Add full OAuth provider functionality and enhance flows
- Implemented OAuth 2.0 Authorization Server endpoints per RFCs, including token, introspection, revocation, and metadata discovery. - Added user consent submission, listing, and revocation APIs alongside frontend integration for improved UX. - Enforced stricter OAuth security measures (PKCE, state validation, scopes). - Refactored schemas and services for consistency and expanded coverage of OAuth workflows. - Updated documentation and type definitions for new API behaviors.
This commit is contained in:
Felipe Cardoso
@@ -95,7 +95,7 @@ export default function OAuthConsentPage() {
|
||||
// Note: t is available for future i18n use
|
||||
const _t = useTranslations('auth.oauth');
|
||||
void _t; // Suppress unused warning - ready for i18n
|
||||
const { isAuthenticated, isLoading: authLoading } = useAuth();
|
||||
const { isAuthenticated, isLoading: authLoading, accessToken } = useAuth();
|
||||
|
||||
const [isSubmitting, setIsSubmitting] = useState(false);
|
||||
const [error, setError] = useState<string | null>(null);
|
||||
@@ -181,9 +181,14 @@ export default function OAuthConsentPage() {
|
||||
|
||||
// Submit consent to backend
|
||||
const apiUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:8000';
|
||||
const headers: HeadersInit = {};
|
||||
if (accessToken) {
|
||||
headers['Authorization'] = `Bearer ${accessToken}`;
|
||||
}
|
||||
const response = await fetch(`${apiUrl}/api/v1/oauth/provider/authorize/consent`, {
|
||||
method: 'POST',
|
||||
body: formData,
|
||||
headers,
|
||||
credentials: 'include',
|
||||
});
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
import { type Client, type Options as Options2, type TDataShape, urlSearchParamsBodySerializer } from './client';
|
||||
import { client } from './client.gen';
|
||||
import type { AdminActivateUserData, AdminActivateUserErrors, AdminActivateUserResponses, AdminAddOrganizationMemberData, AdminAddOrganizationMemberErrors, AdminAddOrganizationMemberResponses, AdminBulkUserActionData, AdminBulkUserActionErrors, AdminBulkUserActionResponses, AdminCreateOrganizationData, AdminCreateOrganizationErrors, AdminCreateOrganizationResponses, AdminCreateUserData, AdminCreateUserErrors, AdminCreateUserResponses, AdminDeactivateUserData, AdminDeactivateUserErrors, AdminDeactivateUserResponses, AdminDeleteOrganizationData, AdminDeleteOrganizationErrors, AdminDeleteOrganizationResponses, AdminDeleteUserData, AdminDeleteUserErrors, AdminDeleteUserResponses, AdminGetOrganizationData, AdminGetOrganizationErrors, AdminGetOrganizationResponses, AdminGetStatsData, AdminGetStatsResponses, AdminGetUserData, AdminGetUserErrors, AdminGetUserResponses, AdminListOrganizationMembersData, AdminListOrganizationMembersErrors, AdminListOrganizationMembersResponses, AdminListOrganizationsData, AdminListOrganizationsErrors, AdminListOrganizationsResponses, AdminListSessionsData, AdminListSessionsErrors, AdminListSessionsResponses, AdminListUsersData, AdminListUsersErrors, AdminListUsersResponses, AdminRemoveOrganizationMemberData, AdminRemoveOrganizationMemberErrors, AdminRemoveOrganizationMemberResponses, AdminUpdateOrganizationData, AdminUpdateOrganizationErrors, AdminUpdateOrganizationResponses, AdminUpdateUserData, AdminUpdateUserErrors, AdminUpdateUserResponses, ChangeCurrentUserPasswordData, ChangeCurrentUserPasswordErrors, ChangeCurrentUserPasswordResponses, CleanupExpiredSessionsData, CleanupExpiredSessionsResponses, ConfirmPasswordResetData, ConfirmPasswordResetErrors, ConfirmPasswordResetResponses, DeleteUserData, DeleteUserErrors, DeleteUserResponses, GetCurrentUserProfileData, GetCurrentUserProfileResponses, GetMyOrganizationsData, GetMyOrganizationsErrors, GetMyOrganizationsResponses, GetOauthAuthorizationUrlData, GetOauthAuthorizationUrlErrors, GetOauthAuthorizationUrlResponses, GetOauthServerMetadataData, GetOauthServerMetadataResponses, GetOrganizationData, GetOrganizationErrors, GetOrganizationMembersData, GetOrganizationMembersErrors, GetOrganizationMembersResponses, GetOrganizationResponses, GetUserByIdData, GetUserByIdErrors, GetUserByIdResponses, HandleOauthCallbackData, HandleOauthCallbackErrors, HandleOauthCallbackResponses, HealthCheckData, HealthCheckResponses, ListMySessionsData, ListMySessionsResponses, ListOauthAccountsData, ListOauthAccountsResponses, ListOauthProvidersData, ListOauthProvidersResponses, ListUsersData, ListUsersErrors, ListUsersResponses, LoginData, LoginErrors, LoginOauthData, LoginOauthErrors, LoginOauthResponses, LoginResponses, LogoutAllData, LogoutAllResponses, LogoutData, LogoutErrors, LogoutResponses, OauthProviderAuthorizeData, OauthProviderAuthorizeErrors, OauthProviderAuthorizeResponses, OauthProviderRevokeData, OauthProviderRevokeErrors, OauthProviderRevokeResponses, OauthProviderTokenData, OauthProviderTokenErrors, OauthProviderTokenResponses, RefreshTokenData, RefreshTokenErrors, RefreshTokenResponses, RegisterData, RegisterErrors, RegisterOauthClientData, RegisterOauthClientErrors, RegisterOauthClientResponses, RegisterResponses, RequestPasswordResetData, RequestPasswordResetErrors, RequestPasswordResetResponses, RevokeSessionData, RevokeSessionErrors, RevokeSessionResponses, RootGetData, RootGetResponses, StartOauthLinkData, StartOauthLinkErrors, StartOauthLinkResponses, UnlinkOauthAccountData, UnlinkOauthAccountErrors, UnlinkOauthAccountResponses, UpdateCurrentUserData, UpdateCurrentUserErrors, UpdateCurrentUserResponses, UpdateOrganizationData, UpdateOrganizationErrors, UpdateOrganizationResponses, UpdateUserData, UpdateUserErrors, UpdateUserResponses } from './types.gen';
