ApplyClientOverlay
Applies an overlay URI set (RedirectUris / PostLogoutRedirectUris / AllowedCorsOrigins) to a blueprint-managed client. New entries are written with Source = 'overlay:<OverlayName>', kept across blueprint re-apply by the Step 2a preservation pass. Idempotent — duplicates are silently skipped (any source). At least one of the three URI lists must be provided.
Examples
Inject the local-dev redirect / post-logout / CORS triple into the Refinery Studio client:
octo-cli -c ApplyClientOverlay `
-id "octo-data-refinery-studio" `
-n "local-dev" `
-r "http://localhost:4200/auth-callback,http://localhost:4200/silent-callback" `
-plr "http://localhost:4200/" `
-co "http://localhost:4200"
Single-list usage — only RedirectUris is added; other lists are untouched:
octo-cli -c ApplyClientOverlay `
-id "octo-data-refinery-studio" `
-n "local-dev" `
-r "http://localhost:4200/auth-callback"
Options
| Short | Long | Required | Description |
|---|---|---|---|
-id | --clientId | yes | The ClientId to apply the overlay to. Must already exist. |
-n | --overlayName | yes | Operator-meaningful overlay name. Becomes the suffix of 'overlay:<OverlayName>' on every persisted entry. Constrained to [A-Za-z0-9._-]+. |
-r | --redirectUris | no | Comma-separated list of redirect URIs to add |
-plr | --postLogoutRedirectUris | no | Comma-separated list of post-logout redirect URIs to add |
-co | --allowedCorsOrigins | no | Comma-separated list of CORS origins to add (pass without trailing slash) |
Notes
Re-running with the same payload is a no-op: every URI hits the dedup branch, no DB write, no cache invalidation.
Server returns 400 if every supplied list is empty / whitespace-only.
The endpoint does not strip trailing slashes from CORS origins — pass origin-shaped values yourself.