Skip to content

Updated bootstrap script to auto-setup the tenant#53

Open
Sudhanshu96 wants to merge 2 commits into
mainfrom
feature/bootstrap_script_fix
Open

Updated bootstrap script to auto-setup the tenant#53
Sudhanshu96 wants to merge 2 commits into
mainfrom
feature/bootstrap_script_fix

Conversation

@Sudhanshu96

@Sudhanshu96 Sudhanshu96 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

📋 Changes

Bootstrap script fix done, tenant setup, scope requesting and setting up permissions completely automated via script

@Sudhanshu96
Sudhanshu96 requested a review from a team as a code owner July 8, 2026 12:27

@SurajThotakura SurajThotakura left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SDK currently only requests create/read/delete:me:authentication_methods and read:me:factors. Could we align the requested scopes across the SDK and script?

In resource-servers.mjs let's remove the unused scopes (update:me:authentication_methods and the 3 connected_accounts scopes) from MY_ACCOUNT_API_SCOPES.

Comment thread scripts/bootstrap.mjs

reportManualActions()

console.log("Next steps:")

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "Next steps" here tell the user to open Xcode and build, but nothing in this script runs carthage bootstrap. With the current instructions the build fails.

Can we add carthage bootstrap --use-xcframeworks as part of pre-flight (next to validateIOSProject())

Comment thread scripts/utils/clients.mjs
export async function applyDashboardClientChanges(
changePlan,
connectionProfileId,
userAttributeProfileId,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These two params aren't used anywhere in this function.
This looks like leftover wiring from the web/My-Organization bootstrap script.

Since this bootstrap is My-Account-only, we should drop these params, and drop the applyConnectionProfileChanges/applyUserAttributeProfileChanges calls in bootstrap.mjs that feed them?

As it stands we're creating two tenant resources (Universal Components Connection Profile, Universal Components Profile) that nothing consumes.

Comment thread scripts/bootstrap.mjs
// 6b. Profiles
// 4b. Profiles
console.log("Configuring Profiles...")
const connectionProfile = await applyConnectionProfileChanges(

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as the comment on clients.mjs, connectionProfile/userAttributeProfile are created here but their .id is never actually used downstream (applyDashboardClientChanges ignores those params). Can we remove this step?

Comment thread scripts/README.md

| Resource | Details |
| -------------------------- | ----------------------------------------------------------------------------------------------- |
| **Native Application** | `iOS UI Components Demo` (`app_type: native`) with the `demo://…/callback` callback + refresh-token rotation, and a My Account API refresh-token policy |

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This table still says the callback is demo://…/callback
Can we update this row and the Info.plist bullet below (line 75-76) to say "the app's bundle identifier" instead of demo

Comment thread scripts/README.md
authenticate manually beforehand:

```bash
auth0 login --scopes "read:connection_profiles,create:connection_profiles,update:connection_profiles,read:user_attribute_profiles,create:user_attribute_profiles,update:user_attribute_profiles,read:client_grants,create:client_grants,update:client_grants,delete:client_grants,read:connections,create:connections,update:connections,read:clients,create:clients,update:clients,read:client_keys,read:roles,create:roles,update:roles,read:resource_servers,create:resource_servers,update:resource_servers,update:tenant_settings,update:prompts"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This scope string doesn't match BOOTSTRAP_SCOPE_METADATA in validation.mjs anymore. It's missing read:connections_options / update:connections_options (passkey-on-connection, added in this PR) and read:guardian_factors / update:guardian_factors (WebAuthn factors, also added in this PR)

manual login using this exact command would silently fail to enable passkeys. It also still includes read:roles/create:roles/update:roles, but roles.mjs in this same PR made the admin-role check always SKIP ("System APIs may not be used"), so those are now dead. Could this be generated from BOOTSTRAP_SCOPES.join(",") instead of hand-maintained, so it can't drift again?

Comment thread scripts/README.md
| **Database Connection** | `Username-Password-Authentication` enabled for the application |
| **Connection Profile** | `Universal Components Connection Profile` |
| **User Attribute Profile** | `Universal Components Profile` |
| **Admin Role** | `admin` role with the My Account API permissions |

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a row here for the new WebAuthn/Passkey MFA factor step (guardian-factors.mjs) and the passkey-enablement change to the Database Connection row (connections.mjs's PASSKEY_CONNECTION_OPTIONS)? Both are load-bearing for the passkey feature but aren't mentioned in this table.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants