrap. `@modelcontextprotocol/sdk` is required. `express` is required for the HTTP transports and optional for `stdio`. Provides:
|
|
175
|
+
|
|
176
|
+
- `createMcpServer(importMetaUrl, options?)` -- loads config from source files, derives runtime env/config, creates the selected MCP transport, and returns a ready-to-configure server wrapper with `.builder` and `.begin()`.
|
|
177
|
+
|
|
178
|
+
For HTTP transports, auth is enabled by default. For local development without Auth0, pass `transport: { type: "streamable-http-stateless", auth: { enabled: false } }` or the equivalent stateful transport config. `stdio` has no HTTP auth layer.
|
|
179
|
+
|
|
180
|
+
The current server bootstrap assumes a single ecosystem/server context per Node process. If you need to host multiple different ecosystem contexts in one process, do not rely on the current `process.env` loading behavior to isolate them.
|
|
181
|
+
|
|
182
|
+
OAuth client `client_key` values must be env-safe slugs: lowercase, start with a letter, may contain digits or hyphens, and end with an alphanumeric character. This keeps the generated `AUTH0_{KEY}_CLIENT_ID` / `AUTH0_{KEY}_CLIENT_SECRET` variables valid and collision-free.
|
|
183
|
+
|
|
184
|
+
## Auth model
|
|
185
|
+
|
|
186
|
+
The provisioner enforces these defaults (configurable per server):
|
|
187
|
+
|
|
188
|
+
- **User access**: `require_client_grant` -- interactive clients need an explicit grant to call the API
|
|
189
|
+
- **M2M access**: `deny_all` -- machine-to-machine access is blocked unless you explicitly enable it
|
|
190
|
+
- **Token format**: `rfc9068_profile_authz` -- access tokens include the `permissions` claim
|
|
191
|
+
- **Signing**: RS256 via Auth0 JWKS
|
|
192
|
+
|
|
193
|
+
Each MCP server validates tokens at runtime by checking the RS256 signature, issuer, audience, and scopes. Invalid or missing tokens get a proper `WWW-Authenticate` challenge pointing to the server's Protected Resource Metadata.
|
|
194
|
+
|
|
195
|
+
## Client profiles
|
|
196
|
+
|
|
197
|
+
Four built-in profiles cover the standard OAuth application types:
|
|
198
|
+
|
|
199
|
+
| Profile | For | Auth method | Public? |
|
|
200
|
+
| --- | --- | --- | --- |
|
|
201
|
+
| `native_interactive` | Desktop apps (Cursor), local tools | `none` | Yes |
|
|
202
|
+
| `spa_interactive` | Browser frontends | `none` | Yes |
|
|
203
|
+
| `regular_web_interactive` | Backend web apps | `client_secret_post` | No |
|
|
204
|
+
| `service_m2m` | Cron jobs, daemons, workers | `client_secret_post` | No |
|
|
205
|
+
|
|
206
|
+
## Example ecosystem
|
|
207
|
+
|
|
208
|
+
The `example-ecosystem/` directory contains a complete working example with:
|
|
209
|
+
|
|
210
|
+
- Two MCP servers: **Git** (`git_status` tool) and **Files** (`read_file`, `write_file` tools)
|
|
211
|
+
- Three client descriptors: Cursor, MCP Inspector, service worker
|
|
212
|
+
- Three concrete client configs
|
|
213
|
+
- Full ecosystem configuration
|
|
214
|
+
|
|
215
|
+
Run the example servers:
|
|
216
|
+
|
|
217
|
+
```bash
|
|
218
|
+
cd example-ecosystem
|
|
219
|
+
npm install
|
|
220
|
+
npm run start:git # http://127.0.0.1:3001
|
|
221
|
+
npm run start:files # http://127.0.0.1:3002
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
## Connecting Cursor
|
|
225
|
+
|
|
226
|
+
After provisioning a server and its Cursor client, add this to your `.cursor/mcp.json`:
|
|
227
|
+
|
|
228
|
+
```json
|
|
229
|
+
{
|
|
230
|
+
"mcpServers": {
|
|
231
|
+
"my-server": {
|
|
232
|
+
"url": "https://my-server-mcp.example.com/mcp",
|
|
233
|
+
"auth": {
|
|
234
|
+
"CLIENT_ID": "${env:AUTH0_CURSOR_PRIMARY_CLIENT_ID}"
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
}
|
|
239
|
+
```
|
|
240
|
+
|
|
241
|
+
Cursor discovers the authorization server automatically via `/.well-known/oauth-protected-resource`. No client secret is needed for public (native) clients.
