scripts/deploy/create-entra-app.sh

#!/bin/bash
# Create Azure AD App Registration for Entra VerifiedID
# This script automates the app registration creation

set -euo pipefail

# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'

log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }

# Check Azure CLI
if ! command -v az &> /dev/null; then
    log_warning "Azure CLI not found. Install from: https://docs.microsoft.com/cli/azure/install-azure-cli"
    exit 1
fi

# Check login
if ! az account show &> /dev/null; then
    log_warning "Not logged in to Azure. Run: az login"
    exit 1
fi

log_info "Creating Azure AD App Registration for Entra VerifiedID..."

# Get inputs
read -p "App Registration name (default: the-order-entra): " APP_NAME
APP_NAME=${APP_NAME:-the-order-entra}

read -p "Resource Group (optional, for tagging): " RESOURCE_GROUP

# Create app registration
log_info "Creating app registration: ${APP_NAME}"
APP_ID=$(az ad app create \
    --display-name "${APP_NAME}" \
    --query appId -o tsv)

log_success "App Registration created!"
log_info "Application (Client) ID: ${APP_ID}"

# Get tenant ID
TENANT_ID=$(az account show --query tenantId -o tsv)
log_info "Directory (Tenant) ID: ${TENANT_ID}"

# Create service principal
log_info "Creating service principal..."
az ad sp create --id "${APP_ID}" --output none
log_success "Service principal created"

# Create client secret
log_info "Creating client secret (valid for 1 year)..."
SECRET_RESPONSE=$(az ad app credential reset --id "${APP_ID}" --years 1)
CLIENT_SECRET=$(echo "${SECRET_RESPONSE}" | jq -r '.password')

log_success "Client secret created"
log_warning "IMPORTANT: Save this secret now - it won't be shown again!"
log_info "Client Secret: ${CLIENT_SECRET}"

# Add API permissions
log_info "Adding Verifiable Credentials Service permissions..."
VC_SERVICE_APP_ID="3db474b9-7a6d-4f50-afdc-70940ce1df8f"

# Note: Exact permission IDs may vary - this is a template
log_warning "You need to add permissions manually in Azure Portal:"
log_info "1. Go to Azure Portal → App registrations → ${APP_NAME} → API permissions"
log_info "2. Add permission → APIs my organization uses"
log_info "3. Search for 'Verifiable Credentials Service'"
log_info "4. Add Application permissions: VerifiableCredential.Create.All, VerifiableCredential.Verify.All"
log_info "5. Grant admin consent"

# Output summary
cat > .entra-app-info.txt << EOF
Azure AD App Registration Created
==================================

Application Name: ${APP_NAME}
Application (Client) ID: ${APP_ID}
Directory (Tenant) ID: ${TENANT_ID}
Client Secret: ${CLIENT_SECRET}

NEXT STEPS:
1. Add API permissions in Azure Portal (see above)
2. Grant admin consent
3. Store these values securely
4. Run: ./scripts/deploy/store-entra-secrets.sh
EOF

log_success "App registration complete!"
log_info "Details saved to: .entra-app-info.txt"
log_warning "Remember to add API permissions and grant admin consent!"
Add Legal Office seal and complete Azure CDN deployment - Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll) - Create legal-office-manifest-template.json for Legal Office credentials - Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation - Complete Azure CDN infrastructure deployment: - Resource group, storage account, and container created - 17 PNG seal files uploaded to Azure Blob Storage - All manifest templates updated with Azure URLs - Configuration files generated (azure-cdn-config.env) - Add comprehensive Azure CDN setup scripts and documentation - Fix manifest URL generation to prevent double slashes - Verify all seals accessible via HTTPS 2025-11-12 22:03:42 -08:00			`#!/bin/bash`
			`# Create Azure AD App Registration for Entra VerifiedID`
			`# This script automates the app registration creation`

			`set -euo pipefail`

			`# Colors`
			`GREEN='\033[0;32m'`
			`BLUE='\033[0;34m'`
			`YELLOW='\033[1;33m'`
			`NC='\033[0m'`

			`log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }`
			`log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }`
			`log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }`

			`# Check Azure CLI`
			`if ! command -v az &> /dev/null; then`
			`log_warning "Azure CLI not found. Install from: https://docs.microsoft.com/cli/azure/install-azure-cli"`
			`exit 1`
			`fi`

			`# Check login`
			`if ! az account show &> /dev/null; then`
			`log_warning "Not logged in to Azure. Run: az login"`
			`exit 1`
			`fi`

			`log_info "Creating Azure AD App Registration for Entra VerifiedID..."`

			`# Get inputs`
			`read -p "App Registration name (default: the-order-entra): " APP_NAME`
			`APP_NAME=${APP_NAME:-the-order-entra}`

			`read -p "Resource Group (optional, for tagging): " RESOURCE_GROUP`

			`# Create app registration`
			`log_info "Creating app registration: ${APP_NAME}"`
			`APP_ID=$(az ad app create \`
			`--display-name "${APP_NAME}" \`
			`--query appId -o tsv)`

			`log_success "App Registration created!"`
			`log_info "Application (Client) ID: ${APP_ID}"`

			`# Get tenant ID`
			`TENANT_ID=$(az account show --query tenantId -o tsv)`
			`log_info "Directory (Tenant) ID: ${TENANT_ID}"`

			`# Create service principal`
			`log_info "Creating service principal..."`
			`az ad sp create --id "${APP_ID}" --output none`
			`log_success "Service principal created"`

			`# Create client secret`
			`log_info "Creating client secret (valid for 1 year)..."`
			`SECRET_RESPONSE=$(az ad app credential reset --id "${APP_ID}" --years 1)`
			`CLIENT_SECRET=$(echo "${SECRET_RESPONSE}" \| jq -r '.password')`

			`log_success "Client secret created"`
			`log_warning "IMPORTANT: Save this secret now - it won't be shown again!"`
			`log_info "Client Secret: ${CLIENT_SECRET}"`

			`# Add API permissions`
			`log_info "Adding Verifiable Credentials Service permissions..."`
			`VC_SERVICE_APP_ID="3db474b9-7a6d-4f50-afdc-70940ce1df8f"`

			`# Note: Exact permission IDs may vary - this is a template`
			`log_warning "You need to add permissions manually in Azure Portal:"`
			`log_info "1. Go to Azure Portal → App registrations → ${APP_NAME} → API permissions"`
			`log_info "2. Add permission → APIs my organization uses"`
			`log_info "3. Search for 'Verifiable Credentials Service'"`
			`log_info "4. Add Application permissions: VerifiableCredential.Create.All, VerifiableCredential.Verify.All"`
			`log_info "5. Grant admin consent"`

			`# Output summary`
			`cat > .entra-app-info.txt << EOF`
			`Azure AD App Registration Created`
			`==================================`

			`Application Name: ${APP_NAME}`
			`Application (Client) ID: ${APP_ID}`
			`Directory (Tenant) ID: ${TENANT_ID}`
			`Client Secret: ${CLIENT_SECRET}`

			`NEXT STEPS:`
			`1. Add API permissions in Azure Portal (see above)`
			`2. Grant admin consent`
			`3. Store these values securely`
			`4. Run: ./scripts/deploy/store-entra-secrets.sh`
			`EOF`

			`log_success "App registration complete!"`
			`log_info "Details saved to: .entra-app-info.txt"`
			`log_warning "Remember to add API permissions and grant admin consent!"`