52 lines
1.7 KiB
Markdown
52 lines
1.7 KiB
Markdown
# Register OAuth Client App
|
|
|
|
**ID:** DEV-005
|
|
**Priority:** Medium
|
|
**Status:** Planned
|
|
|
|
## User Story
|
|
As a developer, I want to register my application as an OAuth client so that users can authorize my app to access their data using standard OAuth 2.0 flows.
|
|
|
|
## Acceptance Criteria
|
|
- [ ] Register OAuth 2.0 client application
|
|
- [ ] Support Authorization Code flow
|
|
- [ ] Support PKCE for public clients (mobile/SPA)
|
|
- [ ] Configure allowed scopes per client
|
|
- [ ] Consent screen customization
|
|
- [ ] Token endpoint for code exchange
|
|
- [ ] Refresh token support
|
|
- [ ] Client credentials flow for server-to-server
|
|
|
|
## Technical Notes
|
|
- OAuth/OIDC client registration is now part of the Apps system
|
|
- **For organization owners**: Use Custom OIDC Apps (ORG-011) to create OAuth clients
|
|
- **For third-party developers**: Submit to AppStore (DEV-008) for public apps
|
|
- Standard OAuth 2.0 / OpenID Connect flows supported
|
|
- Scopes: openid, profile, email, organizations
|
|
- PKCE is required for mobile and SPA security
|
|
|
|
## Implementation Path
|
|
|
|
This story's functionality is now implemented through:
|
|
1. **Custom OIDC Apps** (ORG-011) - Create org-specific OAuth clients via the Apps UI
|
|
2. **Partner Apps** (DEV-008) - Submit public apps to the AppStore
|
|
|
|
Both use the same underlying `IOAuthCredentials` model:
|
|
```typescript
|
|
interface IOAuthCredentials {
|
|
clientId: string;
|
|
clientSecretHash: string;
|
|
redirectUris: string[];
|
|
allowedScopes: string[];
|
|
grantTypes: ('authorization_code' | 'client_credentials' | 'refresh_token')[];
|
|
}
|
|
```
|
|
|
|
## Related Stories
|
|
- ORG-011: Create Custom OIDC Apps (primary implementation)
|
|
- DEV-004: Proper App ID Initialization
|
|
- DEV-008: Submit App to AppStore
|
|
|
|
## Related TODOs
|
|
- New feature - OAuth server implementation
|