Usage
$ npm install -g @labshare/auth-cli
$ auth-cli COMMAND
running command...
$ auth-cli (-v|--version|version)
@labshare/auth-cli/1.6.0 linux-x64 node-v14.16.1
$ auth-cli --help [COMMAND]
USAGE
$ auth-cli COMMAND
...
Commands
auth-cli apis:listauth-cli auth-cli authenticate:credential-login --config "config-name"auth-cli authenticate:inspect-accessauth-cli auth-cli authenticate:login --config "config-name"auth-cli authenticate:revoke-accessauth-cli authenticate:view-access-tokenauth-cli base:authCliBaseauth-cli base:authenticatedBaseauth-cli base:listBaseauth-cli clients:certificate-check-periodicauth-cli clients:config-check-web-nativeauth-cli clients:create-saml-clientauth-cli clients:create-web-clientauth-cli clients:duplicate [ID]auth-cli clients:export [ID]auth-cli clients:import [INPUTFILE]auth-cli clients:listauth-cli clients:oidc-settingsauth-cli clients:print-certsauth-cli clients:update-web-clientauth-cli clients:whiteListauth-cli clients:whiteList-addauth-cli clients:whiteList-checkauth-cli clients:whiteList-removeauth-cli auth-cli config --name "config-name"auth-cli email:sendauthmailauth-cli email:sendmailauth-cli help [COMMAND]auth-cli jobs:cronauth-cli list [ENTITY]auth-cli metadata:getauth-cli passbolt:healthcheckauth-cli providers:delete [ID]auth-cli providers:duplicate [ID]auth-cli providers:export [ID]auth-cli providers:import [INPUTFILE]auth-cli providers:listauth-cli providers:patch [ID]auth-cli providers:setField [ID] [FIELD] [VALUE]auth-cli report:usageauth-cli restishauth-cli tenants:delete [ID]auth-cli tenants:exportauth-cli tenants:import [INPUTFILE]auth-cli tenants:listauth-cli tenants:print-certsauth-cli users:createauth-cli users:delete [ID]auth-cli users:listauth-cli users:patch [ID]auth-cli users:setField [ID]
auth-cli apis:list
Display auth apis
USAGE
$ auth-cli apis:list
OPTIONS
-a, --all display all columns
-x, --extended show extra columns
--advancedFilter=advancedFilter server side filter using loopback syntax
--columns=columns [default: {"id":{},"name":{"header":"Identifyer"},"config":{},"clients":{}}] columns
--config=config Name of the file to configure
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
EXAMPLES
$ auth-cli apis:list
$ auth-cli apis:list --all
$ auth-cli apis:list -help
See code: src/commands/apis/list.ts
auth-cli auth-cli authenticate:credential-login --config "config-name"
Login to authenticate
USAGE
$ auth-cli auth-cli authenticate:credential-login --config "config-name"
OPTIONS
-t, --tenant=tenant
--config=config Name of the file to configure
EXAMPLES
$ auth-cli authenticate:credential-login --config "local"
$ auth-cli authenticate:credential-login --config "a-ci"
See code: src/commands/authenticate/credential-login.ts
auth-cli authenticate:inspect-access
Inspect authentication token
USAGE
$ auth-cli authenticate:inspect-access
See code: src/commands/authenticate/inspect-access.ts
auth-cli auth-cli authenticate:login --config "config-name"
Login to authenticate
USAGE
$ auth-cli auth-cli authenticate:login --config "config-name"
OPTIONS
-t, --tenant=tenant
--config=config Name of the file to configure
ALIASES
$ auth-cli login
$ auth-cli signin
EXAMPLES
$ auth-cli authenticate:login --config "local"
$ auth-cli authenticate:login --config "a-ci"
See code: src/commands/authenticate/login.ts
auth-cli authenticate:revoke-access
Revoke authentication token
USAGE
$ auth-cli authenticate:revoke-access
See code: src/commands/authenticate/revoke-access.ts
auth-cli base:auth-cli-base
USAGE
$ auth-cli base:auth-cli-base
See code: src/commands/base/auth-cli-base.ts
auth-cli base:authenticated-base
USAGE
$ auth-cli base:authenticated-base
OPTIONS
--config=config Name of the file to configure
See code: src/commands/base/authenticated-base.ts
auth-cli base:list-base
USAGE
$ auth-cli base:list-base
OPTIONS
-a, --all display all columns
-x, --extended show extra columns
--advancedFilter=advancedFilter server side filter using loopback syntax
--columns=columns only show provided columns (comma-separated)
--config=config Name of the file to configure
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
See code: src/commands/base/list-base.ts
auth-cli clients:certificate-check-periodic
USAGE
$ auth-cli clients:certificate-check-periodic
OPTIONS
--admin-group=admin-group (required) The group name of the admins
--cron=cron Optional, time frequency to check certificates, example "30s", "1m", etc. See
https://www.npmjs.com/package/ms#examples
--days=days The number of days before the certificate expires, example "30"
--email=email Indicates whether query results should be emailed "true"
--types=types (required) The types of certificate to check, example "client", "provider", "tenant", etc.