|
|
242
|
+
|
|
243
|
+
## Project structure
|
|
244
|
+
|
|
245
|
+
```text
|
|
246
|
+
@scupit/mcp-ecosystem/
|
|
247
|
+
src/
|
|
248
|
+
cli.ts # CLI entry point
|
|
249
|
+
index.ts # Main package exports
|
|
250
|
+
auth0/ # Auth0 Management API client
|
|
251
|
+
commands/ # CLI command implementations
|
|
252
|
+
config/ # Config loading, validation, derivation
|
|
253
|
+
mcp-runtime/ # Token validation, auth middleware, 401 challenges
|
|
254
|
+
mcp-server/ # Server bootstrap (Express + MCP SDK)
|
|
255
|
+
types/ # Zod schemas and TypeScript types
|
|
256
|
+
utils/ # Logger, context helpers
|
|
257
|
+
example-ecosystem/ # Working example
|
|
258
|
+
docs/ # Additional documentation
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
## Documentation
|
|
262
|
+
|
|
263
|
+
- [Guide and Provisioning Contract](guide-and-provisioning-contract.md) -- the full specification this system implements
|
|
264
|
+
- [Updates to Guide](docs/01-updates-to-guide.md) -- every deviation from the original spec, with rationale
|
|
265
|
+
- [Ecosystem Defaults](docs/02-ecosystem-defaults.md) -- all hardcoded defaults, with override examples
|
|
266
|
+
- [Managed Env And Reconciliation Lifecycle](docs/03-managed-env-and-reconciliation-lifecycle.md) -- how `.env`, `.env.example`, client caches, and bootstrap fit together
|
|
267
|
+
- [Implementation Plan](implementation-plan.md) -- the phased plan used to build the system
|
|
268
|
+
|
|
269
|
+
## Requirements
|
|
270
|
+
|
|
271
|
+
- Node.js >= 20
|
|
272
|
+
- An Auth0 tenant with a Management API application (client credentials grant)
|
|
273
|
+
- Resource Parameter Compatibility Profile enabled on the tenant
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { Auth0Application, Auth0Api, Auth0ApiScope, Auth0ClientGrant, Auth0TenantSettings } from "../types/index.js";
|
|
1
|
+
import type { Auth0Application, Auth0Api, Auth0ApiScope, Auth0ApiSubjectTypeAuthorization, Auth0ClientGrant, Auth0TenantSettings } from "../types/index.js";
|
|
2
2
|
export interface Auth0ManagementClientOptions {
|
|
3
3
|
tenantDomain: string;
|
|
4
4
|
managementAudience: string;
|
|
@@ -12,8 +12,10 @@ export declare class Auth0ManagementClient {
|
|
|
12
12
|
private readonly clientId;
|
|
13
13
|
private readonly clientSecret;
|
|
14
14
|
private accessToken;
|
|
15
|
+
private tokenExpiresAt;
|
|
15
16
|
constructor(options: Auth0ManagementClientOptions);
|
|
16
17
|
authenticate(): Promise<void>;
|
|
18
|
+
private ensureAuthenticated;
|
|
17
19
|
private request;
|
|
18
20
|
getTenantSettings(): Promise<Auth0TenantSettings>;
|
|
19
21
|
patchTenantSettings(patch: Partial<Auth0TenantSettings>): Promise<Auth0TenantSettings>;
|
|
@@ -24,6 +26,7 @@ export declare class Auth0ManagementClient {
|
|
|
24
26
|
}): Promise<Auth0Application[]>;
|
|
25
27
|
getApplication(clientId: string): Promise<Auth0Application>;
|
|
26
28
|
findApplicationByMetadata(metadataKey: string, metadataValue: string): Promise<Auth0Application | null>;
|
|
29
|
+
findApplicationByMetadataEntries(metadataEntries: Record<string, string>): Promise<Auth0Application | null>;
|
|
27
30
|
createApplication(payload: Partial<Auth0Application> & {
|
|
28
31
|
name: string;
|
|
29
32
|
app_type: string;
|
|
@@ -42,6 +45,7 @@ export declare class Auth0ManagementClient {
|
|
|
42
45
|
token_dialect?: string;
|
|
43
46
|
enforce_policies?: boolean;
|
|
44
47
|
scopes?: Auth0ApiScope[];
|
|
48
|
+
subject_type_authorization?: Auth0ApiSubjectTypeAuthorization;
|
|
45
49
|
}): Promise<Auth0Api>;
|
|
46
50
|
updateApi(apiId: string, payload: Partial<{
|
|
47
51
|
name: string;
|
|
@@ -49,6 +53,7 @@ export declare class Auth0ManagementClient {
|
|
|
49
53
|
token_dialect: string;
|
|
50
54
|
enforce_policies: boolean;
|
|
51
55
|
scopes: Auth0ApiScope[];
|
|
56
|
+
subject_type_authorization: Auth0ApiSubjectTypeAuthorization;
|
|
52
57
|
}>): Promise<Auth0Api>;
|
|
53
58
|
listClientGrants(params?: {
|
|
54
59
|
audience?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"management-client.d.ts","sourceRoot":"","sources":["../../src/auth0/management-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,QAAQ,EACR,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"management-client.d.ts","sourceRoot":"","sources":["../../src/auth0/management-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,QAAQ,EACR,aAAa,EACb,gCAAgC,EAChC,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAO3B,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,cAAc,CAAa;gBAEvB,OAAO,EAAE,4BAA4B;IAQ3C,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;YA4BrB,mBAAmB;YAMnB,OAAO;IAuDf,iBAAiB,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAIjD,mBAAmB,CACvB,KAAK,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAClC,OAAO,CAAC,mBAAmB,CAAC;IAUzB,gBAAgB,CAAC,MAAM,CAAC,EAAE;QAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAczB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAI3D,yBAAyB,CAC7B,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAM7B,gCAAgC,CACpC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACtC,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAoB7B,iBAAiB,CACrB,OAAO,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GACtE,OAAO,CAAC,gBAAgB,CAAC;IAItB,iBAAiB,CACrB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,CAAC,gBAAgB,CAAC,GACjC,OAAO,CAAC,gBAAgB,CAAC;IAUtB,QAAQ,CAAC,MAAM,CAAC,EAAE;QACtB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAYjB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAcjE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIxC,SAAS,CAAC,OAAO,EAAE;QACvB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,MAAM,CAAC,EAAE,aAAa,EAAE,CAAC;QACzB,0BAA0B,CAAC,EAAE,gCAAgC,CAAC;KAC/D,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIf,SAAS,CACb,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,OAAO,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,aAAa,EAAE,CAAC;QACxB,0BAA0B,EAAE,gCAAgC,CAAC;KAC9D,CAAC,GACD,OAAO,CAAC,QAAQ,CAAC;IAUd,gBAAgB,CAAC,MAAM,CAAC,EAAE;QAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAczB,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAY7B,iBAAiB,CAAC,OAAO,EAAE;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAIvB,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,GAC3B,OAAO,CAAC,gBAAgB,CAAC;IAQtB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGxD;AAMD,qBAAa,aAAc,SAAQ,KAAK;aAEpB,MAAM,EAAE,MAAM;aACd,IAAI,EAAE,MAAM;aACZ,UAAU,EAAE,MAAM;aAClB,YAAY,EAAE,MAAM;gBAHpB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM;CAOvC"}
|
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
import { logger } from "../utils/index.js";
|
|
2
|
+
const MAX_RETRIES = 5;
|
|
3
|
+
const BASE_BACKOFF_MS = 1_000;
|
|
4
|
+
const MAX_BACKOFF_MS = 30_000;
|
|
1
5
|
export class Auth0ManagementClient {
|
|
2
6
|
baseUrl;
|
|
3
7
|
tokenUrl;
|
|
@@ -5,6 +9,7 @@ export class Auth0ManagementClient {
|
|
|
5
9
|
clientId;
|
|
6
10
|
clientSecret;
|
|
7
11
|
accessToken = null;
|
|
12
|
+
tokenExpiresAt = 0;
|
|
8
13
|
constructor(options) {
|
|
9
14
|
this.baseUrl = `https://${options.tenantDomain}/api/v2`;
|
|
10
15
|
this.tokenUrl = `https://${options.tenantDomain}/oauth/token`;
|
|
@@ -29,28 +34,51 @@ export class Auth0ManagementClient {
|
|
|
29
34
|
}
|
|
30
35
|
const data = (await response.json());
|
|
31
36
|
this.accessToken = data.access_token;
|
|
37
|
+
const expiresInMs = (data.expires_in ?? 86400) * 1000;
|
|
38
|
+
this.tokenExpiresAt = Date.now() + expiresInMs - 60_000;
|
|
32
39
|
}
|
|
33
|
-
async
|
|
34
|
-
if (!this.accessToken) {
|
|
35
|
-
|
|
40
|
+
async ensureAuthenticated() {
|
|
41
|
+
if (!this.accessToken || Date.now() >= this.tokenExpiresAt) {
|
|
42
|
+
await this.authenticate();
|
|
36
43
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
44
|
+
}
|
|
45
|
+
async request(method, path, body) {
|
|
46
|
+
let attempt = 0;
|
|
47
|
+
while (true) {
|
|
48
|
+
await this.ensureAuthenticated();
|
|
49
|
+
const url = `${this.baseUrl}${path}`;
|
|
50
|
+
const headers = {
|
|
51
|
+
