diff --git a/docs/auth0_apps_create.md b/docs/auth0_apps_create.md index 622c6594b..a3703fae7 100644 --- a/docs/auth0_apps_create.md +++ b/docs/auth0_apps_create.md @@ -25,27 +25,31 @@ auth0 apps create [flags] auth0 apps create --name myapp --description --type [native|spa|regular|m2m] auth0 apps create --name myapp --description --type [native|spa|regular|m2m] --reveal-secrets auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz" + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz" ``` ## Flags ``` - -a, --auth-method string Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic). - -c, --callbacks strings After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://. - -d, --description string Description of the application. Max character count is 140. - -g, --grants strings List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code. - --json Output in json format. - -l, --logout-urls strings Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. - -n, --name string Name of the application. - -o, --origins strings Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. - -r, --reveal-secrets Display the application secrets ('signing_keys', 'client_secret') as part of the command output. - -t, --type string Type of application: - - native: mobile, desktop, CLI and smart device apps running natively. - - spa (single page application): a JavaScript front-end app that uses an API. - - regular: Traditional web app using redirects. - - m2m (machine to machine): CLIs, daemons or services running on your backend. - -w, --web-origins strings Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. + -a, --auth-method string Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic). + -c, --callbacks strings After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://. + -d, --description string Description of the application. Max character count is 140. + -g, --grants strings List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code. + --json Output in json format. + -l, --logout-urls strings Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. + --metadata stringToString Arbitrary keys-value pairs (max 255 characters each), that can be assigned to each application. More about application metadata: https://auth0.com/docs/get-started/applications/configure-application-metadata (default []) + -n, --name string Name of the application. + -o, --origins strings Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. + -r, --reveal-secrets Display the application secrets ('signing_keys', 'client_secret') as part of the command output. + -t, --type string Type of application: + - native: mobile, desktop, CLI and smart device apps running natively. + - spa (single page application): a JavaScript front-end app that uses an API. + - regular: Traditional web app using redirects. + - m2m (machine to machine): CLIs, daemons or services running on your backend. + -w, --web-origins strings Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. ``` diff --git a/docs/auth0_apps_update.md b/docs/auth0_apps_update.md index e46910833..46e0350c6 100644 --- a/docs/auth0_apps_update.md +++ b/docs/auth0_apps_update.md @@ -25,27 +25,31 @@ auth0 apps update [flags] auth0 apps update --name myapp --description --type [native|spa|regular|m2m] auth0 apps update --name myapp --description --type [native|spa|regular|m2m] --reveal-secrets auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz" + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz" ``` ## Flags ``` - -a, --auth-method string Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic). - -c, --callbacks strings After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://. - -d, --description string Description of the application. Max character count is 140. - -g, --grants strings List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code. - --json Output in json format. - -l, --logout-urls strings Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. - -n, --name string Name of the application. - -o, --origins strings Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. - -r, --reveal-secrets Display the application secrets ('signing_keys', 'client_secret') as part of the command output. - -t, --type string Type of application: - - native: mobile, desktop, CLI and smart device apps running natively. - - spa (single page application): a JavaScript front-end app that uses an API. - - regular: Traditional web app using redirects. - - m2m (machine to machine): CLIs, daemons or services running on your