Skip to content

Commit

Permalink
feat: add front/backchannel logout params to client cli (#2387)
Browse files Browse the repository at this point in the history
Closes #1487

Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
  • Loading branch information
mattbonnell and aeneasr authored Mar 7, 2021
1 parent 94593db commit 055f801
Show file tree
Hide file tree
Showing 7 changed files with 18,588 additions and 94 deletions.
76 changes: 42 additions & 34 deletions cmd/cli/handler_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,23 +102,27 @@ func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) {
cmdx.Must(err, "Failed to load encryption key: %s", err)

cc := models.OAuth2Client{
ClientID: flagx.MustGetString(cmd, "id"),
ClientSecret: secret,
ResponseTypes: flagx.MustGetStringSlice(cmd, "response-types"),
Scope: strings.Join(flagx.MustGetStringSlice(cmd, "scope"), " "),
GrantTypes: flagx.MustGetStringSlice(cmd, "grant-types"),
RedirectUris: flagx.MustGetStringSlice(cmd, "callbacks"),
ClientName: flagx.MustGetString(cmd, "name"),
TokenEndpointAuthMethod: flagx.MustGetString(cmd, "token-endpoint-auth-method"),
JwksURI: flagx.MustGetString(cmd, "jwks-uri"),
TosURI: flagx.MustGetString(cmd, "tos-uri"),
PolicyURI: flagx.MustGetString(cmd, "policy-uri"),
LogoURI: flagx.MustGetString(cmd, "logo-uri"),
ClientURI: flagx.MustGetString(cmd, "client-uri"),
AllowedCorsOrigins: flagx.MustGetStringSlice(cmd, "allowed-cors-origins"),
SubjectType: flagx.MustGetString(cmd, "subject-type"),
Audience: flagx.MustGetStringSlice(cmd, "audience"),
PostLogoutRedirectUris: flagx.MustGetStringSlice(cmd, "post-logout-callbacks"),
ClientID: flagx.MustGetString(cmd, "id"),
ClientSecret: secret,
ResponseTypes: flagx.MustGetStringSlice(cmd, "response-types"),
Scope: strings.Join(flagx.MustGetStringSlice(cmd, "scope"), " "),
GrantTypes: flagx.MustGetStringSlice(cmd, "grant-types"),
RedirectUris: flagx.MustGetStringSlice(cmd, "callbacks"),
ClientName: flagx.MustGetString(cmd, "name"),
TokenEndpointAuthMethod: flagx.MustGetString(cmd, "token-endpoint-auth-method"),
JwksURI: flagx.MustGetString(cmd, "jwks-uri"),
TosURI: flagx.MustGetString(cmd, "tos-uri"),
PolicyURI: flagx.MustGetString(cmd, "policy-uri"),
LogoURI: flagx.MustGetString(cmd, "logo-uri"),
ClientURI: flagx.MustGetString(cmd, "client-uri"),
AllowedCorsOrigins: flagx.MustGetStringSlice(cmd, "allowed-cors-origins"),
SubjectType: flagx.MustGetString(cmd, "subject-type"),
Audience: flagx.MustGetStringSlice(cmd, "audience"),
PostLogoutRedirectUris: flagx.MustGetStringSlice(cmd, "post-logout-callbacks"),
BackchannelLogoutSessionRequired: flagx.MustGetBool(cmd, "backchannel-logout-session-required"),
BackchannelLogoutURI: flagx.MustGetString(cmd, "backchannel-logout-callback"),
FrontchannelLogoutSessionRequired: flagx.MustGetBool(cmd, "frontchannel-logout-session-required"),
FrontchannelLogoutURI: flagx.MustGetString(cmd, "frontchannel-logout-callback"),
}

response, err := m.Admin.CreateOAuth2Client(admin.NewCreateOAuth2ClientParams().WithBody(&cc))
Expand Down Expand Up @@ -163,23 +167,27 @@ func (h *ClientHandler) UpdateClient(cmd *cobra.Command, args []string) {

