synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-12 00:14:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f2983164f550be7bb4fa2bc8b0536e446913111d
coder/coderd/database/migrations/000347_oauth2_dynamic_registration.down.sql
Thomas Kosiewski 74e1d5c4b6 feat: implement OAuth2 dynamic client registration (RFC 7591/7592) (#18645) 
# Implement OAuth2 Dynamic Client Registration (RFC 7591/7592)

This PR implements OAuth2 Dynamic Client Registration according to RFC 7591 and Client Configuration Management according to RFC 7592. These standards allow OAuth2 clients to register themselves programmatically with Coder as an authorization server.

Key changes include:

1. Added database schema extensions to support RFC 7591/7592 fields in the `oauth2_provider_apps` table
2. Implemented `/oauth2/register` endpoint for dynamic client registration (RFC 7591)
3. Added client configuration management endpoints (RFC 7592):
   - GET/PUT/DELETE `/oauth2/clients/{client_id}`
   - Registration access token validation middleware

4. Added comprehensive validation for OAuth2 client metadata:
   - URI validation with support for custom schemes for native apps
   - Grant type and response type validation
   - Token endpoint authentication method validation

5. Enhanced developer documentation with:
   - RFC compliance guidelines
   - Testing best practices to avoid race conditions
   - Systematic debugging approaches for OAuth2 implementations

The implementation follows security best practices from the RFCs, including proper token handling, secure defaults, and appropriate error responses. This enables third-party applications to integrate with Coder's OAuth2 provider capabilities programmatically.
2025-07-03 18:33:47 +02:00

31 lines
1.0 KiB
SQL
Raw Blame History

-- Remove RFC 7591 Dynamic Client Registration fields from oauth2_provider_apps
-- Remove RFC 7592 Management Fields
ALTER TABLE oauth2_provider_apps
DROP COLUMN IF EXISTS registration_access_token,
DROP COLUMN IF EXISTS registration_client_uri;
-- Remove RFC 7591 Advanced Fields
ALTER TABLE oauth2_provider_apps
DROP COLUMN IF EXISTS jwks_uri,
DROP COLUMN IF EXISTS jwks,
DROP COLUMN IF EXISTS software_id,
DROP COLUMN IF EXISTS software_version;
-- Remove RFC 7591 Optional Metadata Fields
ALTER TABLE oauth2_provider_apps
DROP COLUMN IF EXISTS client_uri,
DROP COLUMN IF EXISTS logo_uri,
DROP COLUMN IF EXISTS tos_uri,
DROP COLUMN IF EXISTS policy_uri;
-- Remove RFC 7591 Core Fields
ALTER TABLE oauth2_provider_apps
DROP COLUMN IF EXISTS client_id_issued_at,
DROP COLUMN IF EXISTS client_secret_expires_at,
DROP COLUMN IF EXISTS grant_types,
DROP COLUMN IF EXISTS response_types,
DROP COLUMN IF EXISTS token_endpoint_auth_method,
DROP COLUMN IF EXISTS scope,
DROP COLUMN IF EXISTS contacts;
Reference in New Issue View Git Blame Copy Permalink