b1ek/new-client.sh

## new-client.sh
#!/bin/zsh
# new-client.sh - CLI tool to create a new client
# Copyright (C) 2024 blek! <me@blek.codes>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

# How to use this program
# 1. You must run the ORY hydra in a docker container with a docker network
# 2. Put the network and the container name in these variables:

DOCKER_NET=''
DOCKER_CONT=''

NAME='false'
PASS='false'
SCOPE='url openid id email given_name family_name phone title picture profile_url offline login userkey'
REDIR_URL='false'
SREDIR_URL='false'
TWOFA='false'
TWOFA_SCOPE='2fa'

errcho() {
	>&2 echo $*
}
help() {
	echo 'new-client.sh - Create a new OIDC client'
	echo -e '   -n --name \t - Clients name (ID)'
	echo -e '   -p --pass \t - Password for the client'
	echo -e '   -r --redir \t - Sign in callback client parameter'
	echo -e '   -s --sredir \t - Sign out callback client parameter'
	echo -e '   -s --scope \t - OIDC Scope (optional)'
	echo -e '   -t --twofa \t - Should the client have 2fa access (optional)'
	echo -e '   -h --help \t - Display this sheet'
	echo -e 'Example:'
	echo -e '    # This command will create a client with name "test" with 2fa access:'
	echo -e '    $ new-client.sh -n test -p 123123 --twofa'
	echo
	echo -e '    This client will have the following OIDC Scope:'
	echo -e "    $SCOPE $TWOFA_SCOPE"
}

while [[ $# -gt 0 ]]; do
	case $1 in
		-n|--name|--id)
			NAME=$2
			shift
			shift
			;;
		-p|--pass|--secret)
			PASS=$2
			shift
			shift
			;;
		-r|--redir)
			REDIR_URL=$2
			shift
			shift
			;;
		-s|--sredir)
			SREDIR_URL=$2
			shift
			shift
			;;
		-s|--scope)
			SCOPE=$2
			shift
			shift
			;;
		-t|--twofa)
			TWOFA='true'
			shift
			;;
		-h|--help)
			help
			exit
			;;
		-*|--*)
			help
			exit
			;;
	esac
done

case "2fa" in $SCOPE)
	TWOFA='true'
	;;
esac

if [ $DOCKER_CONT = '' ]; then
	echo 'No docker container available. Please open the script in an editor for more info.'
	exit 1
fi

if [ $DOCKER_NET = '' ]; then
	echo 'No docker network available. Please open the script in an editor for more info.'
	exit 1
fi

if ! [[ "$EUID" = 0 ]]; then
	errcho This script must be run as root.
	exit 1
fi

if [ $NAME = 'false' ]; then
	errcho No name specified.
	help
	exit 1
fi

if [ $PASS = 'false' ]; then
	errcho No password specified.
	help
	exit 1
fi

if [ $SCOPE = '' ]; then
	errcho No scope specified.
	help
	exit 1
fi

if [ $TWOFA = 'false' ]; then
	echo "The client won't have access to 2fa"
	sleep 0.5 # time for the user to press CtrlC
fi

# the actual command
docker run --rm -it --network $DOCKER_NET oryd/hydra:v1.11.2 \
    clients create --endpoint http://$DOCKER_CONT:4445 \
    --id $NAME  \
    --secret $PASS  \
    -g authorization_code,refresh_token \
    -r token,code,id_token \
    --scope $SCOPE \
    --callbacks $REDIR_URL \
    --post-logout-callbacks $SREDIR_URL \
    --token-endpoint-auth-method client_secret_post
	#!/bin/zsh
	# new-client.sh - CLI tool to create a new client
	# Copyright (C) 2024 blek! <me@blek.codes>
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program. If not, see <https://www.gnu.org/licenses/>.

	# How to use this program
	# 1. You must run the ORY hydra in a docker container with a docker network
	# 2. Put the network and the container name in these variables:

	DOCKER_NET=''
	DOCKER_CONT=''

	NAME='false'
	PASS='false'
	SCOPE='url openid id email given_name family_name phone title picture profile_url offline login userkey'
	REDIR_URL='false'
	SREDIR_URL='false'
	TWOFA='false'
	TWOFA_SCOPE='2fa'

	errcho() {
	>&2 echo $*
	}
	help() {
	echo 'new-client.sh - Create a new OIDC client'
	echo -e ' -n --name \t - Clients name (ID)'
	echo -e ' -p --pass \t - Password for the client'
	echo -e ' -r --redir \t - Sign in callback client parameter'
	echo -e ' -s --sredir \t - Sign out callback client parameter'
	echo -e ' -s --scope \t - OIDC Scope (optional)'
	echo -e ' -t --twofa \t - Should the client have 2fa access (optional)'
	echo -e ' -h --help \t - Display this sheet'
	echo -e 'Example:'
	echo -e ' # This command will create a client with name "test" with 2fa access:'
	echo -e ' $ new-client.sh -n test -p 123123 --twofa'
	echo
	echo -e ' This client will have the following OIDC Scope:'
	echo -e " $SCOPE $TWOFA_SCOPE"
	}

	while [[ $# -gt 0 ]]; do
	case $1 in
	-n\|--name\|--id)
	NAME=$2
	shift
	shift
	;;
	-p\|--pass\|--secret)
	PASS=$2
	shift
	shift
	;;
	-r\|--redir)
	REDIR_URL=$2
	shift
	shift
	;;
	-s\|--sredir)
	SREDIR_URL=$2
	shift
	shift
	;;
	-s\|--scope)
	SCOPE=$2
	shift
	shift
	;;
	-t\|--twofa)
	TWOFA='true'
	shift
	;;
	-h\|--help)
	help
	exit
	;;
	-\|--)
	help
	exit
	;;
	esac
	done

	case "2fa" in $SCOPE)
	TWOFA='true'
	;;
	esac

	if [ $DOCKER_CONT = '' ]; then
	echo 'No docker container available. Please open the script in an editor for more info.'
	exit 1
	fi

	if [ $DOCKER_NET = '' ]; then
	echo 'No docker network available. Please open the script in an editor for more info.'
	exit 1
	fi

	if ! [[ "$EUID" = 0 ]]; then
	errcho This script must be run as root.
	exit 1
	fi

	if [ $NAME = 'false' ]; then
	errcho No name specified.
	help
	exit 1
	fi

	if [ $PASS = 'false' ]; then
	errcho No password specified.
	help
	exit 1
	fi

	if [ $SCOPE = '' ]; then
	errcho No scope specified.
	help
	exit 1
	fi

	if [ $TWOFA = 'false' ]; then
	echo "The client won't have access to 2fa"
	sleep 0.5 # time for the user to press CtrlC
	fi

	# the actual command
	docker run --rm -it --network $DOCKER_NET oryd/hydra:v1.11.2 \
	clients create --endpoint http://$DOCKER_CONT:4445 \
	--id $NAME \
	--secret $PASS \
	-g authorization_code,refresh_token \
	-r token,code,id_token \
	--scope $SCOPE \
	--callbacks $REDIR_URL \
	--post-logout-callbacks $SREDIR_URL \
	--token-endpoint-auth-method client_secret_post