id := args[0]
cc := models.OAuth2Client{
ClientID: id,
ClientSecret: newSecret,
ResponseTypes: flagx.MustGetStringSlice(cmd, "response-types"),
Scope: strings.Join(flagx.MustGetStringSlice(cmd, "scope"), " "),
GrantTypes: flagx.MustGetStringSlice(cmd, "grant-types"),
RedirectUris: flagx.MustGetStringSlice(cmd, "callbacks"),
ClientName: flagx.MustGetString(cmd, "name"),
TokenEndpointAuthMethod: flagx.MustGetString(cmd, "token-endpoint-auth-method"),
JwksURI: flagx.MustGetString(cmd, "jwks-uri"),
TosURI: flagx.MustGetString(cmd, "tos-uri"),
PolicyURI: flagx.MustGetString(cmd, "policy-uri"),
LogoURI: flagx.MustGetString(cmd, "logo-uri"),
ClientURI: flagx.MustGetString(cmd, "client-uri"),
AllowedCorsOrigins: flagx.MustGetStringSlice(cmd, "allowed-cors-origins"),
SubjectType: flagx.MustGetString(cmd, "subject-type"),
Audience: flagx.MustGetStringSlice(cmd, "audience"),
PostLogoutRedirectUris: flagx.MustGetStringSlice(cmd, "post-logout-callbacks"),
ClientID: id,
ClientSecret: newSecret,
ResponseTypes: flagx.MustGetStringSlice(cmd, "response-types"),
Scope: strings.Join(flagx.MustGetStringSlice(cmd, "scope"), " "),
GrantTypes: flagx.MustGetStringSlice(cmd, "grant-types"),
RedirectUris: flagx.MustGetStringSlice(cmd, "callbacks"),
ClientName: flagx.MustGetString(cmd, "name"),
TokenEndpointAuthMethod: flagx.MustGetString(cmd, "token-endpoint-auth-method"),
JwksURI: flagx.MustGetString(cmd, "jwks-uri"),
TosURI: flagx.MustGetString(cmd, "tos-uri"),
PolicyURI: flagx.MustGetString(cmd, "policy-uri"),
LogoURI: flagx.MustGetString(cmd, "logo-uri"),
ClientURI: flagx.MustGetString(cmd, "client-uri"),
AllowedCorsOrigins: flagx.MustGetStringSlice(cmd, "allowed-cors-origins"),
SubjectType: flagx.MustGetString(cmd, "subject-type"),
Audience: flagx.MustGetStringSlice(cmd, "audience"),
PostLogoutRedirectUris: flagx.MustGetStringSlice(cmd, "post-logout-callbacks"),
BackchannelLogoutSessionRequired: flagx.MustGetBool(cmd, "backchannel-logout-session-required"),
BackchannelLogoutURI: flagx.MustGetString(cmd, "backchannel-logout-callback"),
FrontchannelLogoutSessionRequired: flagx.MustGetBool(cmd, "frontchannel-logout-session-required"),
FrontchannelLogoutURI: flagx.MustGetString(cmd, "frontchannel-logout-callback"),
}

response, err := m.Admin.UpdateOAuth2Client(admin.NewUpdateOAuth2ClientParams().WithID(id).WithBody(&cc))
Expand Down
8 changes: 8 additions & 0 deletions cmd/clients_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,14 @@ func init() {
clientsCreateCmd.Flags().StringP("name", "n", "", "The client's name")
clientsCreateCmd.Flags().StringSlice("post-logout-callbacks", []string{}, "List of allowed URLs to be redirected to after a logout")

// back-channel logout options
clientsCreateCmd.Flags().Bool("backchannel-logout-session-required", false, "Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the backchannel-logout-callback is used. If omitted, the default value is false.")
clientsCreateCmd.Flags().String("backchannel-logout-callback", "", "Client URL that will cause the client to log itself out when sent a Logout Token by Hydra.")

// front-channel logout options
clientsCreateCmd.Flags().Bool("frontchannel-logout-session-required", false, "Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the frontchannel-logout-callback is used. If omitted, the default value is false.")
clientsCreateCmd.Flags().String("frontchannel-logout-callback", "", "Client URL that will cause the client to log itself out when rendered in an iframe by Hydra.")

// encrypt client secret options
clientsCreateCmd.Flags().String("pgp-key", "", "Base64 encoded PGP encryption key for encrypting client secret")
clientsCreateCmd.Flags().String("pgp-key-url", "", "PGP encryption key URL for encrypting client secret")
Expand Down
8 changes: 8 additions & 0 deletions cmd/clients_update.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,14 @@ func init() {
clientsUpdateCmd.Flags().StringP("name", "n", "", "The client's name")
clientsUpdateCmd.Flags().StringSlice("post-logout-callbacks", []string{}, "List of allowed URLs to be redirected to after a logout")

// back-channel logout options
clientsUpdateCmd.Flags().Bool("backchannel-logout-session-required", false, "Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the backchannel-logout-callback is used. If omitted, the default value is false.")
clientsUpdateCmd.Flags().String("backchannel-logout-callback", "", "Client URL that will cause the client to log itself out when sent a Logout Token by Hydra.")

