feat(apps): Add Apps subsystem: App and AppConnection models, managers, typed request handlers, web UI routes and documentation
This commit is contained in:
@@ -0,0 +1,65 @@
|
||||
# Connect Global Apps
|
||||
|
||||
**ID:** ORG-009
|
||||
**Priority:** High
|
||||
**Status:** In Development
|
||||
**Phase:** 1
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to connect and disconnect first-party apps (foss.global, task.vc, etc.) for my organization so that my team members can use these integrated services.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] View list of available global apps (foss.global, task.vc)
|
||||
- [ ] See connection status for each global app
|
||||
- [ ] Connect a global app to the organization
|
||||
- [ ] Disconnect a global app from the organization
|
||||
- [ ] View which user connected the app and when
|
||||
- [ ] See what scopes/permissions each app requires
|
||||
- [ ] Toggle does not require page reload
|
||||
|
||||
## Technical Notes
|
||||
- Global apps are pre-registered by the platform administrators
|
||||
- Uses `IAppConnection` to track org-to-app relationships
|
||||
- Connection creates OAuth authorization for the app
|
||||
- Apps access org data via granted scopes
|
||||
- No credentials shown to org owners (managed by platform)
|
||||
|
||||
## Data Model
|
||||
|
||||
```typescript
|
||||
interface IGlobalApp {
|
||||
id: string;
|
||||
type: 'global';
|
||||
data: {
|
||||
name: string;
|
||||
description: string;
|
||||
logoUrl: string;
|
||||
appUrl: string;
|
||||
oauthCredentials: IOAuthCredentials;
|
||||
isActive: boolean;
|
||||
category: string;
|
||||
};
|
||||
}
|
||||
|
||||
interface IAppConnection {
|
||||
id: string;
|
||||
data: {
|
||||
organizationId: string;
|
||||
appId: string;
|
||||
appType: 'global' | 'partner' | 'custom_oidc';
|
||||
status: 'active' | 'disconnected';
|
||||
connectedAt: number;
|
||||
connectedByUserId: string;
|
||||
grantedScopes: string[];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## UI Components
|
||||
- **AppsView** (`/account/org/:orgName/apps`) - Main tabbed interface
|
||||
- **Global Apps Tab** - List of global apps with toggle switches
|
||||
|
||||
## Related Stories
|
||||
- ORG-010: Browse and Install Partner Apps (AppStore)
|
||||
- ORG-011: Create Custom OIDC Apps
|
||||
- DEV-004: Proper App ID Initialization
|
||||
@@ -0,0 +1,63 @@
|
||||
# Browse and Install Partner Apps
|
||||
|
||||
**ID:** ORG-010
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
**Phase:** 3
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to browse and install partner apps from the AppStore so that my organization can benefit from third-party integrations.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Browse available partner apps in the AppStore
|
||||
- [ ] Search apps by name or description
|
||||
- [ ] Filter apps by category
|
||||
- [ ] View curated sections (Featured, Popular, New)
|
||||
- [ ] View app details (description, screenshots, pricing)
|
||||
- [ ] See app install count and ratings
|
||||
- [ ] Install/connect a partner app to the organization
|
||||
- [ ] Uninstall/disconnect a partner app
|
||||
- [ ] View installed apps list
|
||||
|
||||
## Technical Notes
|
||||
- Partner apps are submitted by other organizations (DEV-008)
|
||||
- Apps must be approved by platform admins before appearing in store
|
||||
- Uses `IPartnerApp` with `appStoreMetadata`
|
||||
- Connection uses same `IAppConnection` as global apps
|
||||
|
||||
## Data Model
|
||||
|
||||
```typescript
|
||||
interface IPartnerApp {
|
||||
id: string;
|
||||
type: 'partner';
|
||||
data: {
|
||||
name: string;
|
||||
description: string;
|
||||
logoUrl: string;
|
||||
appUrl: string;
|
||||
ownerOrganizationId: string;
|
||||
oauthCredentials: IOAuthCredentials;
|
||||
appStoreMetadata: {
|
||||
shortDescription: string;
|
||||
longDescription: string;
|
||||
screenshots: string[];
|
||||
category: string;
|
||||
tags: string[];
|
||||
pricing: { model: 'free' | 'paid' | 'freemium' };
|
||||
};
|
||||
approvalStatus: TAppApprovalStatus;
|
||||
isPublished: boolean;
|
||||
installCount: number;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## UI Components
|
||||
- **AppsView** - App Store tab with search and categories
|
||||
- **AppStoreDetailView** (`/account/org/:orgName/apps/store/:appId`) - Full app details page
|
||||
|
||||
## Related Stories
|
||||
- ORG-009: Connect Global Apps
|
||||
- ORG-011: Create Custom OIDC Apps
|
||||
- DEV-008: Submit App to AppStore
|
||||
@@ -0,0 +1,70 @@
|
||||
# Create Custom OIDC Apps
|
||||
|
||||
**ID:** ORG-011
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
**Phase:** 2
|
||||
|
||||
## User Story
|
||||
As an organization owner, I want to create custom OAuth/OIDC client applications so that I can integrate my own internal tools and services with the identity provider.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Create a new custom OIDC application
|
||||
- [ ] Configure application name and description
|
||||
- [ ] Upload application logo
|
||||
- [ ] Set application URL
|
||||
- [ ] Configure redirect URIs
|
||||
- [ ] Select allowed OAuth scopes
|
||||
- [ ] Choose grant types (authorization_code, client_credentials, refresh_token)
|
||||
- [ ] View client ID and client secret
|
||||
- [ ] Regenerate client secret if compromised
|
||||
- [ ] Edit existing applications
|
||||
- [ ] Delete applications
|
||||
- [ ] Configure token lifetimes
|
||||
|
||||
## Technical Notes
|
||||
- Custom OIDC apps are organization-scoped
|
||||
- Client secret is hashed in database, shown only once at creation
|
||||
- Redirect URIs validated to prevent open redirect attacks
|
||||
- Standard OAuth 2.0 / OpenID Connect flows supported
|
||||
- PKCE support for public clients
|
||||
|
||||
## Data Model
|
||||
|
||||
```typescript
|
||||
interface ICustomOidcApp {
|
||||
id: string;
|
||||
type: 'custom_oidc';
|
||||
data: {
|
||||
name: string;
|
||||
description: string;
|
||||
logoUrl: string;
|
||||
appUrl: string;
|
||||
ownerOrganizationId: string;
|
||||
oauthCredentials: IOAuthCredentials;
|
||||
oidcSettings: {
|
||||
accessTokenLifetime: number; // seconds
|
||||
refreshTokenLifetime: number; // seconds
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
interface IOAuthCredentials {
|
||||
clientId: string;
|
||||
clientSecretHash: string;
|
||||
redirectUris: string[];
|
||||
allowedScopes: string[];
|
||||
grantTypes: ('authorization_code' | 'client_credentials' | 'refresh_token')[];
|
||||
}
|
||||
```
|
||||
|
||||
## UI Components
|
||||
- **AppsView** - Custom OIDC tab with app list
|
||||
- **OidcAppFormView** (`/account/org/:orgName/apps/custom/new`) - Create new app form
|
||||
- **OidcAppFormView** (`/account/org/:orgName/apps/custom/:appId`) - Edit existing app
|
||||
|
||||
## Related Stories
|
||||
- ORG-009: Connect Global Apps
|
||||
- ORG-010: Browse and Install Partner Apps
|
||||
- DEV-004: Proper App ID Initialization
|
||||
- DEV-005: Register OAuth Client App
|
||||
Reference in New Issue
Block a user