|
||||
import type { AdminActivateUserData, AdminActivateUserErrors, AdminActivateUserResponses, AdminAddOrganizationMemberData, AdminAddOrganizationMemberErrors, AdminAddOrganizationMemberResponses, AdminBulkUserActionData, AdminBulkUserActionErrors, AdminBulkUserActionResponses, AdminCreateOrganizationData, AdminCreateOrganizationErrors, AdminCreateOrganizationResponses, AdminCreateUserData, AdminCreateUserErrors, AdminCreateUserResponses, AdminDeactivateUserData, AdminDeactivateUserErrors, AdminDeactivateUserResponses, AdminDeleteOrganizationData, AdminDeleteOrganizationErrors, AdminDeleteOrganizationResponses, AdminDeleteUserData, AdminDeleteUserErrors, AdminDeleteUserResponses, AdminGetOrganizationData, AdminGetOrganizationErrors, AdminGetOrganizationResponses, AdminGetStatsData, AdminGetStatsResponses, AdminGetUserData, AdminGetUserErrors, AdminGetUserResponses, AdminListOrganizationMembersData, AdminListOrganizationMembersErrors, AdminListOrganizationMembersResponses, AdminListOrganizationsData, AdminListOrganizationsErrors, AdminListOrganizationsResponses, AdminListSessionsData, AdminListSessionsErrors, AdminListSessionsResponses, AdminListUsersData, AdminListUsersErrors, AdminListUsersResponses, AdminRemoveOrganizationMemberData, AdminRemoveOrganizationMemberErrors, AdminRemoveOrganizationMemberResponses, AdminUpdateOrganizationData, AdminUpdateOrganizationErrors, AdminUpdateOrganizationResponses, AdminUpdateUserData, AdminUpdateUserErrors, AdminUpdateUserResponses, ChangeCurrentUserPasswordData, ChangeCurrentUserPasswordErrors, ChangeCurrentUserPasswordResponses, CleanupExpiredSessionsData, CleanupExpiredSessionsResponses, ConfirmPasswordResetData, ConfirmPasswordResetErrors, ConfirmPasswordResetResponses, DeleteOauthClientData, DeleteOauthClientErrors, DeleteOauthClientResponses, DeleteUserData, DeleteUserErrors, DeleteUserResponses, GetCurrentUserProfileData, GetCurrentUserProfileResponses, GetMyOrganizationsData, GetMyOrganizationsErrors, GetMyOrganizationsResponses, GetOauthAuthorizationUrlData, GetOauthAuthorizationUrlErrors, GetOauthAuthorizationUrlResponses, GetOauthServerMetadataData, GetOauthServerMetadataResponses, GetOrganizationData, GetOrganizationErrors, GetOrganizationMembersData, GetOrganizationMembersErrors, GetOrganizationMembersResponses, GetOrganizationResponses, GetUserByIdData, GetUserByIdErrors, GetUserByIdResponses, HandleOauthCallbackData, HandleOauthCallbackErrors, HandleOauthCallbackResponses, HealthCheckData, HealthCheckResponses, ListMyOauthConsentsData, ListMyOauthConsentsResponses, ListMySessionsData, ListMySessionsResponses, ListOauthAccountsData, ListOauthAccountsResponses, ListOauthClientsData, ListOauthClientsResponses, ListOauthProvidersData, ListOauthProvidersResponses, ListUsersData, ListUsersErrors, ListUsersResponses, LoginData, LoginErrors, LoginOauthData, LoginOauthErrors, LoginOauthResponses, LoginResponses, LogoutAllData, LogoutAllResponses, LogoutData, LogoutErrors, LogoutResponses, OauthProviderAuthorizeData, OauthProviderAuthorizeErrors, OauthProviderAuthorizeResponses, OauthProviderConsentData, OauthProviderConsentErrors, OauthProviderConsentResponses, OauthProviderIntrospectData, OauthProviderIntrospectErrors, OauthProviderIntrospectResponses, OauthProviderRevokeData, OauthProviderRevokeErrors, OauthProviderRevokeResponses, OauthProviderTokenData, OauthProviderTokenErrors, OauthProviderTokenResponses, RefreshTokenData, RefreshTokenErrors, RefreshTokenResponses, RegisterData, RegisterErrors, RegisterOauthClientData, RegisterOauthClientErrors, RegisterOauthClientResponses, RegisterResponses, RequestPasswordResetData, RequestPasswordResetErrors, RequestPasswordResetResponses, RevokeMyOauthConsentData, RevokeMyOauthConsentErrors, RevokeMyOauthConsentResponses, RevokeSessionData, RevokeSessionErrors, RevokeSessionResponses, RootGetData, RootGetResponses, StartOauthLinkData, StartOauthLinkErrors, StartOauthLinkResponses, UnlinkOauthAccountData, UnlinkOauthAccountErrors, UnlinkOauthAccountResponses, UpdateCurrentUserData, UpdateCurrentUserErrors, UpdateCurrentUserResponses, UpdateOrganizationData, UpdateOrganizationErrors, UpdateOrganizationResponses, UpdateUserData, UpdateUserErrors, UpdateUserResponses } from './types.gen';
|
||||
|
||||
export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = Options2<TData, ThrowOnError> & {
|
||||
/**
|
||||
@@ -353,34 +353,26 @@ export const startOauthLink = <ThrowOnError extends boolean = false>(options: Op
|
||||
};
|
||||
|
||||
/**
|
||||
* OAuth Server Metadata
|
||||
*
|
||||
* OAuth 2.0 Authorization Server Metadata (RFC 8414).
