Asgardeo CLI Tool

Project Overview

Asgardeo CLI (Command Line Interface) tool allows you to access Identity Access Management resources in Asgardeo and (Identity Server) from the the terminal using commands and keyboard operations via the Text User Interface (TUI) operations.

Problem Statement

To maintain IAM resources like applications. API resources. users, roles, groups, etc, the user has to access the Asgardeo console webpage or manually construct the curl command to access the Management REST API endpoints.This introduces additional concerns as maintaining authentication, securely storing tokens and client secrets, and OS specific commands, Additionally most of the users of Asgardeo are developers who spend most of their time in terminal and IDEs, hence it is desired to provide a way to manage the Asgardeo configurations via the terminal. Apart from these technical requirements, almost all of other competitors provide CLI functionalities to their IAM servers, Ex: Auth0 CLI , AWS IAM CLI

Requirements

Build a modular CLI framework with authentication, profiles, and help commands.
Manage applications and connections (create, update, delete, list).
Handle users, groups, and roles.
Enable JSON/YAML outputs for scripting and CI/CD automation.
Provide interactive and non-interactive modes with auto completion and prompts.
Provide a Text User Interface (TUI) for more interactive user experience

Architecture

The tool is expected to provide two different interfaces to the users, the CLI where users perform the functionalities via commands (asg apps list) and the TUI where users perform the actions by keyboard movements and shortcuts (ctrl+n). Even though two different interfaces are provided the core logic is the same. So a layered architecture is followed decoupling the logic from the interfaces.

The tool is expected to be distributed as a single binary containing both the CLI and TUI features. At high level the binary will act as a wrapper for Asgardeo REST API endpoints, handling authentication, configuration and error handling.

The logic layer communicates with the Identity Access Management (IAM) server (Asgardeo or identity Server) via REST API calls via the provided endpoints. The configuration for the tool is provided from configuration files (JSON, YAML) and the secrets (client secret and token) will be stored securely (OS keychain). The architecture proposes a global configuration (single config file in a home directory) instead of local config file (creating multiple config files in each working directory).

Internal System Layers

To enforce separation of concerns and ensure maintainability, the application is split into four distinct structural layers: