Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitac0d1f6

Browse files
committed
feat(oauth2): add client credentials grant type and user ownership
- Add client_credentials to OAuth2ProviderGrantType enum- Add user_id column to oauth2_provider_apps for ownership tracking- Make refresh_hash nullable for client credentials tokens per RFC 6749- Update API schemas to use proper OAuth2 enums for grant/response types- Add grant_types field to OAuth2 app create/update requests- Support user-scoped client credentials apps vs system-scoped auth flows- Update database queries and models for new fieldsChange-Id: I11901919656c86c51e7c808324e2df5205eda002Signed-off-by: Thomas Kosiewski <tk@coder.com>
1 parent0393465 commitac0d1f6

27 files changed

+840
-84
lines changed

‎coderd/apidoc/docs.go

Lines changed: 40 additions & 3 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json

Lines changed: 36 additions & 3 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/database/dbgen/dbgen.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1159,6 +1159,7 @@ func OAuth2ProviderApp(t testing.TB, db database.Store, seed database.OAuth2Prov
11591159
RedirectUris:takeFirstSlice(seed.RedirectUris, []string{"http://localhost"}),
11601160
ClientType:takeFirst(seed.ClientType, sql.NullString{String:"confidential",Valid:true}),
11611161
DynamicallyRegistered:takeFirst(seed.DynamicallyRegistered, sql.NullBool{Bool:false,Valid:true}),
1162+
UserID:takeFirst(seed.UserID, uuid.NullUUID{Valid:false}),
11621163
ClientIDIssuedAt:takeFirst(seed.ClientIDIssuedAt, sql.NullTime{}),
11631164
ClientSecretExpiresAt:takeFirst(seed.ClientSecretExpiresAt, sql.NullTime{}),
11641165
GrantTypes:takeFirstSlice(seed.GrantTypes, []string{"authorization_code","refresh_token"}),

‎coderd/database/dump.sql

Lines changed: 5 additions & 1 deletion
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/database/foreign_key_constraint.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
-- Restore refresh_hash as NOT NULL (existing data should still be valid)
2+
ALTERTABLE oauth2_provider_app_tokens
3+
ALTER COLUMN refresh_hashSETNOT NULL;
4+
5+
-- Remove user_id column from OAuth2 provider apps
6+
ALTERTABLE oauth2_provider_apps
7+
DROP COLUMN user_id;
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
-- Add user ownership to OAuth2 provider apps for client credentials support
2+
ALTERTABLE oauth2_provider_apps
3+
ADD COLUMN user_id uuidREFERENCES users(id)ON DELETE CASCADE;
4+
5+
-- Make refresh_hash nullable to support client credentials tokens
6+
-- RFC 6749 Section 4.4.3: "A refresh token SHOULD NOT be included" for client credentials
7+
ALTERTABLE oauth2_provider_app_tokens
8+
ALTER COLUMN refresh_hash DROPNOT NULL;

‎coderd/database/models.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp