DXCDT:596 Add Metadata Flag to Apps (#938)

* Bump github.com/auth0/go-auth0 from 1.2.0 to 1.3.0 (#908) Bumps [github.com/auth0/go-auth0](https://github.com/auth0/go-auth0) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/auth0/go-auth0/releases) - [Changelog](https://github.com/auth0/go-auth0/blob/main/CHANGELOG.md) - [Commits](auth0/go-auth0@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: github.com/auth0/go-auth0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dxcdt-615-goreleaser-upgrade (#909) * Fix: Remove or replace deprecations for GoReleaser config Remove deprecated replacements Replace deprecated brews tap Replace deprecated scoop entries Fix name_template to reflect exact current naming conventions * DXCDT-582: Convert audience into a drop down in interactive mode in test token cmd (#906) Convert audience into a drop down in interactive mode in test token cmd * Bump github.com/auth0/go-auth0 from 1.2.0 to 1.3.0 (#908) Bumps [github.com/auth0/go-auth0](https://github.com/auth0/go-auth0) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/auth0/go-auth0/releases) - [Changelog](https://github.com/auth0/go-auth0/blob/main/CHANGELOG.md) - [Commits](auth0/go-auth0@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: github.com/auth0/go-auth0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * DXCDT-582: Convert audience into a drop down in interactive mode in test token cmd (#906) Convert audience into a drop down in interactive mode in test token cmd Title Os for final release name fit * Bump goreleaser version * Add metadata flag to apps create/update Update metadata flag docs for apps create/update --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com>
auth0 · Dec 7, 2023 · 4605fd3 · 4605fd3
1 parent 93f54e2
commit 4605fd3
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 47 deletions.
diff --git a/docs/auth0_apps_create.md b/docs/auth0_apps_create.md
@@ -25,27 +25,31 @@ auth0 apps create [flags]
   auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m]
   auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] --reveal-secrets
   auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar"
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz"
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz"
 ```
 
 
 ## Flags
 
 ```
-  -a, --auth-method string    Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic).
-  -c, --callbacks strings     After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://.
-  -d, --description string    Description of the application. Max character count is 140.
-  -g, --grants strings        List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code.
-      --json                  Output in json format.
-  -l, --logout-urls strings   Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.
-  -n, --name string           Name of the application.
-  -o, --origins strings       Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.
-  -r, --reveal-secrets        Display the application secrets ('signing_keys', 'client_secret') as part of the command output.
-  -t, --type string           Type of application:
-                              - native: mobile, desktop, CLI and smart device apps running natively.
-                              - spa (single page application): a JavaScript front-end app that uses an API.
-                              - regular: Traditional web app using redirects.
-                              - m2m (machine to machine): CLIs, daemons or services running on your backend.
-  -w, --web-origins strings   Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.
+  -a, --auth-method string        Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic).
+  -c, --callbacks strings         After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://.
+  -d, --description string        Description of the application. Max character count is 140.
+  -g, --grants strings            List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code.
+      --json                      Output in json format.
+  -l, --logout-urls strings       Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.
+      --metadata stringToString   Arbitrary keys-value pairs (max 255 characters each), that  can be assigned to each application. More about application metadata: https://auth0.com/docs/get-started/applications/configure-application-metadata (default [])
+  -n, --name string               Name of the application.
+  -o, --origins strings           Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.
+  -r, --reveal-secrets            Display the application secrets ('signing_keys', 'client_secret') as part of the command output.
+  -t, --type string               Type of application:
+                                  - native: mobile, desktop, CLI and smart device apps running natively.
+                                  - spa (single page application): a JavaScript front-end app that uses an API.
+                                  - regular: Traditional web app using redirects.
+                                  - m2m (machine to machine): CLIs, daemons or services running on your backend.
+  -w, --web-origins strings       Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.
 ```
 
 

diff --git a/docs/auth0_apps_update.md b/docs/auth0_apps_update.md
@@ -25,27 +25,31 @@ auth0 apps update [flags]
   auth0 apps update <app-id> --name myapp --description <description> --type [native|spa|regular|m2m]
   auth0 apps update <app-id> --name myapp --description <description> --type [native|spa|regular|m2m] --reveal-secrets
   auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar"
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz"
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz"
 ```
 
 
 ## Flags
 
 ```
-  -a, --auth-method string    Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic).
-  -c, --callbacks strings     After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://.
-  -d, --description string    Description of the application. Max character count is 140.
-  -g, --grants strings        List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code.
-      --json                  Output in json format.
-  -l, --logout-urls strings   Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.
-  -n, --name string           Name of the application.
-  -o, --origins strings       Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.
-  -r, --reveal-secrets        Display the application secrets ('signing_keys', 'client_secret') as part of the command output.
-  -t, --type string           Type of application:
-                              - native: mobile, desktop, CLI and smart device apps running natively.
-                              - spa (single page application): a JavaScript front-end app that uses an API.
-                              - regular: Traditional web app using redirects.
-                              - m2m (machine to machine): CLIs, daemons or services running on your backend.
-  -w, --web-origins strings   Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.
+  -a, --auth-method string        Defines the requested authentication method for the token endpoint. Possible values are 'None' (public application without a client secret), 'Post' (application uses HTTP POST parameters) or 'Basic' (application uses HTTP Basic).
+  -c, --callbacks strings         After the user authenticates we will only call back to any of these URLs. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native apps, all callbacks should use protocol https://.
+  -d, --description string        Description of the application. Max character count is 140.
+  -g, --grants strings            List of grant types supported for this application. Can include code, implicit, refresh-token, credentials, password, password-realm, mfa-oob, mfa-otp, mfa-recovery-code, and device-code.
+      --json                      Output in json format.
+  -l, --logout-urls strings       Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.
+      --metadata stringToString   Arbitrary keys-value pairs (max 255 characters each), that  can be assigned to each application. More about application metadata: https://auth0.com/docs/get-started/applications/configure-application-metadata (default [])
+  -n, --name string               Name of the application.
+  -o, --origins strings           Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.
+  -r, --reveal-secrets            Display the application secrets ('signing_keys', 'client_secret') as part of the command output.
+  -t, --type string               Type of application:
+                                  - native: mobile, desktop, CLI and smart device apps running natively.
+                                  - spa (single page application): a JavaScript front-end app that uses an API.
+                                  - regular: Traditional web app using redirects.
+                                  - m2m (machine to machine): CLIs, daemons or services running on your backend.
+  -w, --web-origins strings       Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.
 ```
 
 

diff --git a/internal/cli/apps.go b/internal/cli/apps.go
@@ -78,6 +78,12 @@ var (
 		IsRequired:   false,
 		AlwaysPrompt: true,
 	}
+	appMetadata = Flag{
+		Name:       "Metadata",
+		LongForm:   "metadata",
+		Help:       "Arbitrary keys-value pairs (max 255 characters each), that  can be assigned to each application. More about application metadata: https://auth0.com/docs/get-started/applications/configure-application-metadata",
+		IsRequired: false,
+	}
 	appOrigins = Flag{
 		Name:         "Allowed Origin URLs",
 		LongForm:     "origins",
@@ -373,6 +379,7 @@ func createAppCmd(cli *cli) *cobra.Command {
 		AuthMethod        string
 		Grants            []string
 		RevealSecrets     bool
+		Metadata          map[string]string
 	}
 	var oidcConformant = true
 	var algorithm = "RS256"
@@ -389,7 +396,10 @@ func createAppCmd(cli *cli) *cobra.Command {
   auth0 apps create --name myapp --description <description>
   auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m]
   auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] --reveal-secrets
-  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json`,
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar"
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz"
+  auth0 apps create -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz"`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			// Prompt for app name
 			if err := appName.Ask(cmd, &inputs.Name, nil); err != nil {
@@ -454,6 +464,11 @@ func createAppCmd(cli *cli) *cobra.Command {
 				}
 			}
 
+			clientMetadata := make(map[string]interface{}, len(inputs.Metadata))
+			for k, v := range inputs.Metadata {
+				clientMetadata[k] = v
+			}
+
 			// Load values into a fresh app instance
 			a := &management.Client{
 				Name:              &inputs.Name,
@@ -465,6 +480,7 @@ func createAppCmd(cli *cli) *cobra.Command {
 				AllowedLogoutURLs: stringSliceToPtr(inputs.AllowedLogoutURLs),
 				OIDCConformant:    &oidcConformant,
 				JWTConfiguration:  &management.ClientJWTConfiguration{Algorithm: &algorithm},
+				ClientMetadata:    &clientMetadata,
 			}
 
 			// Set token endpoint auth method
@@ -505,6 +521,7 @@ func createAppCmd(cli *cli) *cobra.Command {
 	appDescription.RegisterString(cmd, &inputs.Description, "")
 	appCallbacks.RegisterStringSlice(cmd, &inputs.Callbacks, nil)
 	appOrigins.RegisterStringSlice(cmd, &inputs.AllowedOrigins, nil)
+	appMetadata.RegisterStringMap(cmd, &inputs.Metadata, nil)
 	appWebOrigins.RegisterStringSlice(cmd, &inputs.AllowedWebOrigins, nil)
 	appLogoutURLs.RegisterStringSlice(cmd, &inputs.AllowedLogoutURLs, nil)
 	appAuthMethod.RegisterString(cmd, &inputs.AuthMethod, "")
@@ -527,6 +544,7 @@ func updateAppCmd(cli *cli) *cobra.Command {
 		AuthMethod        string
 		Grants            []string
 		RevealSecrets     bool
+		Metadata          map[string]string
 	}
 