Authorization: `Bearer ${this.accessToken}`,
|
|
52
|
+
"Content-Type": "application/json",
|
|
53
|
+
};
|
|
54
|
+
const response = await fetch(url, {
|
|
55
|
+
method,
|
|
56
|
+
headers,
|
|
57
|
+
body: body ? JSON.stringify(body) : undefined,
|
|
58
|
+
});
|
|
59
|
+
if (response.status === 429) {
|
|
60
|
+
if (attempt >= MAX_RETRIES) {
|
|
61
|
+
const responseBody = await response.text();
|
|
62
|
+
throw new Auth0ApiError(method, path, response.status, responseBody);
|
|
63
|
+
}
|
|
64
|
+
// Respect Retry-After if Auth0 provides it; otherwise exponential backoff.
|
|
65
|
+
const retryAfterHeader = response.headers.get("Retry-After");
|
|
66
|
+
const retryAfterMs = retryAfterHeader
|
|
67
|
+
? parseFloat(retryAfterHeader) * 1_000
|
|
68
|
+
: Math.min(BASE_BACKOFF_MS * 2 ** attempt, MAX_BACKOFF_MS);
|
|
69
|
+
attempt++;
|
|
70
|
+
logger.warn(`Rate limit hit on ${method} ${path}. Retrying in ${Math.round(retryAfterMs / 1000)}s (attempt ${attempt}/${MAX_RETRIES})...`);
|
|
71
|
+
await sleep(retryAfterMs);
|
|
72
|
+
continue;
|
|
73
|
+
}
|
|
74
|
+
if (!response.ok) {
|
|
75
|
+
const responseBody = await response.text();
|
|
76
|
+
throw new Auth0ApiError(method, path, response.status, responseBody);
|
|
77
|
+
}
|
|
78
|
+
if (response.status === 204)
|
|
79
|
+
return undefined;
|
|
80
|
+
return response.json();
|
|
50
81
|
}
|
|
51
|
-
if (response.status === 204)
|
|
52
|
-
return undefined;
|
|
53
|
-
return response.json();
|
|
54
82
|
}
|
|
55
83
|
// ── Tenant Settings ──
|
|
56
84
|
async getTenantSettings() {
|
|
@@ -75,12 +103,17 @@ export class Auth0ManagementClient {
|
|
|
75
103
|
return this.request("GET", `/clients/${clientId}`);
|
|
76
104
|
}
|
|
77
105
|
async findApplicationByMetadata(metadataKey, metadataValue) {
|
|
106
|
+
return this.findApplicationByMetadataEntries({
|
|
107
|
+
[metadataKey]: metadataValue,
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
async findApplicationByMetadataEntries(metadataEntries) {
|
|
78
111
|
let page = 0;
|
|
79
112
|
const perPage = 100;
|
|
80
113
|
while (true) {
|
|
81
114
|
const apps = await this.listApplications({ page, per_page: perPage });
|
|
82
115
|
for (const app of apps) {
|
|
83
|
-
if (app.client_metadata?.[
|
|
116
|
+
if (Object.entries(metadataEntries).every(([key, value]) => app.client_metadata?.[key] === value)) {
|
|
84
117
|
return app;
|
|
85
118
|
}
|
|
86
119
|
}
|
|
@@ -166,6 +199,9 @@ export class Auth0ManagementClient {
|
|
|
166
199
|
await this.request("DELETE", `/client-grants/${grantId}`);
|
|
167
200
|
}
|
|
168
201
|
}
|
|
202
|
+
function sleep(ms) {
|
|
203
|
+
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
204
|
+
}
|
|
169
205
|
export class Auth0ApiError extends Error {
|
|
170
206
|
method;
|
|
171
207
|
path;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"management-client.js","sourceRoot":"","sources":["../../src/auth0/management-client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"management-client.js","sourceRoot":"","sources":["../../src/auth0/management-client.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,eAAe,GAAG,KAAK,CAAC;AAC9B,MAAM,cAAc,GAAG,MAAM,CAAC;AAS9B,MAAM,OAAO,qBAAqB;IACf,OAAO,CAAS;IAChB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,YAAY,CAAS;IAC9B,WAAW,GAAkB,IAAI,CAAC;IAClC,cAAc,GAAW,CAAC,CAAC;IAEnC,YAAY,OAAqC;QAC/C,IAAI,CAAC,OAAO,GAAG,WAAW,OAAO,CAAC,YAAY,SAAS,CAAC;QACxD,IAAI,CAAC,QAAQ,GAAG,WAAW,OAAO,CAAC,YAAY,cAAc,CAAC;QAC9D,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;gBAChC,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,0CAA0C,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACtE,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAGlC,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;QACrC,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC;QACtD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,GAAG,MAAM,CAAC;IAC1D,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC/B,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3D,