app/stories/developer/DEV-005-oauth-client.md

Register OAuth Client App

ID: DEV-005 Priority: Medium Status: Planned

User Story

As a developer, I want to register my application as an OAuth client so that users can authorize my app to access their data using standard OAuth 2.0 flows.

Acceptance Criteria

• Register OAuth 2.0 client application
• Support Authorization Code flow
• Support PKCE for public clients (mobile/SPA)
• Configure allowed scopes per client
• Consent screen customization
• Token endpoint for code exchange
• Refresh token support
• Client credentials flow for server-to-server

Technical Notes

• OAuth/OIDC client registration is now part of the Apps system
• For organization owners: Use Custom OIDC Apps (ORG-011) to create OAuth clients
• For third-party developers: Submit to AppStore (DEV-008) for public apps
• Standard OAuth 2.0 / OpenID Connect flows supported
• Scopes: openid, profile, email, organizations
• PKCE is required for mobile and SPA security

Implementation Path

This story's functionality is now implemented through:

1. Custom OIDC Apps (ORG-011) - Create org-specific OAuth clients via the Apps UI
2. Partner Apps (DEV-008) - Submit public apps to the AppStore

Both use the same underlying IOAuthCredentials model:

interface IOAuthCredentials {
  clientId: string;
  clientSecretHash: string;
  redirectUris: string[];
  allowedScopes: string[];
  grantTypes: ('authorization_code' | 'client_credentials' | 'refresh_token')[];
}

Related Stories

• ORG-011: Create Custom OIDC Apps (primary implementation)
• DEV-004: Proper App ID Initialization
• DEV-008: Submit App to AppStore

Related TODOs

• New feature - OAuth server implementation