2.0 KiB
2.0 KiB
Create Custom OIDC Apps
ID: ORG-011 Priority: Medium Status: Planned Phase: 2
User Story
As an organization owner, I want to create custom OAuth/OIDC client applications so that I can integrate my own internal tools and services with the identity provider.
Acceptance Criteria
- Create a new custom OIDC application
- Configure application name and description
- Upload application logo
- Set application URL
- Configure redirect URIs
- Select allowed OAuth scopes
- Choose grant types (authorization_code, client_credentials, refresh_token)
- View client ID and client secret
- Regenerate client secret if compromised
- Edit existing applications
- Delete applications
- Configure token lifetimes
Technical Notes
- Custom OIDC apps are organization-scoped
- Client secret is hashed in database, shown only once at creation
- Redirect URIs validated to prevent open redirect attacks
- Standard OAuth 2.0 / OpenID Connect flows supported
- PKCE support for public clients
Data Model
interface ICustomOidcApp {
id: string;
type: 'custom_oidc';
data: {
name: string;
description: string;
logoUrl: string;
appUrl: string;
ownerOrganizationId: string;
oauthCredentials: IOAuthCredentials;
oidcSettings: {
accessTokenLifetime: number; // seconds
refreshTokenLifetime: number; // seconds
};
};
}
interface IOAuthCredentials {
clientId: string;
clientSecretHash: string;
redirectUris: string[];
allowedScopes: string[];
grantTypes: ('authorization_code' | 'client_credentials' | 'refresh_token')[];
}
UI Components
- AppsView - Custom OIDC tab with app list
- OidcAppFormView (
/account/org/:orgName/apps/custom/new) - Create new app form - OidcAppFormView (
/account/org/:orgName/apps/custom/:appId) - Edit existing app
Related Stories
- ORG-009: Connect Global Apps
- ORG-010: Browse and Install Partner Apps
- DEV-004: Proper App ID Initialization
- DEV-005: Register OAuth Client App