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,IAAY,EACZ,IAAc;QAEd,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAEjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;YACrC,MAAM,OAAO,GAA2B;gBACtC,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;gBAC3C,cAAc,EAAE,kBAAkB;aACnC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM;gBACN,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC9C,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,OAAO,IAAI,WAAW,EAAE,CAAC;oBAC3B,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBAC3C,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;gBACvE,CAAC;gBAED,2EAA2E;gBAC3E,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gBAC7D,MAAM,YAAY,GAAG,gBAAgB;oBACnC,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,GAAG,KAAK;oBACtC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,IAAI,OAAO,EAAE,cAAc,CAAC,CAAC;gBAE7D,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,IAAI,IAAI,iBAAiB,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,cAAc,OAAO,IAAI,WAAW,MAAM,CAC9H,CAAC;gBACF,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;gBAC1B,SAAS;YACX,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3C,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;gBAAE,OAAO,SAAc,CAAC;YAEnD,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;QACvC,CAAC;IACH,CAAC;IAED,wBAAwB;IAExB,KAAK,CAAC,iBAAiB;QACrB,OAAO,IAAI,CAAC,OAAO,CAAsB,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,KAAmC;QAEnC,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,mBAAmB,EACnB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,+BAA+B;IAE/B,KAAK,CAAC,gBAAgB,CAAC,MAItB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,IAAI,MAAM,EAAE,QAAQ,KAAK,SAAS;YAChC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,IAAI,MAAM,EAAE,cAAc,KAAK,SAAS;YACtC,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC7D,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAChC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,OAAO,IAAI,CAAC,OAAO,CAAmB,KAAK,EAAE,YAAY,QAAQ,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,WAAmB,EACnB,aAAqB;QAErB,OAAO,IAAI,CAAC,gCAAgC,CAAC;YAC3C,CAAC,WAAW,CAAC,EAAE,aAAa;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gCAAgC,CACpC,eAAuC;QAEvC,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,CAAC;QACpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACtE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IACE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,KAAK,CACnC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,CACvD,EACD,CAAC;oBACD,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO;gBAAE,MAAM;YACjC,IAAI,EAAE,CAAC;QACT,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAuE;QAEvE,OAAO,IAAI,CAAC,OAAO,CAAmB,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,OAAkC;QAElC,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,YAAY,QAAQ,EAAE,EACtB,OAAO,CACR,CAAC;IACJ,CAAC;IAED,gCAAgC;IAEhC,KAAK,CAAC,QAAQ,CAAC,MAGd;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,IAAI,MAAM,EAAE,QAAQ,KAAK,SAAS;YAChC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,oBAAoB,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,UAAkB;QAC1C,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,CAAC;QACpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU;oBAAE,OAAO,GAAG,CAAC;YAChD,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO;gBAAE,MAAM;YACjC,IAAI,EAAE,CAAC;QACT,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,OAAO,IAAI,CAAC,OAAO,CAAW,KAAK,EAAE,qBAAqB,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAQf;QACC,OAAO,IAAI,CAAC,OAAO,CAAW,MAAM,EAAE,mBAAmB,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAAa,EACb,OAOE;QAEF,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,qBAAqB,KAAK,EAAE,EAC5B,OAAO,CACR,CAAC;IACJ,CAAC;IAED,sBAAsB;IAEtB,KAAK,CAAC,gBAAgB,CAAC,MAKtB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,QAAQ;YAAE,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,MAAM,EAAE,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,IAAI,MAAM,