# Authentication and Authorization Recipes # ======================================== # JWT authentication, MFA enrollment, session management, and token operations # ============================================================================ # Authentication - Login & Logout # ============================================================================ # Login to provisioning platform @auth-login USER: echo "๐Ÿ” Logging in as {{USER}}..." provisioning auth login {{USER}} echo "โœ… Login successful" @auth-login-url USER URL: #!/usr/bin/env bash echo "๐Ÿ” Logging in as {{USER}} to {{URL}}..." provisioning auth login {{USER}} --url {{URL}} echo "โœ… Login successful" @auth-logout: echo "๐Ÿ‘‹ Logging out..." provisioning auth logout echo "โœ… Logged out successfully" @auth-status: echo "๐Ÿ“Š Authentication Status" echo "========================" provisioning auth status @whoami: auth-status # ============================================================================ # Session Management # ============================================================================ # List all active sessions @auth-sessions: echo "๐Ÿ“‹ Active Sessions" echo "==================" provisioning auth sessions @auth-sessions-detailed: #!/usr/bin/env bash echo "๐Ÿ“‹ Active Sessions (Detailed)" echo "=============================" provisioning auth sessions --detailed @auth-revoke-session SESSION_ID: echo "๐Ÿšซ Revoking session {{SESSION_ID}}..." provisioning auth revoke-session {{SESSION_ID}} echo "โœ… Session revoked" @auth-revoke-all: echo "๐Ÿšซ Revoking all sessions except current..." provisioning auth revoke-all echo "โš ๏ธ All other sessions have been revoked" # Token Management # ============================================================================ # Refresh authentication token @auth-refresh: echo "๐Ÿ”„ Refreshing authentication token..." provisioning auth refresh echo "โœ… Token refreshed" @auth-token-info: echo "๐Ÿ” Access Token Information" echo "===========================" provisioning auth token info @auth-validate: echo "โœ… Validating current token..." provisioning auth validate # MFA - Multi-Factor Authentication # ============================================================================ # Enroll in TOTP (Time-based One-Time Password) MFA @mfa-enroll-totp: echo "๐Ÿ“ฑ Enrolling in TOTP MFA" echo "========================" echo "This will generate a QR code to scan with your authenticator app" echo "(Google Authenticator, Authy, 1Password, etc.)" echo "" provisioning auth mfa enroll totp @mfa-enroll-webauthn: echo "๐Ÿ”‘ Enrolling in WebAuthn MFA" echo "============================" echo "Please prepare your security key (YubiKey, Touch ID, etc.)" echo "" provisioning auth mfa enroll webauthn @mfa-verify CODE: #!/usr/bin/env bash echo "โœ… Verifying MFA code..." provisioning auth mfa verify --code {{CODE}} @mfa-devices: echo "๐Ÿ“ฑ Enrolled MFA Devices" echo "=======================" provisioning auth mfa devices @mfa-remove-device DEVICE_ID: echo "๐Ÿ—‘๏ธ Removing MFA device {{DEVICE_ID}}..." provisioning auth mfa remove-device {{DEVICE_ID}} echo "โœ… Device removed" @mfa-backup-codes: echo "๐Ÿ”‘ Generating MFA Backup Codes" echo "===============================" echo "โš ๏ธ Store these codes securely - they can only be used once" echo "" provisioning auth mfa backup-codes # User Management # ============================================================================ # Show current user profile @auth-profile: echo "๐Ÿ‘ค User Profile" echo "===============" provisioning auth profile @auth-profile-update: echo "โœ๏ธ Updating user profile..." provisioning auth profile update @auth-change-password: echo "๐Ÿ”‘ Changing password..." provisioning auth change-password # Quick Workflows # ============================================================================ # Complete login workflow with MFA enrollment guidance @auth-login-full USER: echo "๐Ÿš€ Complete Login Workflow" echo "==========================" echo "Logging in as {{USER}}..." provisioning auth login {{USER}} echo "" echo "๐Ÿ“ฑ MFA Setup (if not already enrolled)" echo "======================================" echo "To enroll in TOTP MFA: just mfa-enroll-totp" echo "To enroll in WebAuthn: just mfa-enroll-webauthn" echo "" echo "โœ… Login complete!" @auth-login-prod USER: #!