EXAMPLES
$ auth-cli clients:certificate-check-periodic --admin-group "certificate-management-group" --types "client" --types
"provider" --types "tenant"
$ auth-cli clients:certificate-check-periodic --admin-group "certificate-management-group" --types "client" --types
"provider" --types "tenant" --days "3000"
$ auth-cli clients:certificate-check-periodic --admin-group "certificate-management-group" --types "client" --types
"provider" --types "tenant" --email "true"
$ auth-cli clients:certificate-check-periodic --help
See code: src/commands/clients/certificate-check-periodic.ts
auth-cli clients:config-check-web-native
Verify the configuration of a web or native client.
USAGE
$ auth-cli clients:config-check-web-native
OPTIONS
--client-id=client-id (required) the client id, example 'auth-ui'
--port=port the port number for the callback server
EXAMPLES
$ auth-cli clients:config-check-web-native --client-id "sampleappmateo" --port "3001"
$ auth-cli clients:config-check-web-native --help
See code: src/commands/clients/config-check-web-native.ts
auth-cli clients:create-saml-client
This command will create a new saml client.
USAGE
$ auth-cli clients:create-saml-client
OPTIONS
--ad-groups=ad-groups AD groups
--audience-url=audience-url The audience url
--callback-urls=callback-urls The callback urls
--cert=cert The certificate, example "------BEGIN
CERTIFICATE----......----END CERTIFICATE----"
--client-id=client-id The client id, which could be the same as the
name, example "someClientId"
--client-uri=client-uri The client URI, example
"https://localhost:5000"
--config=config Name of the file to configure
--description=description The description of the client
--destination-url=destination-url The destination url
--identity-provider=identity-provider Identity provider, example "one@email.com"
--import-cli-json=import-cli-json Import a single JSON line from the CLI directly
--import-file=import-file Import a file with a configuration
--key=key The RSA private key, example "------BEGIN RSA
PRIVATE KEY-----......-----END RSA PRIVATE
KEY------"
--lifetime-in-seconds=lifetime-in-seconds Lifetime, in seconds, example 7200
--logout-callback-url=logout-callback-url The logout callback url, example
"https://localhost:5000/callback"
--map-claims=map-claims The map claims
--metadata=metadata Metadata
--name=name The client name, example "someName"
--name-identifier-format=name-identifier-format The name identifier format, example
"urn:oasis:names:tc:SAML:2.0:nameid-format:pers
istent"
--recipient-url=recipient-url The recipent url
--restricted-access-email-blacklist=restricted-access-email-blacklist Restricted access email blacklist
--restricted-access-email-whitelist=restricted-access-email-whitelist Restricted access email whitelist
--signing-cert=signing-cert The signing certificate
--tenant-id=tenant-id Tenant id
--type=type Type: saml
EXAMPLES
$ auth-cli clients:create-saml-client
$ auth-cli clients:create-saml-client --import-file "./src/templates/sample-import-saml-client.json"
--identity-provider "nih"
$ auth-cli clients:create-saml-client --identity-provider "nih" --identity-provider "google" --identity-provider
"azure-oidc" --identity-provider "google_mateo_local" --tenant-id 1 --name "mateo" --client-id "mateo-id" --type
"saml" --description "mateoDescription" --client-uri "https://mateo-client-uri" --signing-cert "12345" --map-claims
"module.export = function({secret:{claim}}, callback){}" --ad-groups "one" --ad-groups "two" --ad-groups "three"
--ad-groups "four" --logout-callback-url "https://logout-callback-url" --audience-url "https://audience-url"
--recipient-url "https://recipient-url" --destination-url "https://destination-url" --callback-urls
"https://callback-url-1" --callback-urls "https://callback-url-2" --callback-urls "https://callback-url-3"
--lifetime-in-seconds 5000 --name-identifier-format "nameIdentifierFormat" --cert "1234567" --key "098765" --metadata
"{"key1":"value1","key2":"value2","key3":"value3"}"
$ auth-cli clients:create-saml-client --import-cli-json "{"name": "SAML-name","clientId": "SAML-client-id","type":
"saml","description": "test app","clientUri": "test.com","config": {"signingCert":
"The-signing-certificate","scripts": {"mapClaims": ""},"adGroups": [],"restrictAccess": {"byEmail": {"blacklist":
[],"whitelist": []},"byIdentityProvider": [{"name": "google","byEmail": {"whitelist":
["one@gmail.com","two@gmail.com"]}}]},"logout": {"callback":
"https://samltest.id/idp/profile/SAML2/Redirect/SLO"},"audience": "https://samltest.id/saml/sp","recipient":
"https://samltest.id/Shibboleth.sso/SAML2/POST","destination":
"https://samltest.id/Shibboleth.sso/SAML2/POST","callbackUrls": [],"lifetimeInSeconds": 7200,"nameIdentifierFormat":
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent","cert": "-----BEGIN CERTIFICATE-----12345-----END
CERTIFICATE-----","key": "-----BEGIN RSA PRIVATE KEY-----67890-----END RSA PRIVATE KEY-----"},"metadata": {}}"
--identity-provider "nih"
See code: src/commands/clients/create-saml-client.ts
auth-cli clients:create-web-client
This command will create a new web client.
