how to add oidc client for lightwave ui

Notes

• As a pre-requisite, retrieve the OIDC token from Lightwave using code
• This program depends on jq and curl

#!/bin/bash

LW_TENANT=
LW_SERVER=
LW_PORT=443
CLIENT_URL=
CLIENT_TYPE=
CRED_CACHE_PATH="$HOME/.lightwave_tokens"

showUsage()
{
    echo "Usage: lw-register-oidc-client -t <tenant>"
    echo "                               -s <server>"
    echo "                               [ -p <port>]"
    echo "                               -c <client url>"
    echo "                               -r {lightwave-ui|post-ui}"
}

getEncodedValue()
{
  local string="${1}"
  local strlen=${#string}
  local encoded=""
  local pos c o

  for (( pos=0 ; pos<strlen ; pos++ )); do
     c=${string:$pos:1}
     case "$c" in
        [-_.~a-zA-Z0-9] )
            o="${c}"
            ;;
        * )
            printf -v o '%%%02x' "'$c'"
            ;;
     esac
     encoded+="${o}"
  done
  echo "${encoded}"
}

create_lw_ui_oidc_metadata()
{
    local metadata_file=$1
    local client_id=$2
    local client_url=$3
    local tenant=$4

cat > $metadata_file <<-EOF
	{
	    "clientId": "$client_id",
	    "redirectUriTemplates": [
	        "$client_url/lightwaveui/Home"
	    ],
	    "tokenEndpointAuthMethod": "none",
	    "postLogoutRedirectUriTemplates": [
	        "$client_url/lightwaveui"
	    ],
	    "logoutUriTemplate": "$client_url/lightwaveui",
	    "authnRequestClientAssertionLifetimeMS": 0,
	    "multiTenant": true
	}
EOF
}

create_post_ui_oidc_metadata()
{
    local metadata_file=$1
    local client_id=$2
    local client_url=$3
    local tenant=$4

cat > $metadata_file <<-EOF
	{
	    "clientId": "$client_id",
	    "redirectUriTemplates": [
	        "$client_url/ui"
	    ],
	    "tokenEndpointAuthMethod": "none",
	    "postLogoutRedirectUriTemplates": [
	        "$client_url/ui"
	    ],
	    "logoutUriTemplate": "$client_url/ui",
	    "authnRequestClientAssertionLifetimeMS": 0,
	    "multiTenant": true
	}
EOF
}

while getopts t:s:p:c:r: o
do
    case "$o" in
        t)
            LW_TENANT="$OPTARG"
            ;;
        s)
            LW_SERVER="$OPTARG"
            ;;
        p)
            LW_PORT="$OPTARG"
            ;;
        c)
            CLIENT_URL="$OPTARG"
            ;;
        r)
            CLIENT_TYPE="$OPTARG"
            ;;
        [?])
            showUsage
            exit 1
    esac
done

if [ -z "$LW_TENANT" ]; then
    echo "Error: The Lightwave Tenant was not specified"
    showUsage
    exit 1
fi

if [ -z "$LW_SERVER" ]; then
    echo "Error: The Lightwave Server was not specified"
    showUsage
    exit 1
fi

if [ -z "$LW_PORT" ]; then
    echo "Error: The Lightwave Port was not specified"
    showUsage
    exit 1
fi

if [ -z "$CLIENT_URL" ]; then
    echo "Error: The Cascade UI URL was not specified"
    showUsage
    exit 1
fi

if [ -z "$CLIENT_TYPE" ]; then
    echo "Error: The Client Type was not specified"
    showUsage
    exit 1
fi

if [ ! -f $CRED_CACHE_PATH ]; then
    echo "Error: No authentication tokens found. Please login and try again."
    showUsage
    exit 1
fi

LW_TOKEN=$(jq -r '.access_token' $CRED_CACHE_PATH)

if [ -z "$LW_TOKEN" ]; then
    echo "Error: Invalid or no OIDC token found in $CRED_CACHE_PATH"
    echo "Please retry after acquiring a valid OIDC token from Lightwave"
    exit 2
fi

encoded_tenant=$(getEncodedValue $LW_TENANT)

url="https://$LW_SERVER:$LW_PORT/idm/tenant/$encoded_tenant/oidcclient"

client_id=$(uuidgen)

tmpfile=$(mktemp /tmp/lw-oidc-def-XXXXXX.json)

case "$CLIENT_TYPE" in
    "lightwave-ui")
        create_lw_ui_oidc_metadata $tmpfile $client_id $CLIENT_URL $encoded_tenant
        ;;
    "post-ui")
        create_post_ui_oidc_metadata $tmpfile $client_id $CLIENT_URL $encoded_tenant
        ;;
    *)
        echo "Error: An Invalid Client Type - $CLIENT_TYPE was specified"
        showUsage
        exit 1
esac

headers=(
     -H "Content-Type: application/json"
     -H "Authorization: Bearer $LW_TOKEN"
)

OIDC_METADATA=$(jq -r '.' $tmpfile)

curl -k -X POST -d "$OIDC_METADATA" "$url" "${headers[@]}" | jq -r '.'

rm -f $tmpfile