|
||||
*
|
||||
* Returns server metadata including supported endpoints, scopes,
|
||||
* and capabilities for MCP clients.
|
||||
*/
|
||||
export const getOauthServerMetadata = <ThrowOnError extends boolean = false>(options?: Options<GetOauthServerMetadataData, ThrowOnError>) => {
|
||||
return (options?.client ?? client).get<GetOauthServerMetadataResponses, unknown, ThrowOnError>({
|
||||
responseType: 'json',
|
||||
url: '/api/v1/oauth/.well-known/oauth-authorization-server',
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Authorization Endpoint (Skeleton)
|
||||
* Authorization Endpoint
|
||||
*
|
||||
* OAuth 2.0 Authorization Endpoint.
|
||||
*
|
||||
* **NOTE**: This is a skeleton implementation. In a full implementation,
|
||||
* this would:
|
||||
* 1. Validate client_id and redirect_uri
|
||||
* 2. Display consent screen to user
|
||||
* 3. Generate authorization code
|
||||
* 4. Redirect back to client with code
|
||||
* Initiates the authorization code flow:
|
||||
* 1. Validates client and parameters
|
||||
* 2. Checks if user is authenticated (redirects to login if not)
|
||||
* 3. Checks existing consent
|
||||
* 4. Redirects to consent page if needed
|
||||
* 5. Issues authorization code and redirects back to client
|
||||
*
|
||||
* Currently returns a 501 Not Implemented response.
|
||||
* Required parameters:
|
||||
* - response_type: Must be "code"
|
||||
* - client_id: Registered client ID
|
||||
* - redirect_uri: Must match registered URI
|
||||
*
|
||||
* Recommended parameters:
|
||||
* - state: CSRF protection
|
||||
* - code_challenge + code_challenge_method: PKCE (required for public clients)
|
||||
* - scope: Requested permissions
|
||||
*/
|
||||
export const oauthProviderAuthorize = <ThrowOnError extends boolean = false>(options: Options<OauthProviderAuthorizeData, ThrowOnError>) => {
|
||||
return (options.client ?? client).get<OauthProviderAuthorizeResponses, OauthProviderAuthorizeErrors, ThrowOnError>({
|
||||
@@ -391,14 +383,43 @@ export const oauthProviderAuthorize = <ThrowOnError extends boolean = false>(opt
|
||||
};
|
||||
|
||||
/**
|
||||
* Token Endpoint (Skeleton)
|
||||
* Submit Authorization Consent
|
||||
*
|
||||
* Submit user consent for OAuth authorization.
|
||||
*
|
||||
* Called by the consent page after user approves or denies.
|
||||
*/
|
||||
export const oauthProviderConsent = <ThrowOnError extends boolean = false>(options: Options<OauthProviderConsentData, ThrowOnError>) => {
|
||||
return (options.client ?? client).post<OauthProviderConsentResponses, OauthProviderConsentErrors, ThrowOnError>({
|
||||
...urlSearchParamsBodySerializer,
|
||||
responseType: 'json',
|
||||
security: [
|
||||
{
|
||||
scheme: 'bearer',
|
||||
type: 'http'
|
||||
}
|
||||
],
|
||||
url: '/api/v1/oauth/provider/authorize/consent',
|
||||
...options,
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
...options.headers
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Token Endpoint
|
||||
*
|
||||
* OAuth 2.0 Token Endpoint.
|
||||
*
|
||||
* **NOTE**: This is a skeleton implementation. In a full implementation,
|
||||
* this would exchange authorization codes for access tokens.
|
||||
* Supports:
|
||||
* - authorization_code: Exchange code for tokens
|
||||
* - refresh_token: Refresh access token
|
||||
*
|
||||
* Currently returns a 501 Not Implemented response.