USAGE
$ auth-cli clients:create-web-client
OPTIONS
--ad-groups=ad-groups AD groups, example "admins"
--callback-urls=callback-urls The callback URLs, example
"https://localhost:5000/callback"
--client-id=client-id The client id, example "someClientId"
--client-uri=client-uri The client URI, example
"https://localhost:5000"
--config=config Name of the file to configure
--description=description The description of the client, example "This is
some description"
--federated-logout=federated-logout Federated logout, example "true" or "false"
--grant-types=grant-types The grant types, examples "authorization_code",
"implicit", etc.
--identity-provider=identity-provider Identity provider, examples "nih", "google",
etc.
--import-cli-json=import-cli-json Import a JSON config CLI directly, example
"{"clientId":"someClientId","name":"someName",.
..}"
--import-file=import-file Import a config file, example
"./src/templates/sample-import-web-client.json"
--legacy-application-compatibility=legacy-application-compatibility Legacy application compatibility, example
"true" or "false"
--login-event-settings=login-event-settings Login event settings
--metadata=metadata Metadata, example "{"someKey":"someValue"}"
--name=name The client name, example "someName"
--post-logout-redirect-uris=post-logout-redirect-uris The post-logout redirect URIs, example
"https://localhost:5000/postlogout"
--response-types=response-types The response types, examples "code",
"id_token", etc.
--restricted-access-email-blacklist=restricted-access-email-blacklist Restricted access email blacklist, example
"one@email.com"
--restricted-access-email-whitelist=restricted-access-email-whitelist Restricted access email whitelist, example
"three@email.com"
--show-logout-prompt=show-logout-prompt Show logout prompt: example "true" or "false"
--tenant-id=tenant-id Tenant id, example "1"
--token-endpoint-auth-method=token-endpoint-auth-method The endpoint auth method, examples
"client_secret_post", "client_secret_basic",
etc.
--type=type Type, example "web"
EXAMPLES
$ auth-cli clients:create-web-client
$ auth-cli clients:create-web-client --import-file "./src/templates/sample-import-web-client.json" --identity-provider
"nih" --identity-provider "google"
$ auth-cli clients:create-web-client --import-file "./src/templates/sample-import-web-client.json" --name
"overridenName" --client-id "overridenClientId" --identity-provider "nih" --identity-provider "google"
$ auth-cli clients:create-web-client --client-id "someId1234" --name "someName5678" --grant-types "authorization_code"
--grant-types "client_credentials" --response-types "code" --callback-urls "https://localhost:5000/callback"
--post-logout-redirect-uris "https://localhost:5000/postlogout" --identity-provider "google"
$ auth-cli clients:create-web-client --client-id "new-client-id-123" --name "new-client-name-123" --description
"Created with many parameters." --client-uri "https://another.domain123.com" --grant-types "authorization_code"
--grant-types "implicit" --grant-types "refresh_token" --grant-types "client_credentials" --response-types "code"
--response-types "id_token" --response-types "id_token token" --response-types "code id_token" --response-types "code
token" --callback-urls "https://local.mylocal123.org:3001/oauth/callback" --callback-urls
"https://another.domain123.com" --post-logout-redirect-uris "https://local.mylocal123.org:3001/post-logout"
--post-logout-redirect-uris "https://another.domain123.com" --token-endpoint-auth-method "client_secret_post"
--federated-logout "true" --show-logout-prompt "true" --legacy-application-compatibility "true" --ad-groups "admins"
--ad-groups "managers" --identity-provider "nih" --identity-provider "azure-oidc" --identity-provider "google"
--identity-provider "google_mateo_local" --metadata "{"key1":"value1","key2":"value2","key3":"value3"}" --tenant-id
"1" --type "web"
$ auth-cli clients:create-web-client --import-cli-json
"{"clientId":"imported-cli-json-client-id","name":"imported-cli-json-client-name","description":"This client was
imported from a single CLI JSON
parameter.","clientUri":"https://imported.cli.json.localhost:8080","config":{"grantTypes":["implicit","refresh_token"]
,"responseTypes":["code
id_token"],"callbackUrls":["https://imported.cli.json.localhost:8080/callback"],"postLogoutRedirectUris":["https://imp
orted.cli.json.localhost:8080/post-logout"],"tokenEndpointAuthMethod":"client_secret_jwt","logout":{"frontchannelLogou
t":{"enabled":false},"showLogoutPrompt":true},"featureToggles":{"enableLegacyApplicationCompatibility":false},"adGroup
s":["admins","group_of_imported_cli_json_clients"],"restrictAccess":{"byEmail":{"blacklist":["clijson1@email.com","cli
json2@email.com"],"whitelist":["clijson3@email.com","clijson4@email.com"]}}},"loginEventSettings":null,"metadata":{"sr
c":"cli json input"},"tenantId":1,"type":"web"}" --identity-provider "google"
See code: src/commands/clients/create-web-client.ts
auth-cli clients:duplicate [ID]
Duplicate client by clientId
USAGE
$ auth-cli clients:duplicate [ID]
OPTIONS
--config=config Name of the file to configure
--new-client-id=new-client-id (required) The clientId of the new (copied) client, example "newClientId"