EAAE,QAAQ,KAAK,SAAS;YAChC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,QAAgB,EAChB,WAAoB;QAEpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC;YACzC,SAAS,EAAE,QAAQ;YACnB,QAAQ;SACT,CAAC,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,WAAW,IAAI,KAAK,CAAC,YAAY,KAAK,WAAW;gBAAE,SAAS;YAChE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAKvB;QACC,OAAO,IAAI,CAAC,OAAO,CAAmB,MAAM,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAe,EACf,OAA4B;QAE5B,OAAO,IAAI,CAAC,OAAO,CACjB,OAAO,EACP,kBAAkB,OAAO,EAAE,EAC3B,OAAO,CACR,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAe;QACrC,MAAM,IAAI,CAAC,OAAO,CAAO,QAAQ,EAAE,kBAAkB,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;CACF;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IAEpB;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,IAAY,EACZ,UAAkB,EAClB,YAAoB;QAEpC,KAAK,CACH,oBAAoB,MAAM,IAAI,IAAI,aAAa,UAAU,KAAK,YAAY,EAAE,CAC7E,CAAC;QAPc,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAQ;QACZ,eAAU,GAAV,UAAU,CAAQ;QAClB,iBAAY,GAAZ,YAAY,CAAQ;QAKpC,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF"}
|
package/dist/cli.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
import { Command } from "commander";
|
|
3
3
|
import { resolve } from "node:path";
|
|
4
4
|
import { loadAllConfig } from "./config/index.js";
|
|
5
|
-
import { createLazyAuth0Context, logger, setVerbose } from "./utils/index.js";
|
|
5
|
+
import { createLazyAuth0Context, logger, setVerbose, EnvManager } from "./utils/index.js";
|
|
6
6
|
import { verifyTenant, reconcileClient, reconcileServer, reconcileAll, addScope, grantClient, generateArtifacts, } from "./commands/index.js";
|
|
7
7
|
const program = new Command();
|
|
8
8
|
program
|
|
@@ -18,6 +18,8 @@ async function buildContext(opts) {
|
|
|
18
18
|
setVerbose(true);
|
|
19
19
|
const rootDir = resolve(opts.dir);
|
|
20
20
|
logger.debug(`Root directory: ${rootDir}`);
|
|
21
|
+
const envManager = await EnvManager.load(rootDir);
|
|
22
|
+
envManager.populateProcessEnv();
|
|
21
23
|
logger.info("Loading ecosystem configuration...");
|
|
22
24
|
const config = await loadAllConfig(rootDir);
|
|
23
25
|
logger.success(`Loaded: ${config.clientConfigs.size} client(s), ${config.serverConfigs.size} server(s), ${config.clientDescriptors.size} descriptor(s)`);
|
|
@@ -28,6 +30,7 @@ async function buildContext(opts) {
|
|
|
28
30
|
get auth0() {
|
|
29
31
|
return lazy.auth0;
|
|
30
32
|
},
|
|
33
|
+
envManager,
|
|
31
34
|
dryRun: opts.dryRun,
|
|
32
35
|
};
|
|
33
36
|
}
|
|
@@ -43,7 +46,6 @@ program
|
|
|
43
46
|
const opts = program.opts();
|
|
44
47
|
try {
|
|
45
48
|
const ctx = await buildContext(opts);
|
|
46
|
-
await ctx.auth0.authenticate();
|
|
47
49
|
const result = await verifyTenant(ctx);
|
|
48
50
|
output(opts.json, result);
|
|
49
51
|
}
|
|
@@ -61,6 +63,7 @@ program
|
|
|
61
63
|
const ctx = await buildContext(opts);
|
|
62
64
|
await ctx.auth0.authenticate();
|
|
63
65
|
const result = await reconcileClient(ctx, clientKey);
|
|
66
|
+
await ctx.envManager.flush(ctx.dryRun);
|
|
64
67
|
output(opts.json, result);
|
|
65
68
|
}
|
|
66
69
|
catch (err) {
|
|
@@ -77,6 +80,7 @@ program
|
|
|
77
80
|
const ctx = await buildContext(opts);
|
|
78
81
|
await ctx.auth0.authenticate();
|
|
79
82
|
const result = await reconcileServer(ctx, serverSlug);
|
|
83
|
+
await ctx.envManager.flush(ctx.dryRun);
|
|
80
84
|
output(opts.json, result);
|
|
81
85
|
}
|
|
82
86
|
catch (err) {
|
|
@@ -92,6 +96,7 @@ program
|
|
|
92
96
|
try {
|
|
93
97
|
const ctx = await buildContext(opts);
|
|
94
98
|
const result = await reconcileAll(ctx);
|
|
99
|
+
await ctx.envManager.flush(ctx.dryRun);
|
|
95
100
|
output(opts.json, result);
|
|
96
101
|
}
|
|
97
102
|
catch (err) {
|
|
@@ -124,6 +129,7 @@ program
|
|
|
124
129
|
const ctx = await buildContext(opts);
|
|
125
130
|
await ctx.auth0.authenticate();
|
|
126
131
|
const result = await grantClient(ctx, serverSlug, clientKey, scopes);
|
|
132
|
+
await ctx.envManager.flush(ctx.dryRun);
|
|
127
133