backend. - -w, --web-origins strings Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. + -a, --auth-method string Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic). + -c, --callbacks strings After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://. + -d, --description string Description of the application. Max character count is 140. + -g, --grants strings List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code. + --json Output in json format. + -l, --logout-urls strings Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains. + --metadata stringToString Arbitrary keys-value pairs (max 255 characters each), that can be assigned to each application. More about application metadata: https://auth0.com/docs/get-started/applications/configure-application-metadata (default []) + -n, --name string Name of the application. + -o, --origins strings Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs. + -r, --reveal-secrets Display the application secrets ('signing_keys', 'client_secret') as part of the command output. + -t, --type string Type of application: + - native: mobile, desktop, CLI and smart device apps running natively. + - spa (single page application): a JavaScript front-end app that uses an API. + - regular: Traditional web app using redirects. + - m2m (machine to machine): CLIs, daemons or services running on your backend. + -w, --web-origins strings Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. ``` diff --git a/internal/cli/apps.go b/internal/cli/apps.go index d142affe2..010eae98f 100644 --- a/internal/cli/apps.go +++ b/internal/cli/apps.go @@ -78,6 +78,12 @@ var ( IsRequired: false, AlwaysPrompt: true, } + appMetadata = Flag{ + Name: "Metadata", + LongForm: "metadata", + Help: "Arbitrary keys-value pairs (max 255 characters each), that can be assigned to each application. More about application metadata: https://auth0.com/docs/get-started/applications/configure-application-metadata", + IsRequired: false, + } appOrigins = Flag{ Name: "Allowed Origin URLs", LongForm: "origins", @@ -373,6 +379,7 @@ func createAppCmd(cli *cli) *cobra.Command { AuthMethod string Grants []string RevealSecrets bool + Metadata map[string]string } var oidcConformant = true var algorithm = "RS256" @@ -389,7 +396,10 @@ func createAppCmd(cli *cli) *cobra.Command { auth0 apps create --name myapp --description auth0 apps create --name myapp --description --type [native|spa|regular|m2m] auth0 apps create --name myapp --description --type [native|spa|regular|m2m] --reveal-secrets - auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json`, + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz" + auth0 apps create -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz"`, RunE: func(cmd *cobra.Command, args []string) error { // Prompt for app name if err := appName.Ask(cmd, &inputs.Name, nil); err != nil { @@ -454,6 +464,11 @@ func createAppCmd(cli *cli) *cobra.Command { } } + clientMetadata := make(map[string]interface{}, len(inputs.Metadata)) + for k, v := range inputs.Metadata { + clientMetadata[k] = v + } + // Load values into a fresh app instance a := &management.Client{ Name: &inputs.Name, @@ -465,6 +480,7 @@ func createAppCmd(cli *cli) *cobra.Command { AllowedLogoutURLs: stringSliceToPtr(inputs.AllowedLogoutURLs), OIDCConformant: &oidcConformant, JWTConfiguration: &management.ClientJWTConfiguration{Algorithm: &algorithm}, + ClientMetadata: &clientMetadata, } // Set token endpoint auth method @@ -505,6 +521,7 @@ func createAppCmd(cli *cli) *cobra.Command { appDescription.RegisterString(cmd, &inputs.Description, "") appCallbacks.RegisterStringSlice(cmd, &inputs.Callbacks, nil) appOrigins.RegisterStringSlice(cmd, &inputs.AllowedOrigins, nil) + appMetadata.RegisterStringMap(cmd, &inputs.Metadata, nil) appWebOrigins.RegisterStringSlice(cmd, &inputs.AllowedWebOrigins, nil) appLogoutURLs.RegisterStringSlice(cmd, &inputs.AllowedLogoutURLs, nil) appAuthMethod.RegisterString(cmd, &inputs.AuthMethod, "") @@ -527,6 +544,7 @@ func updateAppCmd(cli *cli) *cobra.Command { AuthMethod string Grants []string RevealSecrets bool + Metadata map[string]string } cmd := &cobra.Command{ @@ -542,7 +560,10 @@ func updateAppCmd(cli *cli) *cobra.Command { auth0 apps update --name myapp --description auth0 apps update --name myapp --description --type [native|spa|regular|m2m] auth0 apps update --name myapp --description --type [native|spa|regular|m2m] --reveal-secrets - auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json`, + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz" + auth0 