--new-name=new-name (required) The name of the new (copied) client, example "newName"
EXAMPLES
$ auth-cli clients:duplicate "oldClientId" --new-name "newName" --new-client-id "newClientId"
$ auth-cli clients:duplicate "wellKnownClientId12345" --new-name "someNewName" --new-client-id "someNewClientId"
$ auth-cli clients:duplicate "imported-client-id" --new-name "copyOfImportedName" --new-client-id
"copyOfImportedClientId"
See code: src/commands/clients/duplicate.ts
auth-cli clients:export [ID]
export a client to a json file that can then be modified and used to create/import a new tenant
USAGE
$ auth-cli clients:export [ID]
OPTIONS
-o, --out=out [default: ~/tenants-export.json]
--config=config Name of the file to configure
EXAMPLES
$ auth-cli clients:export 21 -o 'c:/temp/client-export.json
$ auth-cli clients:export -help
See code: src/commands/clients/export.ts
auth-cli clients:import [INPUTFILE]
create a new client from a json file
USAGE
$ auth-cli clients:import [INPUTFILE]
ARGUMENTS
INPUTFILE json file containing the data to import
OPTIONS
--clientId=clientId (required) The name for the imported client ex 'ui-next'
--clientName=clientName (required) The name for the imported client ex 'UI Next'
--config=config Name of the file to configure
EXAMPLES
$ auth-cli clients:import c:/temp/client-export.json --clientName 'awesome app' --clientId 'awesome-app'
$ auth-cli clients:import --help
See code: src/commands/clients/import.ts
auth-cli clients:list
Display auth clients
USAGE
$ auth-cli clients:list
OPTIONS
-a, --all display all columns
-x, --extended show extra columns
--advancedFilter=advancedFilter server side filter using loopback syntax
--columns=columns [default: {"id":{},"name":{},"clientId":{},"type":{}}] columns
--config=config Name of the file to configure
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
EXAMPLES
$ auth-cli clients:list
$ auth-cli clients:list --filter name='client name'
$ auth-cli clients:list --filter type='web' --advancedFilter '{ "where": {"name": { "like": "auth%"} } }'
$ auth-cli clients:list --all
$ auth-cli clients:list -help
See code: src/commands/clients/list.ts
auth-cli clients:oidc-settings
display a table of clients
USAGE
$ auth-cli clients:oidc-settings
OPTIONS
--client=client (required) the client name name ex 'auth-ui'
--config=config Name of the file to configure
EXAMPLES
$ auth-cli clients:oidc-settings --client "auth-ui"
$ auth-cli clients:oidc -help
See code: src/commands/clients/oidc-settings.ts
auth-cli clients:print-certs
USAGE
$ auth-cli clients:print-certs
OPTIONS
--config=config Name of the file to configure
EXAMPLES
$ auth-cli clients:print-certs
$ auth-cli clients:print-certs --help
See code: src/commands/clients/print-certs.ts
auth-cli clients:update-web-client
This command will update a web client.
USAGE
$ auth-cli clients:update-web-client
OPTIONS
--add-ad-group=add-ad-group Adds the group to the list of groups,
example "admins"
--add-callback-url=add-callback-url Adds the callback url to the list of
callback urls, example
"https://localhost:5000/callback"
--add-grant-type=add-grant-type Adds a grant type to the list of grant
types, example "authorization_code",
"implicit", etc.
--add-post-logout-redirect-uri=add-post-logout-redirect-uri Adds the post-logout redirect to the list
of post-logout redirect uris,
"https://localhost:5000/postlogout"
--add-provider-to-client=add-provider-to-client Adds the provider to the client, examples
"nih", "google", etc.
--add-response-type=add-response-type Adds the response type to the list of
response types, examples "code",
"id_token", etc.
--config=config Name of the file to configure
--name=name The client name, example "someName"
--remove-ad-group=remove-ad-group Removes the group from the list of
groups, example "admins"
--remove-callback-url=remove-callback-url Removes the callback url from the list of
callback urls, example
"https://localhost:5000/callback"
--remove-grant-type=remove-grant-type Removes the grant type from the list of
grant types, example
"authorization_code", etc.
--remove-post-logout-redirect-uri=remove-post-logout-redirect-uri Removes the post logout redirect, example
"https://localhost:5000/postlogout"
--remove-provider-from-client=remove-provider-from-client Removes the provider from the client,
examples "nih", "google", etc.
--remove-response-type=remove-response-type Removes the response type from the list o
response types, examples "code", etc.
--set-client-uri=set-client-uri Sets the client uri, example
"https://localhost:5000"
--set-description=set-description The description of the client, example
"This is some description"
--set-federated-logout=set-federated-logout Sets the federated logout, example "true"
or "false"
--set-legacy-application-compatibility=set-legacy-application-compatibility Sets the legacy compatibility, "true" or
"false"
--set-login-event-settings=set-login-event-settings Sets the login event settings
--set-metadata=set-metadata Sets the metadata, example
"{"someKey":"someValue"}"
--set-show-logout-prompt=set-show-logout-prompt Sets whether to show the logout prompt or
not, example "true" or "false"
--set-token-endpoint-auth-method=set-token-endpoint-auth-method Sets the token endpoint auth method,
examples "client_secret_post",
"client_secret_basic", etc.
