frontend/scripts/register-oauth-client.sh at main

danabra.mov / slices
forked from slices.network/slices
fork atom
Highly ambitious ATProtocol AppView service and sdks
fork atom
slices / frontend / scripts / register-oauth-client.sh
at main 123 lines 4.3 kB view raw
wrap content
chadtmiller.com waitlists! 5mo ago
f9c82b24
  1#!/bin/bash
  2
  3# OAuth Dynamic Client Registration Script for AT Protocol
  4# Registers a new OAuth client with the AIP server per RFC 7591
  5# Usage: bash scripts/register-oauth-client.sh
  6
  7set -e  # Exit on any error
  8
  9# Configuration
 10AIP_BASE="${AIP_BASE_URL:-http://localhost:8081}"
 11CLIENT_BASE_URL="${CLIENT_BASE_URL:-http://localhost:8080}"
 12CLIENT_NAME="${CLIENT_NAME:-Slice AT Proto Client}"
 13SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 14ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 15CONFIG_FILE="$ROOT_DIR/.env"
 16
 17echo "🚀 OAuth Dynamic Client Registration for Slice"
 18echo "AIP Server: $AIP_BASE"
 19echo "Client Base URL: $CLIENT_BASE_URL"
 20echo "Client Name: $CLIENT_NAME"
 21echo
 22
 23# Check if client is already registered
 24if [ -f "$CONFIG_FILE" ]; then
 25    echo "⚠️  Existing OAuth client configuration found at $CONFIG_FILE"
 26    echo -n "Do you want to register a new client? This will overwrite the existing config. (y/N): "
 27    read -r OVERWRITE
 28    if [ "$OVERWRITE" != "y" ] && [ "$OVERWRITE" != "Y" ]; then
 29        echo "❌ Registration cancelled"
 30        exit 1
 31    fi
 32fi
 33
 34echo "🔍 Using OAuth registration endpoint..."
 35REGISTRATION_ENDPOINT="$AIP_BASE/oauth/clients/register"
 36
 37echo "✅ Registration endpoint: $REGISTRATION_ENDPOINT"
 38echo
 39
 40# Create client registration request
 41echo "📝 Creating client registration request..."
 42REDIRECT_URI="$CLIENT_BASE_URL/oauth/callback"
 43
 44REGISTRATION_REQUEST=$(cat <<EOF
 45{
 46    "client_name": "$CLIENT_NAME",
 47    "redirect_uris": ["$REDIRECT_URI"],
 48    "scope": "openid email profile atproto transition:generic account:email blob:image/* repo:network.slices.slice repo:network.slices.lexicon repo:network.slices.actor.profile repo:network.slices.waitlist.request",
 49    "grant_types": ["authorization_code", "refresh_token"],
 50    "response_types": ["code"],
 51    "token_endpoint_auth_method": "client_secret_basic"
 52}
 53EOF
 54)
 55
 56echo "Registration request:"
 57echo "$REGISTRATION_REQUEST" | jq '.' 2>/dev/null || echo "$REGISTRATION_REQUEST"
 58echo
 59
 60# Register the client
 61echo "🔄 Registering client with AIP server..."
 62REGISTRATION_RESPONSE=$(curl -s -X POST "$REGISTRATION_ENDPOINT" \
 63    -H "Content-Type: application/json" \
 64    -d "$REGISTRATION_REQUEST" || {
 65        echo "❌ Failed to register client with AIP server"
 66        echo "Make sure the AIP server is running at $AIP_BASE"
 67        exit 1
 68    })
 69
 70echo "Registration response:"
 71echo "$REGISTRATION_RESPONSE" | jq '.' 2>/dev/null || echo "$REGISTRATION_RESPONSE"
 72echo
 73
 74# Extract client credentials
 75CLIENT_ID=$(echo "$REGISTRATION_RESPONSE" | grep -o '"client_id":"[^"]*' | cut -d'"' -f4)
 76CLIENT_SECRET=$(echo "$REGISTRATION_RESPONSE" | grep -o '"client_secret":"[^"]*' | cut -d'"' -f4)
 77
 78if [ -z "$CLIENT_ID" ] || [ -z "$CLIENT_SECRET" ]; then
 79    echo "❌ Failed to extract client credentials from registration response"
 80    echo "Expected client_id and client_secret in response"
 81    echo "Response was: $REGISTRATION_RESPONSE"
 82    exit 1
 83fi
 84
 85echo "✅ Client registered successfully!"
 86echo "Client ID: $CLIENT_ID"
 87echo "Client Secret: [REDACTED]"
 88echo
 89
 90# Save credentials to .env.oauth file
 91echo "💾 Saving client credentials to $CONFIG_FILE..."
 92cat > "$CONFIG_FILE" <<EOF
 93# OAuth Client Credentials for Slice AT Proto Client
 94# Generated on $(date)
 95# AIP Server: $AIP_BASE
 96
 97OAUTH_CLIENT_ID="$CLIENT_ID"
 98OAUTH_CLIENT_SECRET="$CLIENT_SECRET"
 99OAUTH_REDIRECT_URI="$REDIRECT_URI"
100OAUTH_AIP_BASE_URL="$AIP_BASE"
101EOF
102
103echo "✅ Client registration complete!"
104echo
105echo "📋 Summary:"
106echo "  - Client ID: $CLIENT_ID"
107echo "  - Client Name: $CLIENT_NAME"
108echo "  - Redirect URI: $REDIRECT_URI"
109echo "  - Scopes: openid email profile atproto transition:generic account:email blob:image/* repo:network.slices.slice repo:network.slices.lexicon repo:network.slices.actor.profile repo:network.slices.waitlist.request"
110echo "  - Config saved to: $CONFIG_FILE"
111echo
112echo "🔧 Environment variables saved to $CONFIG_FILE:"
113echo "  OAUTH_CLIENT_ID"
114echo "  OAUTH_CLIENT_SECRET"
115echo "  OAUTH_REDIRECT_URI"
116echo "  OAUTH_AIP_BASE_URL"
117echo
118echo "💡 To use these credentials in your application:"
119echo "  source $CONFIG_FILE"
120echo "  # Or load them in your .env file"
121echo
122echo "🧪 To test the OAuth flow, you can now use the registered credentials"
123echo "    with your AtProtoClient in TypeScript/Deno."