heroku / heroku-cli-oauth Goto Github PK

View Code? Open in Web Editor NEW

41.0 99.0 15.0 293 KB

this code is now in https://github.com/heroku/cli

License: ISC License

JavaScript 98.24% Shell 1.76%

heroku heroku-cli-plugin

heroku-cli-oauth's Introduction

Heroku OAuth

Command line plugin for managing OAuth clients, authorizations and tokens.

No need to install, this plugin comes built into the Heroku CLI.

Clients

To create a client:

$ heroku clients:create "Amazing" https://amazing-client.herokuapp.com/auth/heroku/callback
Creating Amazing... done
HEROKU_OAUTH_ID=3e304bda-d376-4278-bdea-6d6c08aa1359
HEROKU_OAUTH_SECRET=e6a5f58f-f8a9-49f1-a1a6-d1dd98930ef6

See OAuth clients under your account with:

$ heroku clients
Amazing  3e304bda-d376-4278-bdea-6d6c08aa1359  https://amazing-client.herokuapp.com/auth/heroku/callback

Get details about a client:

$ heroku clients:info 36120128-fee7-455e-8b7f-807aee130946
=== Amazing
created_at:         2016-01-21T02:11:57Z
id:                 36120128-fee7-455e-8b7f-807aee130946
name:               Amazing
redirect_uri:       https://amazing-client.herokuapp.com/auth/heroku/callback
secret:             a14cf558-60b8-44f2-a804-3b249b48aa57
updated_at:         2016-01-21T02:11:57Z

Update clients:

$ heroku clients:update 3e304bda-d376-4278-bdea-6d6c08aa1359 --url https://amazing-client.herokuapp.com/auth/heroku/callback
Updated Amazing... done

Authorizations

List them:

$ heroku authorizations
Amazing                        9e3a4063-b833-432e-ad75-4b0d7195be13  global
Heroku CLI                     676cb46c-7597-4be1-8a6a-f87b9f2f1065  global

Creating

You can create a special user-created authorization against your account that will come with an access token which doesn't expire:

$ heroku authorizations:create --description "For use with Anvil"
Created OAuth authorization.
  ID:          105a7bfa-34c3-476e-873a-b1ac3fdc12fb
  Description: For use with Anvil
  Token:       4cee516c-f8c6-4f14-9edf-fc6ef09cedc5
  Scope:       global

You can also pass in short output format to only output the token.

$ heroku authorizations:create --output-format short
nec6a9b6-b21a-4ba1-il95-70zd47e14c4d

Another option allows for tokens that expire. This token expires in 10 seconds.

$ heroku authorizations:create --expires-in 10
Created OAuth authorization.
  Client:      <none>
  ID:          2231biha6-5b1e-4268-ba04-2ee7b74m2gf6
  Description: Long-lived user authorization
  Scope:       global
  Token:       9aa5d667-fg37-4028-8dc9-b2191b5z5966

A combination of short format and expires-in can be handy to pass into a job that needs access to heroku:

$ heroku run "HEROKU_EMAIL=`heroku auth:whoami` HEROKU_API_KEY=`heroku authorizations:create --expires-in 120 --output-format short` ./my_job.sh" -a myapp

Optionally, you can specify a list of scopes for the authorization:

$ heroku authorizations:create --description "For use with Anvil" --scope identity,read-protected
Created OAuth authorization.
  ID:          105a7bfa-34c3-476e-873a-b1ac3fdc12fb
  Description: For use with Anvil
  Token:       4cee516c-f8c6-4f14-9edf-fc6ef09cedc5
  Scope:       identity, read-protected

The procured token can now be used like an API key:

$ curl -u ":4cee516c-f8c6-4f14-9edf-fc6ef09cedc5" https://api.heroku.com/apps

Revoking

Any authorization on your account can be revoked at any time:

$ heroku authorizations:revoke 105a7bfa-34c3-476e-873a-b1ac3fdc12fb
Revoked authorization from "Another App".

heroku-cli-oauth's People

Contributors

Stargazers

Watchers

Forkers

florianz viewthespace rdsharma charoen2011 khemraj111185 nailanawshaba rukev001

heroku-cli-oauth's Issues

Resource not found error for any command

Any command I try to run returns a "Resource not found" error :
$ heroku authorizations
! Resource not found

Handle pagination

The plugin dies if you've got more than 200 clients.