EXAMPLES
$ auth-cli clients:update-web-client --name "new-client-name-456" --set-description " " --set-client-uri " "
--remove-grant-type "authorization_code" --remove-grant-type "implicit" --remove-grant-type "refresh_token"
--remove-grant-type "client_credentials" --remove-response-type "code" --remove-response-type "id_token"
--remove-response-type "id_token token" --remove-response-type "code id_token" --remove-response-type "code token"
--remove-callback-url "https://local.mylocal123.org:3001/oauth/callback" --remove-callback-url
"https://another.domain123.com" --remove-post-logout-redirect-uri "https://local.mylocal123.org:3001/oauth/callback/"
--remove-post-logout-redirect-uri "https://another.domain123.com" --set-token-endpoint-auth-method "none"
--set-federated-logout "false" --set-show-logout-prompt "false" --set-legacy-application-compatibility "false"
--remove-ad-group "admins" --remove-ad-group "newgroup" --remove-provider-from-client "nih"
--remove-provider-from-client "azure-oidc" --remove-provider-from-client "google" --remove-provider-from-client
"google_mateo_local" --set-login-event-settings " " --set-metadata "{}"
$ auth-cli clients:update-web-client --name "new-client-name-456" --set-description "No longer blank" --set-client-uri
"https://another.domain123.com" --add-grant-type "authorization_code" --add-grant-type "implicit" --add-grant-type
"refresh_token" --add-grant-type "client_credentials" --add-response-type "code" --add-response-type "id_token"
--add-response-type "id_token token" --add-response-type "code id_token" --add-response-type "code token"
--add-callback-url "https://local.mylocal123.org:3001/oauth/callback" --add-callback-url
"https://another.domain123.com" --add-post-logout-redirect-uri "https://local.mylocal123.org:3001/oauth/callback/"
--set-token-endpoint-auth-method "client_secret_basic" --set-federated-logout "true" --set-show-logout-prompt "true"
--set-legacy-application-compatibility "true" --add-ad-group "admins" --add-ad-group "newgroup"
--add-provider-to-client "nih" --add-provider-to-client "azure-oidc" --add-provider-to-client "google"
--add-provider-to-client "google_mateo_local" --set-login-event-settings "anotherEvent" --set-metadata
"{"key3":"value3","key4":"value4"}"
See code: src/commands/clients/update-web-client.ts
auth-cli clients:whitelist
display a table of tenant providers
USAGE
$ auth-cli clients:whitelist
OPTIONS
--client=client (required) the client name name ex 'palintir'
--config=config Name of the file to configure
--provider=provider (required) the client name name ex 'google'
EXAMPLES
$ auth-cli clients:whitelist -t ls -client "palantir" -provider "google"
$ auth-cli clients:whitelist -help
See code: src/commands/clients/whitelist.ts
auth-cli clients:whitelist-add
display a table of tenant providers
USAGE
$ auth-cli clients:whitelist-add
OPTIONS
--client=client (required) the client name name ex 'palintir'
--config=config Name of the file to configure
--email=email (required) the email to whitelist name ex 'john.doe@gamil.com'
--provider=provider (required) the client name name ex 'google'
EXAMPLES
$ auth-cli clients:whitelist-add -t ls --client "palantir" --provider "google" --email "joe@xyz.org"
$ auth-cli clients:whitelist-add --help
See code: src/commands/clients/whitelist-add.ts
auth-cli clients:whitelist-check
WhiteList cron job
USAGE
$ auth-cli clients:whitelist-check
OPTIONS
--client=client Required, the client name name ex 'palantir'
--cron=cron Optional, time frequency of check whitelist ex '30s or 1m check
https://www.npmjs.com/package/ms#examples'
--providers=providers Required, the client name name ex 'InCommon' or 'InCommon,login.gov
EXAMPLES
$ auth-cli clients:whitelist-check --client "palantir" --providers "InCommon,login.gov" --cron "30s"
$ auth-cli clients:whitelist-check --help
See code: src/commands/clients/whitelist-check.ts
auth-cli clients:whitelist-remove
display a table of tenant providers
USAGE
$ auth-cli clients:whitelist-remove
OPTIONS
--client=client (required) the client name name ex 'palintir'
--config=config Name of the file to configure
--email=email (required) the email to whitelist name ex 'john.doe@gamil.com'
--provider=provider (required) the client name name ex 'google'
EXAMPLES
$ auth-cli clients:whitelist-add --client "palantir" --provider "google" --email "joe@xyz.org"
$ auth-cli clients:whitelist-add -help
See code: src/commands/clients/whitelist-remove.ts
auth-cli auth-cli config --name "config-name"
login configuration
USAGE
$ auth-cli auth-cli config --name "config-name"
OPTIONS
--name=name Name of the file to configure
EXAMPLES
$ auth-cli config
$ auth-cli config --name "config-name"
See code: src/commands/config.ts
auth-cli email:sendauthmail
This command will send an email through a protected endpoint.