|
||||
* Client authentication:
|
||||
* - Confidential clients: client_secret (Basic auth or POST body)
|
||||
* - Public clients: No secret, but PKCE code_verifier required
|
||||
*/
|
||||
export const oauthProviderToken = <ThrowOnError extends boolean = false>(options: Options<OauthProviderTokenData, ThrowOnError>) => {
|
||||
return (options.client ?? client).post<OauthProviderTokenResponses, OauthProviderTokenErrors, ThrowOnError>({
|
||||
@@ -414,13 +435,12 @@ export const oauthProviderToken = <ThrowOnError extends boolean = false>(options
|
||||
};
|
||||
|
||||
/**
|
||||
* Token Revocation Endpoint (Skeleton)
|
||||
* Token Revocation Endpoint
|
||||
*
|
||||
* OAuth 2.0 Token Revocation Endpoint (RFC 7009).
|
||||
*
|
||||
* **NOTE**: This is a skeleton implementation.
|
||||
*
|
||||
* Currently returns a 501 Not Implemented response.
|
||||
* Revokes an access token or refresh token.
|
||||
* Always returns 200 OK (even if token is invalid) per spec.
|
||||
*/
|
||||
export const oauthProviderRevoke = <ThrowOnError extends boolean = false>(options: Options<OauthProviderRevokeData, ThrowOnError>) => {
|
||||
return (options.client ?? client).post<OauthProviderRevokeResponses, OauthProviderRevokeErrors, ThrowOnError>({
|
||||
@@ -436,19 +456,65 @@ export const oauthProviderRevoke = <ThrowOnError extends boolean = false>(option
|
||||
};
|
||||
|
||||
/**
|
||||
* Register OAuth Client (Admin)
|
||||
* Token Introspection Endpoint
|
||||
*
|
||||
* OAuth 2.0 Token Introspection Endpoint (RFC 7662).
|
||||
*
|
||||
* Allows resource servers to query the authorization server
|
||||
* to determine the active state and metadata of a token.
|
||||
*/
|
||||
export const oauthProviderIntrospect = <ThrowOnError extends boolean = false>(options: Options<OauthProviderIntrospectData, ThrowOnError>) => {
|
||||
return (options.client ?? client).post<OauthProviderIntrospectResponses, OauthProviderIntrospectErrors, ThrowOnError>({
|
||||
...urlSearchParamsBodySerializer,
|
||||
responseType: 'json',
|
||||
url: '/api/v1/oauth/provider/introspect',
|
||||
...options,
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
...options.headers
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* List OAuth Clients
|
||||
*
|
||||
* List all registered OAuth clients (admin only).
|
||||
*/
|
||||
export const listOauthClients = <ThrowOnError extends boolean = false>(options?: Options<ListOauthClientsData, ThrowOnError>) => {
|
||||
return (options?.client ?? client).get<ListOauthClientsResponses, unknown, ThrowOnError>({
|
||||
responseType: 'json',
|
||||
security: [
|
||||
{
|
||||
scheme: 'bearer',
|
||||
type: 'http'
|
||||
}
|
||||
],
|
||||
url: '/api/v1/oauth/provider/clients',
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Register OAuth Client
|
||||
*
|
||||
* Register a new OAuth client (admin only).
|
||||
*
|
||||
* This endpoint allows creating MCP clients that can authenticate
|
||||
* against this API.
|
||||
* Creates an MCP client that can authenticate against this API.
|
||||
* Returns client_id and client_secret (for confidential clients).
|
||||
*
|
||||
* **NOTE**: This is a minimal implementation.
|
||||
* **Important:** Store the client_secret securely - it won't be shown again!
|
||||
*/
|
||||
export const registerOauthClient = <ThrowOnError extends boolean = false>(options: Options<RegisterOauthClientData, ThrowOnError>) => {
|
||||
return (options.client ?? client).post<RegisterOauthClientResponses, RegisterOauthClientErrors, ThrowOnError>({
|
||||
...urlSearchParamsBodySerializer,
|
||||
responseType: 'json',
|
||||
security: [
|
||||
{
|
||||
scheme: 'bearer',
|
||||
type: 'http'
|
||||
}
|
||||
],
|
||||
url: '/api/v1/oauth/provider/clients',
|
||||
...options,
|
||||
headers: {
|
||||
@@ -458,6 +524,61 @@ export const registerOauthClient = <ThrowOnError extends boolean = false>(option
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Delete OAuth Client
|
||||
*
|
||||
* Delete an OAuth client (admin only). Revokes all tokens.
|
||||
*/
|
||||
export const deleteOauthClient = <ThrowOnError extends boolean = false>(options: Options<DeleteOauthClientData, ThrowOnError>) => {
|
||||
return (options.client ?? client).delete<DeleteOauthClientResponses, DeleteOauthClientErrors, ThrowOnError>({
|
||||
security: [
|
||||
{
|
||||
scheme: 'bearer',
|
||||
type: 'http'
|
||||
}
|
||||
],
|
||||
url: '/api/v1/oauth/provider/clients/{client_id}',
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* List My Consents
|
||||
*
|
||||
* List OAuth applications the current user has authorized.
|
||||
*/
|
||||
export const listMyOauthConsents = <ThrowOnError extends boolean = false>(options?: Options<ListMyOauthConsentsData, ThrowOnError>) => {
|
||||
return (options?.client ?? client).get<ListMyOauthConsentsResponses, unknown, ThrowOnError>({
|
||||
responseType: 'json',
|
||||
security: [
|
||||
{
|
||||
scheme: 'bearer',
|
||||
type: 'http'
|
||||
}
|
||||
],
|
||||
url: '/api/v1/oauth/provider/consents',
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Revoke My Consent
|
||||
*
|
||||
* Revoke authorization for an OAuth application. Also revokes all tokens.
