From 2a01e3efc69019e31dfafe12beba41c8bad8206e Mon Sep 17 00:00:00 2001 From: d036670 Date: Fri, 13 Oct 2023 12:04:14 +0200 Subject: [PATCH 1/2] Support add, update and delete for client jwt configuration If a client has client jwt active, you can do private_key_jwt --- lib/uaa/cli/client_reg.rb | 25 +++++++++++++++++++++++++ lib/uaa/stub/uaa.rb | 7 +++++++ spec/client_reg_spec.rb | 8 ++++++++ 3 files changed, 40 insertions(+) diff --git a/lib/uaa/cli/client_reg.rb b/lib/uaa/cli/client_reg.rb index f79d965..f07a52b 100644 --- a/lib/uaa/cli/client_reg.rb +++ b/lib/uaa/cli/client_reg.rb @@ -121,6 +121,31 @@ def client_info(defaults) } end + define_option :jwks_uri, '--jwks_uri ', 'JWKS token key endpoint' + define_option :jwks, '--jwks ', 'JWKS token key' + desc 'client jwt add [id]', 'Add client jwt trust', :jwks_uri, :jwks do |id| + pp scim_request { |cr| + ###change_clientjwt(client_id, jwks_uri = nil, jwks = nil, kid = nil, changeMode = nil) + cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'ADD') + 'client jwt successfully added' + } + end + + desc 'client jwt update [id]', 'Update client jwt trust', :jwks_uri, :jwks do |id| + pp scim_request { |cr| + cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'UPDATE') + 'client jwt successfully set' + } + end + + define_option :kid, '--kid ', 'JWKS token key' + desc 'client jwt delete [id]', 'Delete client jwt trust', :kid do |id| + pp scim_request { |cr| + cr.change_clientjwt(clientid(id), '*', nil, opts[:kid], 'DELETE') + 'client jwt successfully deleted' + } + end + private def update_client(cr, info) diff --git a/lib/uaa/stub/uaa.rb b/lib/uaa/stub/uaa.rb index 08667de..4fd56f4 100644 --- a/lib/uaa/stub/uaa.rb +++ b/lib/uaa/stub/uaa.rb @@ -414,6 +414,13 @@ def scim_to_client(info) reply.json(status: 'ok', message: 'secret updated') end + route :put, %r{^/oauth/clients/([^/]+)/clientjwt$}, 'content-type' => %r{application/json} do + info = Util.json_parse(request.body, :down) + return not_found(match[1]) unless id = server.scim.id(match[1], :client) + return bad_request('no client_id given') unless info['client_id'] + reply.json(status: 'ok', message: 'client jwt updated') + end + #---------------------------------------------------------------------------- # users and groups endpoints # diff --git a/spec/client_reg_spec.rb b/spec/client_reg_spec.rb index 815cfe1..591eb22 100644 --- a/spec/client_reg_spec.rb +++ b/spec/client_reg_spec.rb @@ -78,6 +78,14 @@ module CF::UAA Cli.output.string.should include 'access_denied' end + it "changes it's client jwt" do + Cli.run("token client get #{@test_client} -s #{@test_secret}").should be + Cli.run('token decode').should be + Cli.run("client jwt add #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be + Cli.run("client jwt update #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be + Cli.run("client jwt delete #{@test_client} ").should be + end + context 'as updated client' do before :all do From 9afe14e0eaa7aa5c73f6813d9b071a40d94beba5 Mon Sep 17 00:00:00 2001 From: d036670 Date: Tue, 17 Oct 2023 11:02:47 +0200 Subject: [PATCH 2/2] dependency increase to consume new API --- cf-uaac.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf-uaac.gemspec b/cf-uaac.gemspec index b28f911..540f697 100644 --- a/cf-uaac.gemspec +++ b/cf-uaac.gemspec @@ -31,7 +31,7 @@ Gem::Specification.new do |s| s.require_paths = ['lib'] # dependencies - s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.3' + s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.4' s.add_development_dependency 'rake', '~> 13.0' s.add_development_dependency 'rspec', '~> 3.12' s.add_development_dependency 'simplecov', '~> 0.22.0'