USAGE
$ auth-cli email:sendauthmail
OPTIONS
--attachments=attachments Location of email attachments
--bcc=bcc Blind carbon copy of email
--body=body (required) Location of email body template
--cc=cc Carbon copy of email
--config=config Name of the file to configure
--sender=sender (required) Sender of email
--subject=subject (required) Subject of email
--to=to (required) Recipient of email
EXAMPLE
$ auth-cli email:sendauthmail --to "xyz@fake.com" --subject "test email" --body "./email-template.txt" --sender
"noreply@labshare.org"
See code: src/commands/email/sendauthmail.ts
auth-cli email:sendmail
This command will send an email.
USAGE
$ auth-cli email:sendmail
OPTIONS
--attachments=attachments Location of email attachments
--bcc=bcc Blind carbon copy of email
--body=body Location of email body template
--cc=cc Carbon copy of email
--sender=sender Sender of email
--subject=subject Subject of email
--to=to Recipient of email
EXAMPLE
$ auth-cli email:sendmail --to "xyz@fake.com" --subject "test email" --body "./email-template.txt" --sender
"noreply@labshare.org"
See code: src/commands/email/sendmail.ts
auth-cli help [COMMAND]
display help for auth-cli
USAGE
$ auth-cli help [COMMAND]
ARGUMENTS
COMMAND command to show help for
OPTIONS
--all see all commands in CLI
See code: @oclif/plugin-help
auth-cli jobs:cron
USAGE
$ auth-cli jobs:cron
See code: src/commands/jobs/cron.ts
auth-cli list [ENTITY]
A generic method for listing entities such as users, clients, providers etc associated with a tenant
USAGE
$ auth-cli list [ENTITY]
ARGUMENTS
ENTITY (clients|resource-servers|users|providers|providers
test|groups|permissions|roles|access-requests|access-approvals|approval-workflows|approver-groups|requestable-
accesses|resources|loginEvent|auditlogs|eventlogs|login-pages|trustedDevices) entity to list - ex 'providers'
to see a list of providers belonging to the tenant
OPTIONS
-f, --filter=filter loopback syntax 'where' filter - see https://loopback.io/doc/en/lb2/Where-filter.html
--config=config Name of the file to configure
EXAMPLES
$ auth-cli list providers
$ auth-cli list providers -t ls -f '{ "where": {"name": { "like": "google%"} } }'
$ auth-cli list --help
See code: src/commands/list.ts
auth-cli metadata:get
Display auth system metadata
USAGE
$ auth-cli metadata:get
OPTIONS
-p, --pathFilter=pathFilter json path filter
EXAMPLES
$ auth-cli metadata:get
$ auth-cli metadata:get -p bugs.url
$ auth-cli metadata:get --help
See code: src/commands/metadata/get.ts
auth-cli passbolt:healthcheck
USAGE
$ auth-cli passbolt:healthcheck
See code: src/commands/passbolt/healthcheck.ts
auth-cli providers:delete [ID]
delete a tenant providers
USAGE
$ auth-cli providers:delete [ID]
OPTIONS
--config=config Name of the file to configure
EXAMPLES
$ auth-cli providers delete 23
$ auth-cli providers delete -help
See code: src/commands/providers/delete.ts
auth-cli providers:duplicate [ID]
copy provider and override settings
USAGE
$ auth-cli providers:duplicate [ID]
OPTIONS
-w, --with=with overrides name ex 'ls' for LabShare
--config=config Name of the file to configure
EXAMPLES
$ auth-cli providers:duplicate 17 -w '{"name":"google2", "diplayName":"Google 2"}'
$ aiuth-cli providers:duplicate --help
See code: src/commands/providers/duplicate.ts
auth-cli providers:export [ID]
export a provider to a json file that can then me modified and used to create/import a new provider
USAGE
$ auth-cli providers:export [ID]
OPTIONS
-o, --out=out [default: ~/provider-export.json]
--config=config Name of the file to configure
EXAMPLES
$ auth-cli providers:export 23 -o 'c:/temp/provider-export.json
$ auth-cli providers:export -help
See code: src/commands/providers/export.ts
auth-cli providers:import [INPUTFILE]
create a new provider from a json file
USAGE
$ auth-cli providers:import [INPUTFILE]
ARGUMENTS
INPUTFILE json file containing the data to import
OPTIONS
-c, --importAsCopy if true, the imported name will have the word 'COPY' appended to prevent duplicates
--config=config Name of the file to configure
EXAMPLES
$ auth-cli providers:import 'c:/temp/somefile.json'
$ auth-cli providers:import --help
See code: src/commands/providers/import.ts
auth-cli providers:list
Display auth providers
USAGE
$ auth-cli providers:list
OPTIONS
-a, --all display all columns
-x, --extended show extra columns
--advancedFilter=advancedFilter server side filter using loopback syntax
--columns=columns [default: {"id":{},"name":{"header":"Identifyer"},"displayName":{},"type":{}}]
columns
--config=config Name of the file to configure
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
EXAMPLES
$ auth-cli providers:list
$ auth-cli providers:list --filter name='provder name'
$ auth-cli providers:list --all
$ auth-cli providers:list -help
See code: src/commands/providers/list.ts
auth-cli providers:patch [ID]
update a provider. Updated values are in json format and read either from command line or from file.