|
||||
*/
|
||||
export const revokeMyOauthConsent = <ThrowOnError extends boolean = false>(options: Options<RevokeMyOauthConsentData, ThrowOnError>) => {
|
||||
return (options.client ?? client).delete<RevokeMyOauthConsentResponses, RevokeMyOauthConsentErrors, ThrowOnError>({
|
||||
security: [
|
||||
{
|
||||
scheme: 'bearer',
|
||||
type: 'http'
|
||||
}
|
||||
],
|
||||
url: '/api/v1/oauth/provider/consents/{client_id}',
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* List Users
|
||||
*
|
||||
@@ -1166,3 +1287,21 @@ export const getOrganizationMembers = <ThrowOnError extends boolean = false>(opt
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* OAuth Server Metadata
|
||||
*
|
||||
* OAuth 2.0 Authorization Server Metadata (RFC 8414).
|
||||
*
|
||||
* Returns server metadata including supported endpoints, scopes,
|
||||
* and capabilities. MCP clients use this to discover the server.
|
||||
*
|
||||
* Note: This endpoint is at the root level per RFC 8414.
|
||||
*/
|
||||
export const getOauthServerMetadata = <ThrowOnError extends boolean = false>(options?: Options<GetOauthServerMetadataData, ThrowOnError>) => {
|
||||
return (options?.client ?? client).get<GetOauthServerMetadataResponses, unknown, ThrowOnError>({
|
||||
responseType: 'json',
|
||||
url: '/.well-known/oauth-authorization-server',
|
||||
...options
|
||||
});
|
||||
};
|
||||
|
||||
@@ -145,6 +145,84 @@ export type BodyLoginOauth = {
|
||||
client_secret?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
* Body_oauth_provider_consent
|
||||
*/
|
||||
export type BodyOauthProviderConsent = {
|
||||
/**
|
||||
* Approved
|
||||
*
|
||||
* Whether user approved
|
||||
*/
|
||||
approved: boolean;
|
||||
/**
|
||||
* Client Id
|
||||
*
|
||||
* OAuth client ID
|
||||
*/
|
||||
client_id: string;
|
||||
/**
|
||||
* Redirect Uri
|
||||
*
|
||||
* Redirect URI
|
||||
*/
|
||||
redirect_uri: string;
|
||||
/**
|
||||
* Scope
|
||||
*
|
||||
* Granted scopes
|
||||
*/
|
||||
scope?: string;
|
||||
/**
|
||||
* State
|
||||
*
|
||||
* CSRF state parameter
|
||||
*/
|
||||
state?: string;
|
||||
/**
|
||||
* Code Challenge
|
||||
*/
|
||||
code_challenge?: string | null;
|
||||
/**
|
||||
* Code Challenge Method
|
||||
*/
|
||||
code_challenge_method?: string | null;
|
||||
/**
|
||||
* Nonce
|
||||
*/
|
||||
nonce?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
* Body_oauth_provider_introspect
|
||||
*/
|
||||
export type BodyOauthProviderIntrospect = {
|
||||
/**
|
||||
* Token
|
||||
*
|
||||
* Token to introspect
|
||||
*/
|
||||
token: string;
|
||||
/**
|
||||
* Token Type Hint
|
||||
*
|
||||
* Token type hint (access_token, refresh_token)
|
||||
*/
|
||||
token_type_hint?: string | null;
|
||||
/**
|
||||
* Client Id
|
||||
*
|
||||
* Client ID
|
||||
*/
|
||||
client_id?: string | null;
|
||||
/**
|
||||
* Client Secret
|
||||
*
|
||||
* Client secret
|
||||
*/
|
||||
client_secret?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
* Body_oauth_provider_revoke
|
||||
*/
|
||||
@@ -182,7 +260,7 @@ export type BodyOauthProviderToken = {
|
||||
/**
|
||||
* Grant Type
|
||||
*
|
||||
* Grant type (authorization_code)
|
||||
* Grant type
|
||||
*/
|
||||
grant_type: string;
|
||||
/**
|
||||
@@ -221,6 +299,12 @@ export type BodyOauthProviderToken = {
|
||||
* Refresh token
|
||||
*/
|
||||
refresh_token?: string | null;
|
||||
/**
|
||||
* Scope
|
||||
*
|
||||
* Scope (for refresh)
|
||||
*/
|
||||
scope?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -236,7 +320,7 @@ export type BodyRegisterOauthClient = {
|
||||
/**
|
||||
* Redirect Uris
|
||||
*
|
||||
* Comma-separated list of redirect URIs
|
||||
* Comma-separated redirect URIs
|
||||
*/
|
||||
redirect_uris: string;
|
||||
/**
|
||||
@@ -245,6 +329,18 @@ export type BodyRegisterOauthClient = {
|
||||
* public or confidential
|
||||
*/
|
||||
client_type?: string;
|
||||
/**
|
||||
* Scopes
|
||||
*
|
||||
* Allowed scopes (space-separated)
|
||||
*/
|
||||
scopes?: string;
|
||||
/**
|
||||
* Mcp Server Url
|
||||
*
|
||||
* MCP server URL
|
||||
*/
|
||||
mcp_server_url?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -454,6 +550,60 @@ export type OAuthCallbackResponse = {
|
||||
is_new_user?: boolean;
|
||||
};
|
||||
|
||||
/**
|
||||
* OAuthClientResponse
|
||||
*
|
||||
* Schema for OAuth client response.
|
||||
*/
|
||||
export type OAuthClientResponse = {
|
||||
/**
|
||||
* Client Name
|
||||
*
|
||||
* Client application name
|
||||
*/
|
||||
client_name: string;
|
||||
/**
|
||||
* Client Description
|
||||
*
|
||||
* Client description
|
||||
*/
|
||||
client_description?: string | null;
|
||||
/**
|
||||
* Redirect Uris
|
||||
*
|
||||
* Allowed redirect URIs
|
||||
*/
|
||||
redirect_uris?: Array<string>;
|
||||
/**
|
||||
* Allowed Scopes
|
||||
*
|
||||
* Allowed OAuth scopes
|
||||
*/
|
||||
allowed_scopes?: Array<string>;
|
||||
/**
|
||||
* Id
|
||||
*/
|
||||
id: string;
|
||||
/**
|
||||
* Client Id
|
||||
*
|
||||
* OAuth client ID
|
||||
*/
|
||||
client_id: string;
|
||||
/**
|
||||
* Client Type
|
||||
*/
|
||||
client_type: string;
|
||||
/**
|
||||
* Is Active
|
||||
*/
|
||||
is_active: boolean;
|
||||
/**
|
||||
* Created At
|
||||
*/
|
||||
created_at: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* OAuthProviderInfo
|
||||
*
|
||||
@@ -536,6 +686,12 @@ export type OAuthServerMetadata = {
|
||||
* Token revocation endpoint
|
||||
*/
|
||||
revocation_endpoint?: string | null;
|
||||
/**
|
||||
* Introspection Endpoint
|
||||
*
|
||||
* Token introspection endpoint (RFC 7662)
|
||||
*/
|
||||
introspection_endpoint?: string | null;
|
||||
/**
|
||||
* Scopes Supported
|
||||
*
|
||||
@@ -560,6 +716,124 @@ export type OAuthServerMetadata = {
|
||||
* Supported PKCE methods
|
||||
*/
|
||||
code_challenge_methods_supported?: Array<string>;
|
||||
/**
|
||||
* Token Endpoint Auth Methods Supported
|
||||
*
|
||||
* Supported client authentication methods
|
||||
*/
|
||||
token_endpoint_auth_methods_supported?: Array<string>;
|
||||
};
|
||||
|
||||
/**
|
||||
* OAuthTokenIntrospectionResponse
|
||||
*
|
||||
* OAuth 2.0 Token Introspection Response (RFC 7662).
|
||||
*/
|
||||
export type OAuthTokenIntrospectionResponse = {
|
||||
/**
|
||||
* Active
|
||||
*
|
||||
* Whether the token is currently active
|
||||
*/
|
||||
active: boolean;
|
||||
/**
|
||||
* Scope
|
||||
*
|
||||
* Space-separated list of scopes
|
||||
*/
|
||||
scope?: string | null;
|
||||
/**
|
||||
* Client Id
|
||||
*
|
||||
* Client identifier for the token
|
||||
*/
|
||||
client_id?: string | null;
|
||||
/**
|
||||
* Username
|
||||
*
|
||||
* Human-readable identifier for the resource owner
|
||||
*/
|
||||
username?: string | null;
|
||||
/**
|
||||
* Token Type
|
||||
*
|
||||
* Type of the token (e.g., 'Bearer')
|
||||
*/
|
||||
token_type?: string | null;
|
||||
/**
|
||||
* Exp
|
||||
*
|
||||
* Token expiration time (Unix timestamp)
|
||||
*/
|
||||
exp?: number | null;
|
||||
/**
|
||||
* Iat
|
||||
*
|
||||
* Token issue time (Unix timestamp)
|
||||
*/
|
||||
iat?: number | null;
|
||||
/**
|
||||
* Nbf
|
||||
*
|
||||
* Token not-before time (Unix timestamp)
|
||||
*/
|
||||
nbf?: number | null;
|
||||
/**
|
||||
* Sub
|
||||
*
|
||||
* Subject of the token (user ID)
|
||||
*/
|
||||
sub?: string | null;
|
||||
/**
|
||||
* Aud
|
||||
*
|
||||
* Intended audience of the token
|
||||
*/
|
||||
aud?: string | null;
|
||||
/**
|
||||
* Iss
|
||||
*
|
||||
* Issuer of the token
|
||||
*/
|
||||
iss?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
* OAuthTokenResponse
|
||||
*
|
||||
* OAuth 2.0 Token Response (RFC 6749 Section 5.1).