apps update -n myapp -d -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz"`, RunE: func(cmd *cobra.Command, args []string) error { var current *management.Client @@ -695,6 +716,16 @@ func updateAppCmd(cli *cli) *cobra.Command { a.GrantTypes = apiGrantsFor(inputs.Grants) } + if len(inputs.Metadata) == 0 { + a.ClientMetadata = current.ClientMetadata + } else { + clientMetadata := make(map[string]interface{}, len(inputs.Metadata)) + for k, v := range inputs.Metadata { + clientMetadata[k] = v + } + a.ClientMetadata = &clientMetadata + } + // Update app if err := ansi.Waiting(func() error { return cli.api.Client.Update(cmd.Context(), inputs.ID, a) @@ -714,6 +745,7 @@ func updateAppCmd(cli *cli) *cobra.Command { appType.RegisterStringU(cmd, &inputs.Type, "") appDescription.RegisterStringU(cmd, &inputs.Description, "") appCallbacks.RegisterStringSliceU(cmd, &inputs.Callbacks, nil) + appMetadata.RegisterStringMap(cmd, &inputs.Metadata, map[string]string{}) appOrigins.RegisterStringSliceU(cmd, &inputs.AllowedOrigins, nil) appWebOrigins.RegisterStringSliceU(cmd, &inputs.AllowedWebOrigins, nil) appLogoutURLs.RegisterStringSliceU(cmd, &inputs.AllowedLogoutURLs, nil) diff --git a/internal/display/apps.go b/internal/display/apps.go index 30e926253..dddc29d12 100644 --- a/internal/display/apps.go +++ b/internal/display/apps.go @@ -34,6 +34,7 @@ type applicationView struct { AllowedLogoutURLs []string AuthMethod string Grants []string + Metadata []string revealSecret bool raw interface{} @@ -68,6 +69,7 @@ func (v *applicationView) KeyValues() [][]string { allowedWebOrigins := strings.Join(v.AllowedWebOrigins, ", ") allowedLogoutURLs := strings.Join(v.AllowedLogoutURLs, ", ") grants := strings.Join(v.Grants, ", ") + metadata := strings.Join(v.Metadata, ", ") if v.revealSecret { return [][]string{ @@ -82,6 +84,7 @@ func (v *applicationView) KeyValues() [][]string { {"ALLOWED WEB ORIGINS", allowedWebOrigins}, {"TOKEN ENDPOINT AUTH", v.AuthMethod}, {"GRANTS", grants}, + {"METADATA", metadata}, } } @@ -96,6 +99,7 @@ func (v *applicationView) KeyValues() [][]string { {"ALLOWED WEB ORIGINS", allowedWebOrigins}, {"TOKEN ENDPOINT AUTH", v.AuthMethod}, {"GRANTS", grants}, + {"METADATA", metadata}, } } @@ -176,6 +180,7 @@ func makeApplicationView(client *management.Client, revealSecrets bool) *applica AllowedLogoutURLs: client.GetAllowedLogoutURLs(), AuthMethod: client.GetTokenEndpointAuthMethod(), Grants: client.GetGrantTypes(), + Metadata: mapPointerToArray(client.ClientMetadata), raw: client, } } @@ -197,6 +202,16 @@ func FriendlyAppType(appType string) string { } } +func mapPointerToArray(m *map[string]interface{}) []string { + var result []string + if m != nil { + for k, v := range *m { + result = append(result, fmt.Sprintf("%s=%v", k, v)) + } + } + return result +} + func quickstartsURIFor(appType string) string { switch { case appType == "native": diff --git a/test/integration/apps-test-cases.yaml b/test/integration/apps-test-cases.yaml index c0e591331..616d9a943 100644 --- a/test/integration/apps-test-cases.yaml +++ b/test/integration/apps-test-cases.yaml @@ -155,7 +155,41 @@ tests: json: web_origins: "[https://example.com]" - 021 - given a test app, it successfully gets the app's details and outputs in json: + 021 - it successfully creates a native app with a single metadata set: + command: auth0 apps create --name integration-test-app-nativeapp21 --type native --description NativeApp21 --metadata "key=value" + exit-code: 0 + stdout: + contains: + - METADATA + - key=value + + 022 - it successfully creates a native app with a multiple metadata sets, multiple flags: + command: auth0 apps create --name integration-test-app-nativeapp22 --type native --description NativeApp22 --metadata "key=value" --metadata "foo=bar" + exit-code: 0 + stdout: + contains: + - METADATA + - key=value + - foo=bar + + 023 - it successfully creates a native app with a multiple metadata sets, single flag: + command: auth0 apps create --name integration-test-app-nativeapp23 --type native --description NativeApp23 --metadata "key=value,foo=bar" + exit-code: 0 + stdout: + contains: + - METADATA + - key=value + - foo=bar + + 024 - given a test app, it successfully updates the app's details with a metadata set: + command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --metadata "baz=buzz" + exit-code: 0 + stdout: + contains: + - METADATA + - baz=buzz + + 025 - given a test app, it successfully gets the app's details and outputs in json: command: auth0 apps show $(./test/integration/scripts/get-app-id.sh) --json exit-code: 0 stdout: @@ -164,7 +198,7 @@ tests: description: NewApp app_type: native - 022 - given a test app, it successfully gets the app's details: + 026 - given a test app, it successfully gets the app's details: command: auth0 apps show $(./test/integration/scripts/get-app-id.sh) exit-code: 0 stdout: @@ -173,63 +207,63 @@ tests: - DESCRIPTION NewApp - TYPE Native - 023 - given a test app, it successfully updates the app's auth method and outputs in json: + 027 - given a test app, it successfully updates the app's auth method and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --auth-method Basic --json exit-code: 0 stdout: json: token_endpoint_auth_method: client_secret_basic - 024 - given a test app, it successfully updates the app's callbacks and outputs in json: + 028 - given a test app, it successfully updates the app's callbacks and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --callbacks https://example.com --json stdout: json: callbacks: "[https://example.com]" exit-code: 0 - 025 - given a test app, it successfully updates the app's description and outputs in json: + 029 - given a test app, it successfully updates the app's description and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --description "A better description" --json exit-code: 0 stdout: json: description: A better description - 026 - given a test app, it successfully updates the app's grants and outputs in json: + 030 - given a test app, it successfully updates the app's grants and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --grants code --json exit-code: 0 stdout: json: grant_types: "[authorization_code]" - 027 - given a test app, it successfully updates the app's logout urls and outputs in json: + 031 - given a test app, it successfully updates the app's logout urls and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --logout-urls https://example.com --json exit-code: 0 stdout: json: allowed_logout_urls: "[https://example.com]" - 028 - given a test app, it successfully updates the app's name and outputs in json: + 032 - given a test app, it successfully updates the app's name and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --name integration-test-app-betterAppName --json exit-code: 0 stdout: json: name: integration-test-app-betterAppName - 029 - given a test app, it successfully updates the app's origins and outputs in json: + 033 - given a test app, it successfully updates the app's origins and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --origins https://example.com --json exit-code: 0 stdout: json: allowed_origins: "[https://example.com]" - 030 - given a test app, it successfully updates the app's web origins and outputs in json: + 034 - given a test app, it successfully updates the app's web origins and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --web-origins https://example.com --json exit-code: 0 stdout: json: web_origins: "[https://example.com]" - 031 - given a test app, it successfully updates the app's web origins and type and outputs in json: + 035 - given a test app, it successfully updates the app's web origins and type and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --web-origins https://examples.com --type native --json exit-code: 0 stdout: @@ -237,27 +271,27 @@ tests: app_type: native web_origins: "[https://examples.com]" - 032 - given a test app, it successfully updates the app's type and outputs in json: + 036 - given a test app, it successfully updates the app's type and outputs in json: command: auth0 apps update $(./test/integration/scripts/get-app-id.sh) --type spa --json exit-code: 0 stdout: json: app_type: spa - 033 - given a test app, it successfully opens the settings page: + 037 - given a test app, it successfully opens the settings page: command: auth0 apps open $(./test/integration/scripts/get-app-id.sh) --no-input exit-code: 0 stderr: contains: - "Open the following URL in a browser" - 034 - given a test app, it successfully sets the default application: + 038 - given a test app, it successfully sets the default application: command: auth0 apps use $(./test/integration/scripts/get-app-id.sh) --no-input exit-code: 0 stderr: contains: - "Successfully set the default application to" - 035 - given a test app, it successfully deletes the app: + 039 - given a test app, it successfully deletes the app: command: auth0 apps delete $(./test/integration/scripts/get-app-id.sh) --force exit-code: 0