USAGE
$ auth-cli providers:patch [ID]
ARGUMENTS
ID id of provider to update
OPTIONS
-d, --data=data json of values to patch
-f, --file=file file containing json values to patch
--config=config Name of the file to configure
EXAMPLES
$ auth-cli providers:patch 17 -d '{"name":"changed name", "displayName":"changed display"}'
$ auth-cli providers:patch 17 -f "c:/myPath/provider-patch.json"
$ auth-cli providers:patch --help
See code: src/commands/providers/patch.ts
auth-cli providers:setField [ID] [FIELD] [VALUE]
update a provider field. Updated values are in json format and read either from command line or from file.
USAGE
$ auth-cli providers:setField [ID] [FIELD] [VALUE]
ARGUMENTS
ID id of provider to update
FIELD (displayName|loginTooltip) field to update
VALUE value to set for field
OPTIONS
--config=config Name of the file to configure
EXAMPLES
$ auth-cli providers:setField 17 displayName 'my Google Provider
$ auth-cli providers:setField --help
See code: src/commands/providers/set-field.ts
auth-cli report:usage
Report the usage (logins) for all tenants.
USAGE
$ auth-cli report:usage
OPTIONS
--admin-group=admin-group (required) The group name of the admins
--days=days (required) The time span (in days) covered by the report, example 7 days, 30 days, etc.
--email=email Indicates whether query results should be emailed "true"
EXAMPLES
$ auth-cli report:usage --admin-group "certificate-management-group" --days "1" --email "true"
$ auth-cli report:usage --admin-group "certificate-management-group" --days "1"
$ auth-cli report:usage --help
See code: src/commands/report/usage.ts
auth-cli restish
Call call allows for making calls to the auth-api via restish cli.
USAGE
$ auth-cli restish
OPTIONS
--config=config Name of the file to configure
DESCRIPTION
This command will use the existing auth-cli aceess-token and will automatically query against the current server
environment.
It is therefore unnecessary to supply the environment as the first argument as you would with restish.
See code: src/commands/restish.ts
auth-cli tenants:delete [ID]
delete a tenant
USAGE
$ auth-cli tenants:delete [ID]
OPTIONS
--config=config Name of the file to configure
EXAMPLES
$ auth-cli tenants:delete 23
$ auth-cli tenants:delete -help
See code: src/commands/tenants/delete.ts
auth-cli tenants:export
export a tenant to a json file that can then be modified and used to create/import a new tenant
USAGE
$ auth-cli tenants:export
OPTIONS
-o, --out=out [default: ~/tenants-export.json]
--config=config Name of the file to configure
EXAMPLES
$ auth-cli tenants:export -o 'c:/temp/tenant-export.json
$ auth-cli tenants:export -help
See code: src/commands/tenants/export.ts
auth-cli tenants:import [INPUTFILE]
create a new tenant from a json file
USAGE
$ auth-cli tenants:import [INPUTFILE]
ARGUMENTS
INPUTFILE json file containing the data to import
OPTIONS
--config=config Name of the file to configure
--displayName=displayName (required) The display name for the imported tenant ex 'LabshareNext'
--tenantId=tenantId (required) The name for the imported tenantId ex 'lsNext'
EXAMPLES
$ auth-cli tenants:import 'c:/temp/tenant-export.json' --displayName 'LabshareNext' --tenantId 'lsNext'
$ auth-cli tenants:import --help
See code: src/commands/tenants/import.ts
auth-cli tenants:list
Display auth tenants
USAGE
$ auth-cli tenants:list
OPTIONS
-a, --all display all columns
-x, --extended show extra columns
--advancedFilter=advancedFilter server side filter using loopback syntax
--columns=columns [default: {"id":{},"tenantId":{},"title":{"header":"display
name"},"description":{},"lastLogin":{}}] columns
--config=config Name of the file to configure
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
EXAMPLES
$ auth-cli tenants:list
$ auth-cli tenants:list --filter name='provder name'
$ auth-cli tenants:list --all
$ auth-cli tenants:list --help
See code: src/commands/tenants/list.ts
auth-cli tenants:print-certs
USAGE
$ auth-cli tenants:print-certs
OPTIONS
--config=config Name of the file to configure
EXAMPLES
$ auth-cli tenants:print-certs
$ auth-cli tenants:print-certs --help
See code: src/commands/tenants/print-certs.ts
auth-cli tokens:view [PROFILE]
A command to view your stored profiles tokens
USAGE
$ auth-cli tokens:view [PROFILE]
ARGUMENTS
PROFILE () profile to view the token from
OPTIONS
--json view jwt token in json format
EXAMPLES
$ auth-cli tokens:view
$ auth-cli tokens:view aci
$ auth-cli tokens:view local
$ auth-cli tokens:view local --json
See code: src/commands/tokens/view.ts
auth-cli users:create
Create a user
USAGE
$ auth-cli users:create
OPTIONS
--config=config Name of the file to configure
--email=email email
--firstname=firstname first name
--lastname=lastname last name
--name=name name
--profilePicture=profilePicture profile picture
--username=username username
EXAMPLES
$ auth-cli users:create
$ auth-cli users:create -help
See code: src/commands/users/create.ts
auth-cli users:delete [ID]
delete a tenant user
USAGE
$ auth-cli users:delete [ID]
OPTIONS
--config=config Name of the file to configure
EXAMPLES
$ auth-cli users:delete 23
$ auth-cli users:delete -help
See code: src/commands/users/delete.ts
auth-cli users:list
List users
USAGE
$ auth-cli users:list
OPTIONS
-a, --all display all columns
-x, --extended show extra columns
--advancedFilter=advancedFilter server side filter using loopback syntax
--columns=columns [default:
{"id":{},"givenName":{},"familyName":{},"username":{},"email":{},"identityIssuer":{"h
eader":"Issuer"},"provider":{}}] columns
--config=config Name of the file to configure
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
EXAMPLES
$ auth-cli users:list
$ auth-cli users:list --all
$ auth-cli users:list -help
See code: src/commands/users/list.ts
auth-cli users:patch [ID]
update a user. Updated values are in json format and read either from command line or from file.