|
||||
*/
|
||||
export type OAuthTokenResponse = {
|
||||
/**
|
||||
* Access Token
|
||||
*
|
||||
* The access token issued by the server
|
||||
*/
|
||||
access_token: string;
|
||||
/**
|
||||
* Token Type
|
||||
*
|
||||
* The type of token (typically 'Bearer')
|
||||
*/
|
||||
token_type?: string;
|
||||
/**
|
||||
* Expires In
|
||||
*
|
||||
* Token lifetime in seconds
|
||||
*/
|
||||
expires_in?: number | null;
|
||||
/**
|
||||
* Refresh Token
|
||||
*
|
||||
* Refresh token for obtaining new access tokens
|
||||
*/
|
||||
refresh_token?: string | null;
|
||||
/**
|
||||
* Scope
|
||||
*
|
||||
* Space-separated list of granted scopes
|
||||
*/
|
||||
scope?: string | null;
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1610,24 +1884,14 @@ export type StartOauthLinkResponses = {
|
||||
|
||||
export type StartOauthLinkResponse = StartOauthLinkResponses[keyof StartOauthLinkResponses];
|
||||
|
||||
export type GetOauthServerMetadataData = {
|
||||
body?: never;
|
||||
path?: never;
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/.well-known/oauth-authorization-server';
|
||||
};
|
||||
|
||||
export type GetOauthServerMetadataResponses = {
|
||||
/**
|
||||
* Successful Response
|
||||
*/
|
||||
200: OAuthServerMetadata;
|
||||
};
|
||||
|
||||
export type GetOauthServerMetadataResponse = GetOauthServerMetadataResponses[keyof GetOauthServerMetadataResponses];
|
||||
|
||||
export type OauthProviderAuthorizeData = {
|
||||
body?: never;
|
||||
headers?: {
|
||||
/**
|
||||
* Authorization
|
||||
*/
|
||||
authorization?: string;
|
||||
};
|
||||
path?: never;
|
||||
query: {
|
||||
/**
|
||||
@@ -1651,7 +1915,7 @@ export type OauthProviderAuthorizeData = {
|
||||
/**
|
||||
* Scope
|
||||
*
|
||||
* Requested scopes
|
||||
* Requested scopes (space-separated)
|
||||
*/
|
||||
scope?: string;
|
||||
/**
|
||||
@@ -1672,6 +1936,12 @@ export type OauthProviderAuthorizeData = {
|
||||
* PKCE method (S256)
|
||||
*/
|
||||
code_challenge_method?: string | null;
|
||||
/**
|
||||
* Nonce
|
||||
*
|
||||
* OpenID Connect nonce
|
||||
*/
|
||||
nonce?: string | null;
|
||||
};
|
||||
url: '/api/v1/oauth/provider/authorize';
|
||||
};
|
||||
@@ -1694,6 +1964,31 @@ export type OauthProviderAuthorizeResponses = {
|
||||
200: unknown;
|
||||
};
|
||||
|
||||
export type OauthProviderConsentData = {
|
||||
body: BodyOauthProviderConsent;
|
||||
path?: never;
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/provider/authorize/consent';
|
||||
};
|
||||
|
||||
export type OauthProviderConsentErrors = {
|
||||
/**
|
||||
* Validation Error
|
||||
*/
|
||||
422: HttpValidationError;
|
||||
};
|
||||
|
||||
export type OauthProviderConsentError = OauthProviderConsentErrors[keyof OauthProviderConsentErrors];
|
||||
|
||||
export type OauthProviderConsentResponses = {
|
||||
/**
|
||||
* Response Oauth Provider Consent
|
||||
*
|
||||
* Successful Response
|
||||
*/
|
||||
200: unknown;
|
||||
};
|
||||
|
||||
export type OauthProviderTokenData = {
|
||||
body: BodyOauthProviderToken;
|
||||
path?: never;
|
||||
@@ -1712,13 +2007,13 @@ export type OauthProviderTokenError = OauthProviderTokenErrors[keyof OauthProvid
|
||||
|
||||
export type OauthProviderTokenResponses = {
|
||||
/**
|
||||
* Response Oauth Provider Token
|
||||
*
|
||||
* Successful Response
|
||||
*/
|
||||
200: unknown;
|
||||
200: OAuthTokenResponse;
|
||||
};
|
||||
|
||||
export type OauthProviderTokenResponse = OauthProviderTokenResponses[keyof OauthProviderTokenResponses];
|
||||
|
||||
export type OauthProviderRevokeData = {
|
||||
body: BodyOauthProviderRevoke;
|
||||
path?: never;
|
||||
@@ -1741,9 +2036,56 @@ export type OauthProviderRevokeResponses = {
|
||||
*
|
||||
* Successful Response
|
||||
*/
|
||||
200: unknown;
|
||||
200: {
|
||||
[key: string]: string;
|
||||
};
|
||||
};
|
||||
|
||||
export type OauthProviderRevokeResponse = OauthProviderRevokeResponses[keyof OauthProviderRevokeResponses];
|
||||
|
||||
export type OauthProviderIntrospectData = {
|
||||
body: BodyOauthProviderIntrospect;
|
||||
path?: never;
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/provider/introspect';
|
||||
};
|
||||
|
||||
export type OauthProviderIntrospectErrors = {
|
||||
/**
|
||||
* Validation Error
|
||||
*/
|
||||
422: HttpValidationError;
|
||||
};
|
||||
|
||||
export type OauthProviderIntrospectError = OauthProviderIntrospectErrors[keyof OauthProviderIntrospectErrors];
|
||||
|
||||
export type OauthProviderIntrospectResponses = {
|
||||
/**
|
||||
* Successful Response
|
||||
*/
|
||||
200: OAuthTokenIntrospectionResponse;
|
||||
};
|
||||
|
||||
export type OauthProviderIntrospectResponse = OauthProviderIntrospectResponses[keyof OauthProviderIntrospectResponses];
|
||||
|
||||
export type ListOauthClientsData = {
|
||||
body?: never;
|
||||
path?: never;
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/provider/clients';
|
||||
};
|
||||
|
||||
export type ListOauthClientsResponses = {
|
||||
/**
|
||||
* Response List Oauth Clients
|
||||
*
|
||||
* Successful Response
|
||||
*/
|
||||
200: Array<OAuthClientResponse>;
|
||||
};
|
||||
|
||||
export type ListOauthClientsResponse = ListOauthClientsResponses[keyof ListOauthClientsResponses];
|
||||
|
||||
export type RegisterOauthClientData = {
|
||||
body: BodyRegisterOauthClient;
|
||||
path?: never;
|
||||
@@ -1766,9 +2108,93 @@ export type RegisterOauthClientResponses = {
|
||||
*
|
||||
* Successful Response
|
||||
*/
|
||||
200: unknown;
|
||||
200: {
|
||||
[key: string]: unknown;
|
||||
};
|
||||
};
|
||||
|
||||
export type RegisterOauthClientResponse = RegisterOauthClientResponses[keyof RegisterOauthClientResponses];
|
||||
|
||||
export type DeleteOauthClientData = {
|
||||
body?: never;
|
||||
path: {
|
||||
/**
|
||||
* Client Id
|
||||
*/
|
||||
client_id: string;
|
||||
};
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/provider/clients/{client_id}';
|
||||
};
|
||||
|
||||
export type DeleteOauthClientErrors = {
|
||||
/**
|
||||
* Validation Error
|
||||
*/
|
||||
422: HttpValidationError;
|
||||
};
|
||||
|
||||
export type DeleteOauthClientError = DeleteOauthClientErrors[keyof DeleteOauthClientErrors];
|
||||
|
||||
export type DeleteOauthClientResponses = {
|
||||
/**
|
||||
* Successful Response
|
||||
*/
|
||||
204: void;
|
||||
};
|
||||
|
||||
export type DeleteOauthClientResponse = DeleteOauthClientResponses[keyof DeleteOauthClientResponses];
|
||||
|
||||
export type ListMyOauthConsentsData = {
|
||||
body?: never;
|
||||
path?: never;
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/provider/consents';
|
||||
};
|
||||
|
||||
export type ListMyOauthConsentsResponses = {
|
||||
/**
|
||||
* Response List My Oauth Consents
|
||||
*
|
||||
* Successful Response
|
||||
*/
|
||||
200: Array<{
|
||||
[key: string]: unknown;
|
||||
}>;
|
||||
};
|
||||
|
||||
export type ListMyOauthConsentsResponse = ListMyOauthConsentsResponses[keyof ListMyOauthConsentsResponses];
|
||||
|
||||
export type RevokeMyOauthConsentData = {
|
||||
body?: never;
|
||||
path: {
|
||||
/**
|
||||
* Client Id
|
||||
*/
|
||||
client_id: string;
|
||||
};
|
||||
query?: never;
|
||||
url: '/api/v1/oauth/provider/consents/{client_id}';
|
||||
};
|
||||
|
||||
export type RevokeMyOauthConsentErrors = {
|
||||
/**
|
||||
* Validation Error
|
||||
*/
|
||||
422: HttpValidationError;
|
||||
};
|
||||
|
||||
export type RevokeMyOauthConsentError = RevokeMyOauthConsentErrors[keyof RevokeMyOauthConsentErrors];
|
||||
|
||||
export type RevokeMyOauthConsentResponses = {
|
||||
/**
|
||||
* Successful Response
|
||||
*/
|
||||
204: void;
|
||||
};
|
||||
|
||||
export type RevokeMyOauthConsentResponse = RevokeMyOauthConsentResponses[keyof RevokeMyOauthConsentResponses];
|
||||
|
||||
export type ListUsersData = {
|
||||
body?: never;
|
||||
path?: never;
|
||||
@@ -2759,3 +3185,19 @@ export type GetOrganizationMembersResponses = {
|
||||
};
|
||||
|
||||
export type GetOrganizationMembersResponse = GetOrganizationMembersResponses[keyof GetOrganizationMembersResponses];
|
||||
|
||||
export type GetOauthServerMetadataData = {
|
||||
body?: never;
|
||||
path?: never;
|
||||
query?: never;
|
||||
url: '/.well-known/oauth-authorization-server';
|
||||
};
|
||||
|
||||
export type GetOauthServerMetadataResponses = {
|
||||
/**
|
||||
* Successful Response
|
||||
*/
|
||||
200: OAuthServerMetadata;
|
||||
};
|
||||
|
||||
export type GetOauthServerMetadataResponse = GetOauthServerMetadataResponses[keyof GetOauthServerMetadataResponses];
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
* For custom handler behavior, use src/mocks/handlers/overrides.ts
|
||||
*
|
||||
* Generated: 2025-11-25T00:22:46.981Z
|
||||
* Generated: 2025-11-26T12:21:51.098Z
|
||||
*/
|
||||
|
||||
import { http, HttpResponse, delay } from 'msw';
|
||||
|
||||
Reference in New Issue
Block a user