Skip to main content

ApplyClientOverlay

Applies an overlay URI set (RedirectUris / PostLogoutRedirectUris / AllowedCorsOrigins) to a blueprint-managed client. New entries are written with Source = 'overlay:<OverlayName>', kept across blueprint re-apply by the Step 2a preservation pass. Idempotent — duplicates are silently skipped (any source). At least one of the three URI lists must be provided.

Examples

Inject the local-dev redirect / post-logout / CORS triple into the Refinery Studio client:

octo-cli -c ApplyClientOverlay `
-id "octo-data-refinery-studio" `
-n "local-dev" `
-r "http://localhost:4200/auth-callback,http://localhost:4200/silent-callback" `
-plr "http://localhost:4200/" `
-co "http://localhost:4200"

Single-list usage — only RedirectUris is added; other lists are untouched:

octo-cli -c ApplyClientOverlay `
-id "octo-data-refinery-studio" `
-n "local-dev" `
-r "http://localhost:4200/auth-callback"

Options

ShortLongRequiredDescription
-id--clientIdyesThe ClientId to apply the overlay to. Must already exist.
-n--overlayNameyesOperator-meaningful overlay name. Becomes the suffix of 'overlay:<OverlayName>' on every persisted entry. Constrained to [A-Za-z0-9._-]+.
-r--redirectUrisnoComma-separated list of redirect URIs to add
-plr--postLogoutRedirectUrisnoComma-separated list of post-logout redirect URIs to add
-co--allowedCorsOriginsnoComma-separated list of CORS origins to add (pass without trailing slash)

Notes

Re-running with the same payload is a no-op: every URI hits the dedup branch, no DB write, no cache invalidation.

Server returns 400 if every supplied list is empty / whitespace-only.

The endpoint does not strip trailing slashes from CORS origins — pass origin-shaped values yourself.