Insert client_name when upserting statically registered clients (#4417)

2025-04-30 11:50:49 +02:00
parent 83dfa7c045 c8d84dc361
commit aba9ca38e6
8 changed files with 43 additions and 26 deletions
--- a/crates/cli/src/sync.rs
+++ b/crates/cli/src/sync.rs
@@ -357,6 +357,7 @@ pub async fn config_sync(
            }

            let client_secret = client.client_secret.as_deref();
+            let client_name = client.client_name.as_ref();
            let client_auth_method = client.client_auth_method();
            let jwks = client.jwks.as_ref();
            let jwks_uri = client.jwks_uri.as_ref();
@@ -369,6 +370,7 @@ pub async fn config_sync(
            repo.oauth2_client()
                .upsert_static(
                    client.client_id,
+                    client_name.cloned(),
                    client_auth_method,
                    encrypted_client_secret,
                    jwks.cloned(),
--- a/crates/config/src/sections/clients.rs
+++ b/crates/config/src/sections/clients.rs
@@ -79,6 +79,10 @@ pub struct ClientConfig {
    /// Authentication method used for this client
    client_auth_method: ClientAuthMethodConfig,

+    /// Name of the `OAuth2` client
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub client_name: Option<String>,
+
    /// The client secret, used by the `client_secret_basic`,
    /// `client_secret_post` and `client_secret_jwt` authentication methods
    #[serde(skip_serializing_if = "Option::is_none")]
--- a/crates/storage-pg/.sqlx/query-5236305c49b1ee99a00e32df3727ebe97b523b6836e1696d8b8e2a0ef70bfa44.json
+++ b/crates/storage-pg/.sqlx/query-5236305c49b1ee99a00e32df3727ebe97b523b6836e1696d8b8e2a0ef70bfa44.json
@@ -1,23 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n                INSERT INTO oauth2_clients\n                    ( oauth2_client_id\n                    , encrypted_client_secret\n                    , redirect_uris\n                    , grant_type_authorization_code\n                    , grant_type_refresh_token\n                    , grant_type_client_credentials\n                    , grant_type_device_code\n                    , token_endpoint_auth_method\n                    , jwks\n                    , jwks_uri\n                    , is_static\n                    )\n                VALUES\n                    ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, TRUE)\n                ON CONFLICT (oauth2_client_id)\n                DO\n                    UPDATE SET encrypted_client_secret = EXCLUDED.encrypted_client_secret\n                             , redirect_uris = EXCLUDED.redirect_uris\n                             , grant_type_authorization_code = EXCLUDED.grant_type_authorization_code\n                             , grant_type_refresh_token = EXCLUDED.grant_type_refresh_token\n                             , grant_type_client_credentials = EXCLUDED.grant_type_client_credentials\n                             , grant_type_device_code = EXCLUDED.grant_type_device_code\n                             , token_endpoint_auth_method = EXCLUDED.token_endpoint_auth_method\n                             , jwks = EXCLUDED.jwks\n                             , jwks_uri = EXCLUDED.jwks_uri\n                             , is_static = TRUE\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text",
-        "TextArray",
-        "Bool",
-        "Bool",
-        "Bool",
-        "Bool",
-        "Text",
-        "Jsonb",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "5236305c49b1ee99a00e32df3727ebe97b523b6836e1696d8b8e2a0ef70bfa44"
-}
--- a/crates/storage-pg/.sqlx/query-da02f93d7346992a9795f12b900f91ac0b326dd751c0d374d6ef4d19f671d22e.json
+++ b/crates/storage-pg/.sqlx/query-da02f93d7346992a9795f12b900f91ac0b326dd751c0d374d6ef4d19f671d22e.json
@@ -0,0 +1,24 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                INSERT INTO oauth2_clients\n                    ( oauth2_client_id\n                    , encrypted_client_secret\n                    , redirect_uris\n                    , grant_type_authorization_code\n                    , grant_type_refresh_token\n                    , grant_type_client_credentials\n                    , grant_type_device_code\n                    , token_endpoint_auth_method\n                    , jwks\n                    , client_name\n                    , jwks_uri\n                    , is_static\n                    )\n                VALUES\n                    ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, TRUE)\n                ON CONFLICT (oauth2_client_id)\n                DO\n                    UPDATE SET encrypted_client_secret = EXCLUDED.encrypted_client_secret\n                             , redirect_uris = EXCLUDED.redirect_uris\n                             , grant_type_authorization_code = EXCLUDED.grant_type_authorization_code\n                             , grant_type_refresh_token = EXCLUDED.grant_type_refresh_token\n                             , grant_type_client_credentials = EXCLUDED.grant_type_client_credentials\n                             , grant_type_device_code = EXCLUDED.grant_type_device_code\n                             , token_endpoint_auth_method = EXCLUDED.token_endpoint_auth_method\n                             , jwks = EXCLUDED.jwks\n                             , client_name = EXCLUDED.client_name\n                             , jwks_uri = EXCLUDED.jwks_uri\n                             , is_static = TRUE\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text",
+        "TextArray",
+        "Bool",
+        "Bool",
+        "Bool",
+        "Bool",
+        "Text",
+        "Jsonb",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "da02f93d7346992a9795f12b900f91ac0b326dd751c0d374d6ef4d19f671d22e"
+}
--- a/crates/storage-pg/.sqlx/query-fcd8b4b9e003d1540357c6bf1ff9c715560d011d4c01112703a9c046170c84f1.json
+++ b/crates/storage-pg/.sqlx/query-fcd8b4b9e003d1540357c6bf1ff9c715560d011d4c01112703a9c046170c84f1.json
@@ -23,7 +23,7 @@
      "Left": []
    },
    "nullable": [
-      false,
+      true,
      true,
      null
    ]
--- a/crates/storage-pg/src/oauth2/client.rs
+++ b/crates/storage-pg/src/oauth2/client.rs
@@ -554,6 +554,7 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
    async fn upsert_static(
        &mut self,
        client_id: Ulid,
+        client_name: Option<String>,
        client_auth_method: OAuthClientAuthenticationMethod,
        encrypted_client_secret: Option<String>,
        jwks: Option<PublicJsonWebKeySet>,
@@ -581,11 +582,12 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
                    , grant_type_device_code
                    , token_endpoint_auth_method
                    , jwks
+                    , client_name
                    , jwks_uri
                    , is_static
                    )
                VALUES
-                    ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, TRUE)
+                    ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, TRUE)
                ON CONFLICT (oauth2_client_id)
                DO
                    UPDATE SET encrypted_client_secret = EXCLUDED.encrypted_client_secret
@@ -596,6 +598,7 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
                             , grant_type_device_code = EXCLUDED.grant_type_device_code
                             , token_endpoint_auth_method = EXCLUDED.token_endpoint_auth_method
                             , jwks = EXCLUDED.jwks
+                             , client_name = EXCLUDED.client_name
                             , jwks_uri = EXCLUDED.jwks_uri
                             , is_static = TRUE
            "#,
@@ -608,6 +611,7 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
            true,
            client_auth_method,
            jwks_json,
+            client_name,
            jwks_uri.as_ref().map(Url::as_str),
        )
        .traced()
@@ -633,7 +637,7 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
                GrantType::RefreshToken,
                GrantType::ClientCredentials,
            ],
-            client_name: None,
+            client_name,
            logo_uri: None,
            client_uri: None,
            policy_uri: None,
--- a/crates/storage/src/oauth2/client.rs
+++ b/crates/storage/src/oauth2/client.rs
@@ -157,6 +157,7 @@ pub trait OAuth2ClientRepository: Send + Sync {
    async fn upsert_static(
        &mut self,
        client_id: Ulid,
+        client_name: Option<String>,
        client_auth_method: OAuthClientAuthenticationMethod,
        encrypted_client_secret: Option<String>,
        jwks: Option<PublicJsonWebKeySet>,
@@ -237,6 +238,7 @@ repository_impl!(OAuth2ClientRepository:
    async fn upsert_static(
        &mut self,
        client_id: Ulid,
+        client_name: Option<String>,
        client_auth_method: OAuthClientAuthenticationMethod,
        encrypted_client_secret: Option<String>,
        jwks: Option<PublicJsonWebKeySet>,
--- a/docs/config.schema.json
+++ b/docs/config.schema.json
@@ -239,6 +239,10 @@
            }
          ]
        },
+        "client_name": {
+          "description": "Name of the `OAuth2` client",
+          "type": "string"
+        },
        "client_secret": {
          "description": "The client secret, used by the `client_secret_basic`, `client_secret_post` and `client_secret_jwt` authentication methods",
          "type": "string"