d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/scripts/deploy/configure-api-permissions.sh
defiQUG 92cc41d26d Add Legal Office seal and complete Azure CDN deployment 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
2025-11-12 22:03:42 -08:00

75 lines
2.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Configure API Permissions for Entra VerifiedID App Registration
# This script helps automate permission configuration
set -euo pipefail
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
# Check Azure CLI
if ! command -v az &> /dev/null; then
log_warning "Azure CLI not found"
exit 1
fi
if ! az account show &> /dev/null; then
log_warning "Not logged in to Azure"
exit 1
fi
log_info "Configuring API Permissions for Entra VerifiedID..."
# Get app ID
read -p "Enter Application (Client) ID: " APP_ID
if [ -z "${APP_ID}" ]; then
log_warning "App ID is required"
exit 1
fi
# Verifiable Credentials Service App ID
VC_SERVICE_APP_ID="3db474b9-7a6d-4f50-afdc-70940ce1df8f"
log_info "Adding Verifiable Credentials Service permissions..."
# Note: Azure CLI doesn't support adding API permissions directly for Verifiable Credentials Service
# This requires manual steps in Azure Portal, but we can provide the exact steps
log_warning "API permissions must be configured manually in Azure Portal"
log_info "Follow these steps:"
echo ""
echo "1. Go to: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/CallAnAPI/appId/${APP_ID}"
echo "2. Click 'API permissions'"
echo "3. Click 'Add a permission'"
echo "4. Select 'APIs my organization uses'"
echo "5. Search for: 'Verifiable Credentials Service' or use App ID: ${VC_SERVICE_APP_ID}"
echo "6. Select 'Application permissions'"
echo "7. Check the following permissions:"
echo " - VerifiableCredential.Create.All"
echo " - VerifiableCredential.Verify.All"
echo "8. Click 'Add permissions'"
echo "9. Click 'Grant admin consent for [Your Organization]'"
echo "10. Verify consent status shows 'Granted'"
echo ""
# Try to grant admin consent if possible
log_info "Attempting to grant admin consent..."
if az ad app permission admin-consent --id "${APP_ID}" 2>/dev/null; then
log_success "Admin consent granted via CLI"
else
log_warning "Admin consent must be granted manually in Azure Portal"
log_info "Go to: API permissions → Grant admin consent"
fi
log_success "Permission configuration guide provided"
log_info "After completing manual steps, verify permissions:"
echo "az ad app permission list --id ${APP_ID}"
Reference in New Issue View Git Blame Copy Permalink