// front-channel logout options
clientsUpdateCmd.Flags().Bool("frontchannel-logout-session-required", false, "Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the frontchannel-logout-callback is used. If omitted, the default value is false.")
clientsUpdateCmd.Flags().String("frontchannel-logout-callback", "", "Client URL that will cause the client to log itself out when rendered in an iframe by Hydra.")

// encrypt client secret options
clientsUpdateCmd.Flags().String("pgp-key", "", "Base64 encoded PGP encryption key for encrypting client secret")
clientsUpdateCmd.Flags().String("pgp-key-url", "", "PGP encryption key URL for encrypting client secret")
Expand Down
46 changes: 25 additions & 21 deletions docs/docs/cli/hydra-clients-create.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,27 +36,31 @@ hydra clients create [flags]
### Options

```
--allowed-cors-origins strings The list of URLs allowed to make CORS requests. Requires CORS_ENABLED.
--audience strings The audience this client is allowed to request
-c, --callbacks strings REQUIRED list of allowed callback URLs
--client-uri string A URL string of a web page providing information about the client
-g, --grant-types strings A list of allowed grant types (default [authorization_code])
-h, --help help for create
--id string Give the client this id
--jwks-uri string Define the URL where the JSON Web Key Set should be fetched from when performing the "private_key_jwt" client authentication method
--keybase string Keybase username for encrypting client secret
--logo-uri string A URL string that references a logo for the client
-n, --name string The client's name
--pgp-key string Base64 encoded PGP encryption key for encrypting client secret
--pgp-key-url string PGP encryption key URL for encrypting client secret
--policy-uri string A URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data
--post-logout-callbacks strings List of allowed URLs to be redirected to after a logout
-r, --response-types strings A list of allowed response types (default [code])
-a, --scope strings The scope the client is allowed to request
--secret string Provide the client's secret
--subject-type string A identifier algorithm. Valid values are "public" and "pairwise" (default "public")
--token-endpoint-auth-method string Define which authentication method the client may use at the Token Endpoint. Valid values are "client_secret_post", "client_secret_basic", "private_key_jwt", and "none" (default "client_secret_basic")
--tos-uri string A URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client
--allowed-cors-origins strings The list of URLs allowed to make CORS requests. Requires CORS_ENABLED.
--audience strings The audience this client is allowed to request
--backchannel-logout-callback string Client URL that will cause the client to log itself out when sent a Logout Token by Hydra.
--backchannel-logout-session-required Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the backchannel-logout-callback is used. If omitted, the default value is false.
-c, --callbacks strings REQUIRED list of allowed callback URLs
--client-uri string A URL string of a web page providing information about the client
--frontchannel-logout-callback string Client URL that will cause the client to log itself out when rendered in an iframe by Hydra.
--frontchannel-logout-session-required Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the frontchannel-logout-callback is used. If omitted, the default value is false.
-g, --grant-types strings A list of allowed grant types (default [authorization_code])
-h, --help help for create
--id string Give the client this id
--jwks-uri string Define the URL where the JSON Web Key Set should be fetched from when performing the "private_key_jwt" client authentication method
--keybase string Keybase username for encrypting client secret
--logo-uri string A URL string that references a logo for the client
-n, --name string The client's name
--pgp-key string Base64 encoded PGP encryption key for encrypting client secret
--pgp-key-url string PGP encryption key URL for encrypting client secret
--policy-uri string A URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data
--post-logout-callbacks strings List of allowed URLs to be redirected to after a logout
-r, --response-types strings A list of allowed response types (default [code])
-a, --scope strings The scope the client is allowed to request
--secret string Provide the client's secret
--subject-type string A identifier algorithm. Valid values are "public" and "pairwise" (default "public")
--token-endpoint-auth-method string Define which authentication method the client may use at the Token Endpoint. Valid values are "client_secret_post", "client_secret_basic", "private_key_jwt", and "none" (default "client_secret_basic")
--tos-uri string A URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client
```

### Options inherited from parent commands
Expand Down
Loading

0 comments on commit 055f801

Please sign in to comment.