https://www.ory.sh/ logo
Join SlackCommunities
Powered by
Hi, we're looking into using ory for a big project...
# ory-network
b
Hi, we're looking into using ory for a big project and want to configure the entire project in a gitops way, I've already setup a poc and am having some issues. It would be great if there were some better examples. How can I declaratively define oauth2 clients, I've setup a little script but it just keeps creating new clients (not idempotent). Are there any solutions? We're using github actions and will most likely push the client secrets to secret manager on gcp
s
There is no upsert API, but as you probably don't do it multiple times per second, you can just use this approach:
Copy code
func (s *Service) UpsertOAuth2Client(ctx context.Context, cl hydra.OAuth2Client) (*hydra.OAuth2Client, error) {
	// Try update first
	c, _, err := s.hc.OAuth2API.SetOAuth2Client(ctx, *cl.ClientId).OAuth2Client(cl).Execute()
	if err != nil {
		// If not found, create
		c, _, err = s.hc.OAuth2API.CreateOAuth2Client(ctx).OAuth2Client(cl).Execute()
		return c, err
	}

	return c, nil
}
I agree on better examples, we have it on the backlog, but it's not the only item there 😉
b
Yeah I just made a bash script which checks if there's an existing client and just either updates or creates a new one
s
Not sure if you are using the Ory CLI, but that would be a more elegant way to do all of that. It allows you to do virtually any of the API calls that you need for configuring projects.
b
Yeah instead of using the oryd container in my github workflow I've set it up to install the ory cli, my script to create the oauth2 clients for now is:
Copy code
#!/usr/bin/env bash
client_file="$1" # references a json file describing the client
new_client_name=$(jq -r '.client_name' < "$client_file")
echo "new client name: $new_client_name"
output=$(ory list oauth2-clients --format json-pretty)
# used to check if a client_id already exists for said client name
client_id=$(echo "$output" | jq -r --arg new_client_name "$new_client_name" '.items[] | select(.client_name == $new_client_name) | .client_id')

if [ -n "$client_id" ]; then
  echo "Client '$new_client_name' already exists."
  echo "Client id: $client_id"
  ory update oauth2-client "$client_id" --file "$client_file"
else
  echo "Client '$new_client_name' does not exist yet."
  ory create oauth2-client --file "$client_file"
fi
Open in Slack
PreviousNext
Powered by