Updated bootstrap script to auto-setup the tenant#53
Conversation
SurajThotakura
left a comment
There was a problem hiding this comment.
The SDK currently only requests create/read/delete:me:authentication_methods and read:me:factors. Could we align the requested scopes across the SDK and script?
In resource-servers.mjs let's remove the unused scopes (update:me:authentication_methods and the 3 connected_accounts scopes) from MY_ACCOUNT_API_SCOPES.
|
|
||
| reportManualActions() | ||
|
|
||
| console.log("Next steps:") |
There was a problem hiding this comment.
The "Next steps" here tell the user to open Xcode and build, but nothing in this script runs carthage bootstrap. With the current instructions the build fails.
Can we add carthage bootstrap --use-xcframeworks as part of pre-flight (next to validateIOSProject())
| export async function applyDashboardClientChanges( | ||
| changePlan, | ||
| connectionProfileId, | ||
| userAttributeProfileId, |
There was a problem hiding this comment.
These two params aren't used anywhere in this function.
This looks like leftover wiring from the web/My-Organization bootstrap script.
Since this bootstrap is My-Account-only, we should drop these params, and drop the applyConnectionProfileChanges/applyUserAttributeProfileChanges calls in bootstrap.mjs that feed them?
As it stands we're creating two tenant resources (Universal Components Connection Profile, Universal Components Profile) that nothing consumes.
| // 6b. Profiles | ||
| // 4b. Profiles | ||
| console.log("Configuring Profiles...") | ||
| const connectionProfile = await applyConnectionProfileChanges( |
There was a problem hiding this comment.
Same as the comment on clients.mjs, connectionProfile/userAttributeProfile are created here but their .id is never actually used downstream (applyDashboardClientChanges ignores those params). Can we remove this step?
|
|
||
| | Resource | Details | | ||
| | -------------------------- | ----------------------------------------------------------------------------------------------- | | ||
| | **Native Application** | `iOS UI Components Demo` (`app_type: native`) with the `demo://…/callback` callback + refresh-token rotation, and a My Account API refresh-token policy | |
There was a problem hiding this comment.
This table still says the callback is demo://…/callback
Can we update this row and the Info.plist bullet below (line 75-76) to say "the app's bundle identifier" instead of demo
| authenticate manually beforehand: | ||
|
|
||
| ```bash | ||
| auth0 login --scopes "read:connection_profiles,create:connection_profiles,update:connection_profiles,read:user_attribute_profiles,create:user_attribute_profiles,update:user_attribute_profiles,read:client_grants,create:client_grants,update:client_grants,delete:client_grants,read:connections,create:connections,update:connections,read:clients,create:clients,update:clients,read:client_keys,read:roles,create:roles,update:roles,read:resource_servers,create:resource_servers,update:resource_servers,update:tenant_settings,update:prompts" |
There was a problem hiding this comment.
This scope string doesn't match BOOTSTRAP_SCOPE_METADATA in validation.mjs anymore. It's missing read:connections_options / update:connections_options (passkey-on-connection, added in this PR) and read:guardian_factors / update:guardian_factors (WebAuthn factors, also added in this PR)
manual login using this exact command would silently fail to enable passkeys. It also still includes read:roles/create:roles/update:roles, but roles.mjs in this same PR made the admin-role check always SKIP ("System APIs may not be used"), so those are now dead. Could this be generated from BOOTSTRAP_SCOPES.join(",") instead of hand-maintained, so it can't drift again?
| | **Database Connection** | `Username-Password-Authentication` enabled for the application | | ||
| | **Connection Profile** | `Universal Components Connection Profile` | | ||
| | **User Attribute Profile** | `Universal Components Profile` | | ||
| | **Admin Role** | `admin` role with the My Account API permissions | |
There was a problem hiding this comment.
Can we add a row here for the new WebAuthn/Passkey MFA factor step (guardian-factors.mjs) and the passkey-enablement change to the Database Connection row (connections.mjs's PASSKEY_CONNECTION_OPTIONS)? Both are load-bearing for the passkey feature but aren't mentioned in this table.
📋 Changes
Bootstrap script fix done, tenant setup, scope requesting and setting up permissions completely automated via script