diff --git a/ee/auth/pkg/api/clients.go b/ee/auth/pkg/api/clients.go index 90fb1c993e..d62a284791 100644 --- a/ee/auth/pkg/api/clients.go +++ b/ee/auth/pkg/api/clients.go @@ -40,6 +40,7 @@ func mapBusinessClient(c auth.Client) clientView { Name: c.Name, PostLogoutRedirectUris: c.PostLogoutRedirectUris, Metadata: c.Metadata, + Scopes: c.Scopes, }, ID: c.Id, Scopes: c.Scopes, diff --git a/ee/auth/pkg/api/clients_test.go b/ee/auth/pkg/api/clients_test.go index 67df18ece6..0c3e70cd99 100644 --- a/ee/auth/pkg/api/clients_test.go +++ b/ee/auth/pkg/api/clients_test.go @@ -8,6 +8,7 @@ import ( auth "github.com/formancehq/auth/pkg" "github.com/formancehq/auth/pkg/storage/sqlstorage" + "github.com/formancehq/stack/libs/go-libs/collectionutils" "github.com/formancehq/stack/libs/go-libs/pgtesting" "github.com/gorilla/mux" "github.com/stretchr/testify/require" @@ -29,6 +30,7 @@ func withDbAndClientRouter(t *testing.T, callback func(router *mux.Router, db *g defer sqlDB.Close() require.NoError(t, sqlstorage.MigrateTables(context.Background(), db)) + require.NoError(t, sqlstorage.MigrateData(context.Background(), db)) router := mux.NewRouter() addClientRoutes(db, router) @@ -63,6 +65,19 @@ func TestCreateClient(t *testing.T) { Public: true, }, }, + { + name: "confidential client", + options: auth.ClientOptions{ + Name: "confidential client", + RedirectURIs: []string{"http://localhost:8080"}, + Description: "abc", + PostLogoutRedirectUris: []string{"http://localhost:8080/logout"}, + Metadata: map[string]string{ + "foo": "bar", + }, + Scopes: []string{"ledger:read", "ledger:write", "formance:test"}, + }, + }, } { tc := tc t.Run(tc.name, func(t *testing.T) { @@ -77,10 +92,22 @@ func TestCreateClient(t *testing.T) { createdClient := readTestResponse[clientView](t, res) require.NotEmpty(t, createdClient.ID) + tcScopes := tc.options.Scopes + tc.options.Scopes = nil require.Equal(t, tc.options, createdClient.ClientOptions) - + require.True(t, func() bool { + for _, scope := range tcScopes { + contain := collectionutils.Contains[string](createdClient.Scopes, scope) + if !contain { + t.Logf("scope %s not found in created client scopes", scope) + return false + } + } + + return true + }()) tc.options.Id = createdClient.ID - + tc.options.Scopes = tcScopes clientFromDatabase := auth.Client{} require.NoError(t, db.Find(&clientFromDatabase, "id = ?", createdClient.ID).Error) require.Equal(t, auth.Client{ @@ -119,6 +146,19 @@ func TestUpdateClient(t *testing.T) { Public: true, }, }, + { + name: "confidential client", + options: auth.ClientOptions{ + Name: "confidential client", + RedirectURIs: []string{"http://localhost:8080"}, + Description: "abc", + PostLogoutRedirectUris: []string{"http://localhost:8080/logout"}, + Metadata: map[string]string{ + "foo": "bar", + }, + Scopes: []string{"ledger:read", "ledger:write", "formance:test"}, + }, + }, } { tc := tc t.Run(tc.name, func(t *testing.T) { @@ -135,11 +175,13 @@ func TestUpdateClient(t *testing.T) { require.Equal(t, http.StatusOK, res.Code) updatedClient := readTestResponse[clientView](t, res) + tcScopes := tc.options.Scopes + tc.options.Scopes = nil require.NotEmpty(t, updatedClient.ID) require.Equal(t, tc.options, updatedClient.ClientOptions) tc.options.Id = updatedClient.ID - + tc.options.Scopes = tcScopes clientFromDatabase := auth.Client{} require.NoError(t, db.Find(&clientFromDatabase, "id = ?", updatedClient.ID).Error) require.Equal(t, auth.Client{ diff --git a/ee/auth/pkg/client.go b/ee/auth/pkg/client.go index 731d580040..59b7415c23 100644 --- a/ee/auth/pkg/client.go +++ b/ee/auth/pkg/client.go @@ -47,6 +47,7 @@ func (c *Client) Update(opts ClientOptions) { c.Metadata = opts.Metadata c.Trusted = opts.Trusted c.Public = opts.Public + c.Scopes = opts.Scopes } func (c *Client) GenerateNewSecret(opts SecretCreate) (ClientSecret, string) {