USAGE
$ auth-cli users:patch [ID]
ARGUMENTS
ID id of provider to update
OPTIONS
--config=config Name of the file to configure
--firstname=firstname first name
--lastname=lastname last name
--picture=picture profile picture
--username=username username
EXAMPLES
$ auth-cli users:patch 17
$ auth-cli users:patch --help
See code: src/commands/users/patch.ts
auth-cli users:setField [ID]
update a user field. Updated values are in json format and read either from command line or from file.
USAGE
$ auth-cli users:setField [ID]
ARGUMENTS
ID id of provider to update
OPTIONS
--config=config Name of the file to configure
--field=username|givenName|familyName|picture (required) field to update
--id=id (required) field value
--value=value (required) field value
EXAMPLES
$ auth-cli users:setField --id 17 --field givenName --value 'joe'
$ auth-cli users:setField --help
See code: src/commands/users/set-field.ts
Running the Tests
npm run test
Installation
install the latest release of the auth-cli
npm i -g @labshare/auth-cli
updating the auth-cli to the latest
npm update -g @labshare/auth-cli
possible installation issues:
It maybe necessary to correct your permissions to the global install directory
In mac and linux environments, this can be accomplised with this command:
sudo chown -R $USER /usr/local/lib/node_modules
auth-cli makes use of a package called keytar which in turn makes use of a package called libsecret. It maybe necessary in linux environments to install libsecret
sudo apt-get install libsecret-1-dev
Getting Started
profile setup
The first thing that you will need to do after installing the auth-cli is to configure a profile
auth-cli configure
You will be prompted to create a profile configuration values for the environment in which to use the cli with.
Here is a sample of the generated profile for the a-ci labshare environment. ( The profile json file will be saved as <profile-name>.profile.json ex a-ci.profile.json in the profiles folder in the root of the project)
{
"profileName": "a-ci",
"auth": {
"url": "https://a-ci.labshare.org/_api",
"clientId": "auth-cli-native",
"clientSecret": "681bc836-87c9-4f75-b47e-ece9366d3162",
"tenant": "ls",
"redirectUrl": "http://localhost:5000",
"audience": "https://a-ci.labshare.org/_api/auth/ls"
}
}
loging in
You must be authenticated through your identity provider in order to issue any comand requiring accesss permissions
auth-cli login
Can be used to explicitly log you in. A browser window will open up that will allow you to authenticate through your identity provider. After logging in, you can close your browser tab, that was used.
In general however, when you issue a command, you will be prompted to login in if you have not yet done so.
issuing commands
in general, to issue auth-cli commands open your shell and enter:
auth-cli <command-name>
most command-names are in the form subject:action ex
auth-cli clients:list
for general help and a list of commands enter
auth-cli --help
for help on a specific commands enter
auth-cli <command-name> --help
RESTish Integration
The auth-cli can integrate with another cli tool called Restish. Restish is a general purpose tool for issuing rest-based api calls from the command line and it can be useed to call auth api endpoints.
The auth-cli restish command acts as a passthrough to restish, that uses your existing auth-cli access_token and environment for example the following two commands are equivalent. By calling restish through auth-cli the a-ci enviroment variable wasn’t needed:
restish a-ci tenant-client-controller-find 1
auth-cli restish tenant-client-controller 1(
To setup and use Restish please refer to the Restish Notes
Developer Notes
To work with the auth-cli in a developer capacity, please fork the repo at https://github.com/ncats/auth-monorepo/tree/main/packages/auth-cli
Update Readme
The command documentation in this readme file is auto-generated. To update the readme:
install: https://github.com/oclif/dev-cli
run: oclif-dev readme
link oclif
auth-cli is not a know command after cloning the repo. To issue commands, you would enter
./bin/run <command-name> from the project folder
to avoid the need to type ./bin/run before a command, enter
npm link from the project folder
after linking, you can instead enter
auth-cli <command-name>
learn about OCLIF
www.oclif.io
learn about RESTISH
https://rest.sh/
view the Restish Notes document in the auth-cli project folder