--scope option broken

$ heroku authorizations:create -d "hk release vXXX test" -s identity
 !    Require array: scope.

heroku authorizations crash

ash:~$ heroku authorizations
=== Authorizations

 !    Heroku client internal error.
 !    Search for help at: https://help.heroku.com
 !    Or report a bug at: https://github.com/heroku/heroku/issues/new

    Error:       comparison of Array with Array failed (ArgumentError)
    Backtrace:   /Users/adam/.heroku/client/lib/heroku/helpers.rb:367:in `sort'
                 /Users/adam/.heroku/client/lib/heroku/helpers.rb:367:in `styled_array'
                 /Users/adam/.heroku/plugins/heroku-oauth/lib/authorizations.rb:13:in `index'
                 /Users/adam/.heroku/client/lib/heroku/command.rb:206:in `run'
                 /Users/adam/.heroku/client/lib/heroku/cli.rb:28:in `start'
                 /usr/bin/heroku:24:in `<main>'

    Command:     heroku authorizations
    Plugins:     heroku-dashboard
                 heroku-fork
                 heroku-lunch
                 heroku-oauth
                 heroku-orgs
                 heroku-sudo
                 heroku-tiers

    Version:     heroku-toolbelt/2.35.0 (x86_64-darwin10.8.0) ruby/1.9.3

Add -s option for better scripting

Thoughts on adding a -s option for better scripting similar to heroku config -s?

$ heroku clients:create Amazing https://amazing-client.herokuapp.com/oauth/callback/heroku
Created client Amazing
  ID:     foo
  Secret: bar

$ heroku clients:create -s Amazing https://amazing-client.herokuapp.com/oauth/callback/heroku
HEROKU_ID=foo
HEROKU_SECRET=bar

Note that I name-spaced the config vars with HEROKU_ instead of simply returning ID and SECRET.

Empty token returned by authorizations:create

~ $ heroku authorizations:create --description "Test"
Created OAuth authorization
  ID:          [email protected]
  Description: Test
  Scope:       all
  Token:

Response from POST /oauth/authorizations:

{"created_at"=>"2013/02/26 22:58:24 -0800",
 "description"=>"Test",
 "code"=>"xxx",
 "id"=>"[email protected]",
 "scopes"=>["all"],
 "updated_at"=>"2013/02/26 22:58:24 -0800",
 "access_tokens"=>[{"token"=>nil, "expires_in"=>nil}],
 "client"=>nil,
 "refresh_tokens"=>[]}

HIDs in user-facing output? Tsk tsk

Regenerate Command

For cred rolling, especially for trusted clients.

See:
https://github.com/heroku/api/blob/master/schema/platform-api-reference.md#oauth-authorization-regenerate

--expires_in and --ouput_format do not work as documented

Hello there,

I am currently upgrading to the new heroku-cli. I am using Mac OSX

I installed the heroku-cli using the following command:

brew install heroku

After running heroku --version I see:

heroku --version                                                                                                                           12:27:59
heroku-cli/6.8.5-e6953b2 (darwin-x64) node-v7.10.0

Running which heroku I see the following

which heroku                                                                                                                               12:29:35
/usr/local/bin/heroku

So it seems the correct version has been installed. However when running heroku authorizations:create --expires_in 2 I see the following error:

~ heroku authorizations:create --expires_in 2                                                                                                12:30:02
 ▸    Unexpected argument --expires_in

Similarly when I run heroku authorizations:create --output_format short I see:

heroku authorizations:create --output_format short                                                                                         12:30:58
 ▸    Unexpected argument --output_format

However the following does work:

heroku authorizations:create --description 'For deploy' --expires-in 12000 --short

Is the README out of date or am I missing something? Thanks for the help!

-s, --shell         # output in shell format

but it appears to only show the ID and SECRET which is undefined:

$ heroku clients:info 01234567-89ab-cdef-0123-456789abcdef -s
HEROKU_OAUTH_ID=01234567-89ab-cdef-0123-456789abcdef
HEROKU_OAUTH_SECRET=undefined

heroku clients:update returns "Not found"

Trying to update the url for an oauth client:

$ heroku clients:update 43b250d... --url <url>
 !    Not found

Also, clients:create returns the following:

$ heroku clients:create "foo" http://localhost:5000
 !    Internal server error.
 !    Run `heroku status` to check for known platform issues.

Is the creation of oauth clients disabled right now?