/usr/bin/env bash echo "๐Ÿญ Production Login" echo "===================" echo "โš ๏ธ MFA required for production operations" echo "" provisioning auth login {{USER}} echo "" echo "Please verify MFA code:" read -p "Enter MFA code: " CODE && provisioning auth mfa verify --code $CODE echo "" echo "โœ… Production login complete" @auth-quick: echo "โšก Quick Re-authentication" echo "==========================" provisioning auth refresh echo "โœ… Token refreshed - you are authenticated" # Troubleshooting # ============================================================================ # Test authentication flow @auth-test: echo "๐Ÿงช Testing Authentication Flow" echo "===============================" echo "" echo "1. Testing token validation..." provisioning auth validate || echo "โš ๏ธ Token invalid or expired" echo "" echo "2. Checking session status..." provisioning auth status echo "" echo "3. Listing active sessions..." provisioning auth sessions echo "" echo "โœ… Authentication test complete" @auth-config: echo "โš™๏ธ Authentication Configuration" echo "=================================" provisioning config get auth echo "" echo "JWT Configuration:" provisioning config get jwt @auth-reset: #!/usr/bin/env bash echo "๐Ÿ”„ Resetting Authentication" echo "===========================" echo "โš ๏ธ This will log out all sessions and clear tokens" read -p "Continue? (y/N): " -n 1 -r echo if [[ $REPLY =~ ^[Yy]$ ]]; then provisioning auth logout --all echo "โœ… Authentication reset complete" else echo "โŒ Cancelled" fi # Help # ============================================================================ # Show authentication help @auth-help: echo "๐Ÿ” AUTHENTICATION RECIPES" echo "=========================" echo "" echo "๐Ÿ“ฅ LOGIN & LOGOUT" echo " just auth-login - Login to platform" echo " just auth-login-url - Login with custom URL" echo " just auth-logout - Logout current session" echo " just whoami - Show current user status" echo "" echo "๐ŸŽซ SESSION MANAGEMENT" echo " just auth-sessions - List active sessions" echo " just auth-sessions-detailed - List with details" echo " just auth-revoke-session - Revoke specific session" echo " just auth-revoke-all - Revoke all other sessions" echo "" echo "๐Ÿ”‘ TOKEN MANAGEMENT" echo " just auth-refresh - Refresh access token" echo " just auth-token-info - Show token details" echo " just auth-validate - Validate current token" echo "" echo "๐Ÿ“ฑ MFA (Multi-Factor Authentication)" echo " just mfa-enroll-totp - Enroll in TOTP MFA" echo " just mfa-enroll-webauthn - Enroll in WebAuthn MFA" echo " just mfa-verify - Verify MFA code" echo " just mfa-devices - List enrolled devices" echo " just mfa-remove-device - Remove MFA device" echo " just mfa-backup-codes - Generate backup codes" echo "" echo "๐Ÿ‘ค USER MANAGEMENT" echo " just auth-profile - Show user profile" echo " just auth-profile-update - Update profile" echo " just auth-change-password - Change password" echo "" echo "๐Ÿš€ QUICK WORKFLOWS" echo " just auth-login-full - Complete login with MFA setup" echo " just auth-login-prod - Production login (MFA required)" echo " just auth-quick - Quick re-authentication" echo "" echo "๐Ÿ”ง TROUBLESHOOTING" echo " just auth-test - Test authentication flow" echo " just auth-config - Show configuration" echo " just auth-reset - Reset all authentication" echo "" echo "๐Ÿ’ก EXAMPLES" echo " # Basic login" echo " just auth-login alice" echo "" echo " # Production workflow" echo " just auth-login-prod alice" echo "" echo " # Setup MFA" echo " just mfa-enroll-totp" echo "" echo " # Check status" echo " just whoami"