step 1 (#37)

Author: abbaspour

tf/02-donor-website.tf

@@ -84,6 +84,7 @@ resource "auth0_connection_clients" "UPA-clients" {
     var.auth0_tf_client_id,
     data.auth0_client.default-app.client_id,
     auth0_client.donor-cli.client_id,
+    auth0_client.hono-rwa.client_id
   ]
 }
 

tf/04-business-website.tf

@@ -70,59 +70,59 @@ EOT
 resource "auth0_resource_server" "business_api" {
   name       = "Business API"
   identifier = "business.api"
-  
+
   # Token settings
-  token_lifetime                                  = 86400  # 24 hours
+  token_lifetime                                  = 86400 # 24 hours
   skip_consent_for_verifiable_first_party_clients = true
-  
+
   # JWT settings
   signing_alg = "RS256"
-  
+
   allow_offline_access = false
 
   enforce_policies = true
-  token_dialect = "access_token_authz"
+  token_dialect    = "access_token_authz"
 }
 
 # Define scopes for business API
-resource "auth0_resource_server_scopes" business-api-scopes {
+resource "auth0_resource_server_scopes" "business-api-scopes" {
   resource_server_identifier = auth0_resource_server.business_api.identifier
 
   // -- pickups --
   scopes {
-    name = "read:pickups"
+    name        = "read:pickups"
     description = "read:pickups"
   }
 
   scopes {
-    name = "create:pickups"
+    name        = "create:pickups"
     description = "create:pickups"
   }
 
   scopes {
-    name = "update:pickups"
+    name        = "update:pickups"
     description = "update:pickups"
   }
 
   // -- schedules --
   scopes {
-    name = "read:schedules"
+    name        = "read:schedules"
     description = "read:schedules"
   }
 
   scopes {
-    name = "update:schedules"
+    name        = "update:schedules"
     description = "update:schedules"
   }
 
   // -- organization --
   scopes {
-    name = "read:organization"
+    name        = "read:organization"
     description = "read:organization"
   }
 
   scopes {
-    name = "update:organization"
+    name        = "update:organization"
     description = "update:organization"
   }
 }
@@ -132,8 +132,9 @@ data "auth0_resource_server" "my-org" {
 }
 
 resource "auth0_client_grant" "business-my-org-grant" {
-  audience  = data.auth0_resource_server.my-org.identifier
-  client_id = auth0_client.business.client_id
+  audience           = data.auth0_resource_server.my-org.identifier
+  client_id          = auth0_client.business.client_id
+  organization_usage = "require"
   scopes = [
     "read:my_org:details",
     "update:my_org:details",
@@ -650,8 +651,8 @@ resource "auth0_connection_clients" "business-db-clients" {
 
 # Creates a Cloudflare D1 database for CRM data. A future worker/API will connect to this DB.
 resource "cloudflare_d1_database" "business" {
-  account_id = var.cloudflare_account_id
-  name       = "replate-business"
+  account_id            = var.cloudflare_account_id
+  name                  = "replate-business"
   primary_location_hint = "apac"
   read_replication = {
     mode = "disabled"
@@ -682,4 +683,4 @@ EOT
 
 output "business-client_id" {
   value = auth0_client.business.client_id
-}
+}

tf/13-rwa-client.tf

@@ -0,0 +1,42 @@
+# Temporary, not part of demo
+resource "auth0_client" "hono-rwa" {
+  name = "Hono RWA"
+  description = "Hono RWA for SDK Gallery"
+  app_type = "regular_web"
+
+  callbacks = [
+    "https://hono-rwa-myaccount.abbaspour.workers.dev/auth/callback"
+  ]
+
+  allowed_logout_urls = [
+    "https://hono-rwa-myaccount.abbaspour.workers.dev/logout"
+  ]
+
+  grant_types = [
+    "authorization_code",
+    "refresh_token"
+  ]
+}
+
+output "hono-client-id" {
+  value = auth0_client.hono-rwa.client_id
+}
+
+resource "auth0_client_grant" "hono-myaccount-grant" {
+  audience  = data.auth0_resource_server.my-account.identifier
+  client_id = auth0_client.hono-rwa.client_id
+  scopes = [
+    // authentication methods
+    "read:me:authentication_methods",
+    "delete:me:authentication_methods",
+    "update:me:authentication_methods",
+    "create:me:authentication_methods",
+    // factors
+    "read:me:factors",
+    // connected_accounts
+    "create:me:connected_accounts",
+    "read:me:connected_accounts",
+    "delete:me:connected_accounts"
+  ]
+  subject_type = "user"
+}