wsgi: add delete-oauth2-client command

Add delete-oauth2-client which reads a credentials file produced
by create-oauth2-client or create-test-oauth2-client and removes the
client and its associated tokens from the database.

1 files changed, 29 insertions, 0 deletions

diff --git a/gn_auth/wsgi.py b/gn_auth/wsgi.py
index 7fa544c..bc90210 100644
--- a/gn_auth/wsgi.py
+++ b/gn_auth/wsgi.py
@@ -433,6 +433,35 @@ def create_test_oauth2_client(session_timestamp, users_file, owner_role,
         {"session_timestamp": session_timestamp, "client": record},
         output_path)
 
+
+@app.cli.command()
+@click.option("--credentials", "credentials_path", required=True,
+              type=click.Path(exists=True),
+              help="Credentials file produced by create-oauth2-client or "
+                   "create-test-oauth2-client")
+def delete_oauth2_client(credentials_path):
+    """Delete an OAuth2 client using a credentials file.
+
+    Reads the client_id from the given credentials file and removes the
+    client and all associated tokens from the database.
+    """
+    with open(credentials_path) as f:
+        data = json.load(f)
+
+    client_id_str = data.get("client", {}).get("client_id")
+    if not client_id_str:
+        print("No client_id found in credentials file.", file=sys.stderr)
+        sys.exit(1)
+
+    client_id = uuid.UUID(client_id_str)
+    with db.connection(app.config["AUTH_DB"]) as conn:
+        the_client = oauth2_client_by_id(conn, client_id)
+        if the_client.is_nothing():
+            print(f"No client found with ID {client_id}", file=sys.stderr)
+            sys.exit(1)
+        delete_client(conn, the_client.value)
+        print(f"Deleted OAuth2 client {client_id}.")
+
 ##### END: CLI Commands #####
 
 if __name__ == '__main__':