|
output(opts.json, result);
|
|
128
134
|
}
|
|
129
135
|
catch (err) {
|
|
@@ -139,6 +145,7 @@ program
|
|
|
139
145
|
try {
|
|
140
146
|
const ctx = await buildContext(opts);
|
|
141
147
|
const result = await generateArtifacts(ctx);
|
|
148
|
+
await ctx.envManager.flush(ctx.dryRun);
|
|
142
149
|
output(opts.json, result);
|
|
143
150
|
}
|
|
144
151
|
catch (err) {
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE1F,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAE7B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,eAAe,CAAC;KACrB,WAAW,CACV,+EAA+E,CAChF;KACA,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,kBAAkB,EAAE,iCAAiC,EAAE,GAAG,CAAC;KAClE,MAAM,CAAC,WAAW,EAAE,wDAAwD,EAAE,KAAK,CAAC;KACpF,MAAM,CAAC,WAAW,EAAE,6BAA6B,EAAE,KAAK,CAAC;KACzD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,EAAE,KAAK,CAAC,CAAC;AAErD,KAAK,UAAU,YAAY,CAAC,IAI3B;IACC,IAAI,IAAI,CAAC,OAAO;QAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,CAAC,KAAK,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC;IAE3C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClD,UAAU,CAAC,kBAAkB,EAAE,CAAC;IAEhC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,OAAO,CACZ,WAAW,MAAM,CAAC,aAAa,CAAC,IAAI,eAAe,MAAM,CAAC,aAAa,CAAC,IAAI,eAAe,MAAM,CAAC,iBAAiB,CAAC,IAAI,gBAAgB,CACzI,CAAC;IAEF,MAAM,IAAI,GAAG,sBAAsB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEtD,OAAO;QACL,OAAO;QACP,MAAM;QACN,IAAI,KAAK;YACP,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QACD,UAAU;QACV,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CAAC,IAAa,EAAE,IAAa;IAC1C,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,+BAA+B,CAAC;KACxC,WAAW,CAAC,4DAA4D,CAAC;KACzE,MAAM,CAAC,KAAK,EAAE,SAAiB,EAAE,EAAE;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACrD,MAAM,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,gCAAgC,CAAC;KACzC,WAAW,CACV,0EAA0E,CAC3E;KACA,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,EAAE;IACnC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACtD,MAAM,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,iEAAiE,CAAC;KAC9E,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,iCAAiC,CAAC;KAC1C,WAAW,CAAC,qDAAqD,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,KAAa,EAAE,EAAE;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,qDAAqD,CAAC;KAC9D,WAAW,CAAC,0DAA0D,CAAC;KACvE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,SAAiB,EAAE,MAAgB,EAAE,EAAE;IACxE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,oBAAoB,CAAC;KAC7B,WAAW,CACV,2DAA2D,CAC5D;KACA,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAuE,CAAC;IACjG,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"add-scope.d.ts","sourceRoot":"","sources":["../../src/commands/add-scope.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"add-scope.d.ts","sourceRoot":"","sources":["../../src/commands/add-scope.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AASxD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,GAAG,iBAAiB,GAAG,SAAS,CAAC;IAChD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,wBAAsB,QAAQ,CAC5B,GAAG,EAAE,cAAc,EACnB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,cAAc,CAAC,CAkEzB"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { readFile, writeFile } from "node:fs/promises";
|
|
2
2
|
import { join } from "node:path";
|
|
3
3
|
import { logger } from "../utils/index.js";
|
|
4
|
-
import { deriveCanonicalResourceUri, resolveScopes, } from "../config/index.js";
|
|
4
|
+
import { assertRequiredEcosystemEnv, deriveCanonicalResourceUri, resolveScopes, } from "../config/index.js";
|
|
5
5
|
export async function addScope(ctx, serverSlug, scope) {
|
|
6
6
|
const { config, auth0, dryRun, rootDir } = ctx;
|
|
7
7
|
const serverConfig = config.serverConfigs.get(serverSlug);
|
|
@@ -18,6 +18,10 @@ export async function addScope(ctx, serverSlug, scope) {
|
|
|
18
18
|
finalScopes: currentScopes,
|
|
19
19
|
};
|
|
20
20
|
}
|
|
21
|
+
assertRequiredEcosystemEnv(config.ecosystem, {
|
|
22
|
+
context: `derive URLs for server "${serverSlug}"`,
|
|
23
|
+
requireBaseDomain: true,
|
|
24
|
+
});
|
|
21
25
|
const newExtraScopes = [...(serverConfig.extra_scopes ?? []), scope];
|
|
22
26
|
const fullDesiredScopes = [...new Set([...currentScopes, scope])];
|
|
23
27
|
logger.info(`Adding scope "${scope}" to server "${serverSlug}".`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"add-scope.js","sourceRoot":"","sources":["../../src/commands/add-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EACL,0BAA0B,EAC1B,aAAa,GACd,MAAM,oBAAoB,CAAC;AAU5B,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,GAAmB,EACnB,UAAkB,EAClB,KAAa;IAEb,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,UAAU,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEpE,IAAI,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CACT,UAAU,KAAK,mCAAmC,UAAU,IAAI,CACjE,CAAC;QACF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,KAAK;YACL,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,aAAa;SAC3B,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,CAAC,IAAI,CACT,iBAAiB,KAAK,gBAAgB,UAAU,IAAI,CACrD,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,qBAAqB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAElE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACxF,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;IACvF,GAAG,CAAC,cAAc,CAAC,GAAG,cAAc,CAAC;IACrC,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1E,MAAM,CAAC,OAAO,CAAC,2BAA2B,UAAU,EAAE,CAAC,CAAC;IAExD,6CAA6C;IAC7C,MAAM,UAAU,GAAG,0BAA0B,CAC3C,MAAM,CAAC,SAAS,EAChB,YAAY,CAAC,IAAI,CAClB,CAAC;IACF,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAChE,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,YAAY,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,UAAU,CAAC,EAAE;SAC3B,CAAC,CAAC,CAAC;QACJ,MAAM,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CACT,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;AACtF,CAAC;AAED,SAAS,aAAa,CACpB,OAAe,EACf,IAAY,EACZ,OAAqB;IAErB,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC"}
|
|
1
|
+
{"version":3,"file":"add-scope.js","sourceRoot":"","sources":["../../src/commands/add-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAC1B,aAAa,GACd,MAAM,oBAAoB,CAAC;AAU5B,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,GAAmB,EACnB,UAAkB,EAClB,KAAa;IAEb,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,UAAU,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEpE,IAAI,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CACT,UAAU,KAAK,mCAAmC,UAAU,IAAI,CACjE,CAAC;QACF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,KAAK;YACL,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,aAAa;SAC3B,CAAC;IACJ,CAAC;IAED,0BAA0B,CAAC,MAAM,CAAC,SAAS,EAAE;QAC3C,OAAO,EAAE,2BAA2B,UAAU,GAAG;QACjD,iBAAiB,EAAE,IAAI;KACxB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,CAAC,IAAI,CACT,iBAAiB,KAAK,gBAAgB,UAAU,IAAI,CACrD,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,qBAAqB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAElE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACxF,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;IACvF,GAAG,CAAC,cAAc,CAAC,GAAG,cAAc,CAAC;IACrC,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1E,MAAM,CAAC,OAAO,CAAC,2BAA2B,UAAU,EAAE,CAAC,CAAC;IAExD,6CAA6C;IAC7C,MAAM,UAAU,GAAG,0BAA0B,CAC3C,MAAM,CAAC,SAAS,EAChB,YAAY,CAAC,IAAI,CAClB,CAAC;IACF,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAChE,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,YAAY,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,UAAU,CAAC,EAAE;SAC3B,CAAC,CAAC,CAAC;QACJ,MAAM,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CACT,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;AACtF,CAAC;AAED,SAAS,aAAa,CACpB,OAAe,EACf,IAAY,EACZ,OAAqB;IAErB,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"env-root-validation.d.ts","sourceRoot":"","sources":["../../src/commands/env-root-validation.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD,wBAAgB,mDAAmD,CACjE,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,YAAY,GAAG,SAAS,CAAC,GAClD,IAAI,CAyBN"}
|