SAIF CLI¶
The SAIF CLI is a command-line tool for automating SAIF platform development tasks.
Description¶
The SAIF CLI is a console app published to a NuGet Feed and installed using the dotnet CLI. It automates processes that developers might do manually, including:
- Creating new projects from templates (
dotnet new) - Setting up Azure DevOps pipelines
- Creating Azure DevOps repositories
- Configuring project infrastructure
- Generating and inspecting JWT tokens
- Discovering Entra ID application registrations
Why we use it¶
We use the SAIF CLI to provide a single interface for operations across multiple cloud services. All Forge projects are created using the CLI to ensure standard setup and naming conventions.
Commands¶
saif token generate¶
Generate an OAuth token for a SAIF application. See JWT Test Tokens for full usage.
saif token validate¶
Decode and inspect a JWT token. Displays a claims breakdown and resolves the audience to an Entra ID app registration.
# Run without arguments and paste the token interactively (recommended)
saif token validate
# Or pass the token directly as an argument
saif token validate eyJ0eXAiOiJKV1Qi...
Note
Long tokens pasted directly on the command line may cause errors due to terminal word-wrapping. See JWT Test Tokens — Troubleshooting for workarounds.
Output includes:
- Claims table — audience, issuer, subject, tenant ID, name, scopes, roles, timestamps
- Expiry status — highlighted in green (valid) or red (expired)
- Audience resolution — looks up the Entra ID app registration matching the
audclaim
saif app search¶
Search or list Entra ID application registrations.
# Search by audience URI or GUID (tries identifier URI, app ID, and api://{guid} patterns)
saif app search --audience api://my-app-test
saif app search --audience 00000000-0000-0000-0000-000000000000
# Search by application (client) ID directly
saif app search --appid 00000000-0000-0000-0000-000000000000
# List all registrations
saif app search --all
# List with a name filter
saif app search --all --name my-app
# List only apps that have an audience URI configured
saif app search --all --filter audience
| Option | Description |
|---|---|
--audience |
Search by audience value / identifier URI (e.g., api://my-app-test). If a bare GUID is provided, the CLI will attempt to resolve it as both an app ID and api://{guid}. |
--appid |
Search by application (client) ID |
--all |
List all application registrations |
--name |
Partial name filter (use with --all) |
--filter |
Post-filter results; audience shows only apps with an identifier URI (use with --all) |
Note
--audience, --appid, and --all are mutually exclusive — specify exactly one. If your JWT aud claim is a GUID, you can use either --appid or --audience; --appid is recommended for clarity.
Related Documentation¶
| Guide | Description |
|---|---|
| Installing the SAIF CLI | Setup, configuration, and troubleshooting |
| JWT Test Tokens | Generate and use tokens for API testing |