feat(server): Admin REST APIs for identity providers and auth settings#1281
Open
theothersideofgod wants to merge 5 commits into
Open
feat(server): Admin REST APIs for identity providers and auth settings#1281theothersideofgod wants to merge 5 commits into
theothersideofgod wants to merge 5 commits into
Conversation
Add endpoints for managing OAuth/OIDC identity provider configurations:
- GET /identity-providers - list all providers
- GET /identity-providers/:slug - get provider details
- PATCH /identity-providers/:slug - update provider config
- POST /identity-providers/:slug/secret - rotate client secret
Requires administrator role. Uses module loaders to discover schemas
and function names at runtime.
Also adds prefix and rotateSecretFunction fields to IdentityProvidersConfig
for calling the generated rotate_identity_provider_{prefix}_secret procedure.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add endpoints for managing auth settings (cookie, captcha, OAuth config): - GET /app-settings-auth - get current settings - PATCH /app-settings-auth - update settings Requires administrator role. Uses sessions_module discovery to find the app_settings_auth table in tenant DB. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
TTL now counts from first cache set, not refreshed on reads. Previously, any request accessing cached data would reset the TTL, causing config changes to never take effect while traffic exists. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change permission check from isAppAdmin to isAppMember - Fix secret rotation by using direct SQL instead of broken stored function - The rotate_identity_provider_platform_secret function has a bug (missing database_id), bypassed with direct INSERT/UPDATE Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add allow_identity_sign_in and allow_identity_sign_up fields to GET/PATCH - Change permission check from isAppAdmin to isAppMember - These fields control whether OAuth login/signup is enabled Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/identity-providers)/app-settings-auth)Changes
Identity Providers API (
/identity-providers)GET /identity-providers- List all providersGET /identity-providers/:slug- Get provider detailsPATCH /identity-providers/:slug- Update provider config (clientId, enabled, scopes, etc.)POST /identity-providers/:slug/secret- Set/rotate client secretAuth Settings API (
/app-settings-auth)GET /app-settings-auth- Get current settingsPATCH /app-settings-auth- Update settingsallowIdentitySignInandallowIdentitySignUpfields for OAuth controlFixes
updateAgeOnGet: falsein LRU cache - TTL now expires from first set, not refreshed on readsrotate_identity_provider_platform_secretfunction)app_memberships_sprtinstead ofapp_admin_grantsTest Plan
🤖 Generated with Claude Code