52 lines
1.3 KiB
Bash
Executable File
52 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# revoke_grant.sh: open Gitea's "Authorized OAuth2 Applications" page so
|
|
# the operator can revoke a stale OAuth grant whose scope set no longer
|
|
# matches the unified scope set requested by this scaffold and the
|
|
# orchestrator's gateway. See docs/oauth-grant-scope-mismatch.md for
|
|
# the full failure mode and recovery procedure.
|
|
|
|
set -euo pipefail
|
|
|
|
here="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
|
|
# shellcheck disable=SC1091
|
|
. "$here/common.sh"
|
|
|
|
load_env
|
|
require_env FORGE_GITEA_URL
|
|
require_env FSDGG_CLI_CLIENT_ID
|
|
require_cmd python3
|
|
|
|
base="${FORGE_GITEA_URL%/}"
|
|
url="${base}/user/settings/applications"
|
|
cid="${FSDGG_CLI_CLIENT_ID}"
|
|
|
|
cat <<EOF
|
|
[revoke-grant] Authorized OAuth2 Applications:
|
|
${url}
|
|
[revoke-grant] Client ID to revoke:
|
|
${cid}
|
|
|
|
Procedure:
|
|
1. The browser opens the URL above.
|
|
2. Locate the row whose Client ID matches ${cid}.
|
|
3. Press "Revoke".
|
|
4. Return here and run 'just login' (or re-run 'just deploy').
|
|
|
|
EOF
|
|
|
|
if [ "${FORGE_REVOKE_NO_BROWSER:-0}" = "1" ]; then
|
|
info "FORGE_REVOKE_NO_BROWSER=1 set; skipping browser launch."
|
|
exit 0
|
|
fi
|
|
|
|
python3 - "$url" <<'PY'
|
|
import sys, webbrowser
|
|
url = sys.argv[1]
|
|
ok = webbrowser.open(url, new=1, autoraise=True)
|
|
print(
|
|
"[revoke-grant] "
|
|
+ ("opened in browser." if ok else "no browser launched; open the URL manually.")
|
|
)
|
|
PY
|