 	cmd := &cobra.Command{
@@ -542,7 +560,10 @@ func updateAppCmd(cli *cli) *cobra.Command {
   auth0 apps update <app-id> --name myapp --description <description>
   auth0 apps update <app-id> --name myapp --description <description> --type [native|spa|regular|m2m]
   auth0 apps update <app-id> --name myapp --description <description> --type [native|spa|regular|m2m] --reveal-secrets
-  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json`,
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar"
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar" --metadata "bazz=buzz"
+  auth0 apps update <app-id> -n myapp -d <description> -t [native|spa|regular|m2m] -r --json --metadata "foo=bar,bazz=buzz"`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			var current *management.Client
 
@@ -695,6 +716,16 @@ func updateAppCmd(cli *cli) *cobra.Command {
 				a.GrantTypes = apiGrantsFor(inputs.Grants)
 			}
 
+			if len(inputs.Metadata) == 0 {
+				a.ClientMetadata = current.ClientMetadata
+			} else {
+				clientMetadata := make(map[string]interface{}, len(inputs.Metadata))
+				for k, v := range inputs.Metadata {
+					clientMetadata[k] = v
+				}
+				a.ClientMetadata = &clientMetadata
+			}
+
 			// Update app
 			if err := ansi.Waiting(func() error {
 				return cli.api.Client.Update(cmd.Context(), inputs.ID, a)
@@ -714,6 +745,7 @@ func updateAppCmd(cli *cli) *cobra.Command {
 	appType.RegisterStringU(cmd, &inputs.Type, "")
 	appDescription.RegisterStringU(cmd, &inputs.Description, "")
 	appCallbacks.RegisterStringSliceU(cmd, &inputs.Callbacks, nil)
+	appMetadata.RegisterStringMap(cmd, &inputs.Metadata, map[string]string{})
 	appOrigins.RegisterStringSliceU(cmd, &inputs.AllowedOrigins, nil)
 	appWebOrigins.RegisterStringSliceU(cmd, &inputs.AllowedWebOrigins, nil)
 	appLogoutURLs.RegisterStringSliceU(cmd, &inputs.AllowedLogoutURLs, nil)

diff --git a/internal/display/apps.go b/internal/display/apps.go
@@ -34,6 +34,7 @@ type applicationView struct {
 	AllowedLogoutURLs []string
 	AuthMethod        string
 	Grants            []string
+	Metadata          []string
 	revealSecret      bool
 
 	raw interface{}
@@ -68,6 +69,7 @@ func (v *applicationView) KeyValues() [][]string {
 	allowedWebOrigins := strings.Join(v.AllowedWebOrigins, ", ")
 	allowedLogoutURLs := strings.Join(v.AllowedLogoutURLs, ", ")
 	grants := strings.Join(v.Grants, ", ")
+	metadata := strings.Join(v.Metadata, ", ")
 
 	if v.revealSecret {
 		return [][]string{
@@ -82,6 +84,7 @@ func (v *applicationView) KeyValues() [][]string {
 			{"ALLOWED WEB ORIGINS", allowedWebOrigins},
 			{"TOKEN ENDPOINT AUTH", v.AuthMethod},
 			{"GRANTS", grants},
+			{"METADATA", metadata},
 		}
 	}
 
@@ -96,6 +99,7 @@ func (v *applicationView) KeyValues() [][]string {
 		{"ALLOWED WEB ORIGINS", allowedWebOrigins},
 		{"TOKEN ENDPOINT AUTH", v.AuthMethod},
 		{"GRANTS", grants},
+		{"METADATA", metadata},
 	}
 }
 
@@ -176,6 +180,7 @@ func makeApplicationView(client *management.Client, revealSecrets bool) *applica
 		AllowedLogoutURLs: client.GetAllowedLogoutURLs(),
 		AuthMethod:        client.GetTokenEndpointAuthMethod(),
 		Grants:            client.GetGrantTypes(),
+		Metadata:          mapPointerToArray(client.ClientMetadata),
 		raw:               client,
 	}
 }
@@ -197,6 +202,16 @@ func FriendlyAppType(appType string) string {
 	}
 }
 
+func mapPointerToArray(m *map[string]interface{}) []string {
+	var result []string
+	if m != nil {
+		for k, v := range *m {
+			result = append(result, fmt.Sprintf("%s=%v", k, v))
+		}
+	}
+	return result
+}
+
 func quickstartsURIFor(appType string) string {
 	switch {
 	case appType == "native":