b1ek · January 10, 2024 01:42
diff --git a/new-client.sh b/new-client.sh
 #!/bin/zsh
 # new-client.sh - CLI tool to create a new client
 # Copyright (C) 2024 blek! <[email protected]>
 # 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 # 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 # 
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.

 # How to use this program
 # 1. You must run the ORY hydra in a docker container with a docker network
 # 2. Put the network and the container name in these variables:

 DOCKER_NET=''
 DOCKER_CONT=''

 NAME='false'
 PASS='false'
 SCOPE='url openid id email given_name family_name phone title picture profile_url offline login userkey'
 REDIR_URL='false'
 SREDIR_URL='false'
 TWOFA='false'
 TWOFA_SCOPE='2fa'

 errcho() {
 	>&2 echo $*
 }
 help() {
 	echo 'new-client.sh - Create a new OIDC client'
 	echo -e '   -n --name \t - Clients name (ID)'
 	echo -e '   -p --pass \t - Password for the client'
 	echo -e '   -r --redir \t - Sign in callback client parameter'
 	echo -e '   -s --sredir \t - Sign out callback client parameter'
 	echo -e '   -s --scope \t - OIDC Scope (optional)'
 	echo -e '   -t --twofa \t - Should the client have 2fa access (optional)'
 	echo -e '   -h --help \t - Display this sheet'
 	echo -e 'Example:'
 	echo -e '    # This command will create a client with name "test" with 2fa access:'
 	echo -e '    $ new-client.sh -n test -p 123123 --twofa'
 	echo
 	echo -e '    This client will have the following OIDC Scope:'
 	echo -e "    $SCOPE $TWOFA_SCOPE"
 }

 while [[ $# -gt 0 ]]; do
 	case $1 in
 		-n|--name|--id)
 			NAME=$2
 			shift
 			shift
 			;;
 		-p|--pass|--secret)
 			PASS=$2
 			shift
 			shift
 			;;
 		-r|--redir)
 			REDIR_URL=$2
 			shift
 			shift
 			;;
 		-s|--sredir)
 			SREDIR_URL=$2
 			shift
 			shift
 			;;
 		-s|--scope)
 			SCOPE=$2
 			shift
 			shift
 			;;
 		-t|--twofa)
 			TWOFA='true'
 			shift
 			;;
 		-h|--help)
 			help
 			exit
 			;;
 		-*|--*)
 			help
 			exit
 			;;
 	esac
 done

 case "2fa" in $SCOPE)
 	TWOFA='true'
 	;;
 esac

 if [ $DOCKER_CONT = '' ]; then
 	echo 'No docker container available. Please open the script in an editor for more info.'
 	exit 1
 fi

 if [ $DOCKER_NET = '' ]; then
 	echo 'No docker network available. Please open the script in an editor for more info.'
 	exit 1
 fi

 if ! [[ "$EUID" = 0 ]]; then
 	errcho This script must be run as root.
 	exit 1
 fi

 if [ $NAME = 'false' ]; then
 	errcho No name specified.
 	help
 	exit 1
 fi

 if [ $PASS = 'false' ]; then
 	errcho No password specified.
 	help
 	exit 1
 fi

 if [ $SCOPE = '' ]; then
 	errcho No scope specified.
 	help
 	exit 1
 fi

 if [ $TWOFA = 'false' ]; then
 	echo "The client won't have access to 2fa"
 	sleep 0.5 # time for the user to press CtrlC
 fi

 # the actual command
 docker run --rm -it --network $DOCKER_NET oryd/hydra:v1.11.2 \
    clients create --endpoint http://$DOCKER_CONT:4445 \
    --id $NAME  \
    --secret $PASS  \
    -g authorization_code,refresh_token \
    -r token,code,id_token \
    --scope $SCOPE \
    --callbacks $REDIR_URL \
    --post-logout-callbacks $SREDIR_URL \
    --token-endpoint-auth-method client_secret_post
	#!/bin/zsh
	# new-client.sh - CLI tool to create a new client
	# Copyright (C) 2024 blek! <[email protected]>
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program. If not, see <https://www.gnu.org/licenses/>.

	# How to use this program
	# 1. You must run the ORY hydra in a docker container with a docker network
	# 2. Put the network and the container name in these variables:

	DOCKER_NET=''
	DOCKER_CONT=''

	NAME='false'
	PASS='false'
	SCOPE='url openid id email given_name family_name phone title picture profile_url offline login userkey'
	REDIR_URL='false'
	SREDIR_URL='false'
	TWOFA='false'
	TWOFA_SCOPE='2fa'

	errcho() {
	>&2 echo $*
	}
	help() {
	echo 'new-client.sh - Create a new OIDC client'
	echo -e ' -n --name \t - Clients name (ID)'
	echo -e ' -p --pass \t - Password for the client'
	echo -e ' -r --redir \t - Sign in callback client parameter'
	echo -e ' -s --sredir \t - Sign out callback client parameter'
	echo -e ' -s --scope \t - OIDC Scope (optional)'
	echo -e ' -t --twofa \t - Should the client have 2fa access (optional)'
	echo -e ' -h --help \t - Display this sheet'
	echo -e 'Example:'
	echo -e ' # This command will create a client with name "test" with 2fa access:'
	echo -e ' $ new-client.sh -n test -p 123123 --twofa'
	echo
	echo -e ' This client will have the following OIDC Scope:'
	echo -e " $SCOPE $TWOFA_SCOPE"
	}

	while [[ $# -gt 0 ]]; do
	case $1 in
	-n\|--name\|--id)
	NAME=$2
	shift
	shift
	;;
	-p\|--pass\|--secret)
	PASS=$2
	shift
	shift
	;;
	-r\|--redir)
	REDIR_URL=$2
	shift
	shift
	;;
	-s\|--sredir)
	SREDIR_URL=$2
	shift
	shift
	;;
	-s\|--scope)
	SCOPE=$2
	shift
	shift
	;;
	-t\|--twofa)
	TWOFA='true'
	shift
	;;
	-h\|--help)
	help
	exit
	;;
	-\|--)
	help
	exit
	;;
	esac
	done

	case "2fa" in $SCOPE)
	TWOFA='true'
	;;
	esac

	if [ $DOCKER_CONT = '' ]; then
	echo 'No docker container available. Please open the script in an editor for more info.'
	exit 1
	fi

	if [ $DOCKER_NET = '' ]; then
	echo 'No docker network available. Please open the script in an editor for more info.'
	exit 1
	fi

	if ! [[ "$EUID" = 0 ]]; then
	errcho This script must be run as root.
	exit 1
	fi

	if [ $NAME = 'false' ]; then
	errcho No name specified.
	help
	exit 1
	fi

	if [ $PASS = 'false' ]; then
	errcho No password specified.
	help
	exit 1
	fi

	if [ $SCOPE = '' ]; then
	errcho No scope specified.
	help
	exit 1
	fi

	if [ $TWOFA = 'false' ]; then
	echo "The client won't have access to 2fa"
	sleep 0.5 # time for the user to press CtrlC
	fi

	# the actual command
	docker run --rm -it --network $DOCKER_NET oryd/hydra:v1.11.2 \
	clients create --endpoint http://$DOCKER_CONT:4445 \
	--id $NAME \
	--secret $PASS \
	-g authorization_code,refresh_token \
	-r token,code,id_token \
	--scope $SCOPE \
	--callbacks $REDIR_URL \
	--post-logout-callbacks $SREDIR_URL \
	--token-endpoint-auth-method client_secret_post