From 0c7825950e4bc0813c57d019dabb09b51f484b29 Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Wed, 23 Jul 2025 19:15:06 +0200 Subject: [PATCH 1/7] Initial oauth application type notes --- .../src/api/resources/OAuthApplication.ts | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/packages/backend/src/api/resources/OAuthApplication.ts b/packages/backend/src/api/resources/OAuthApplication.ts index ab250421b33..7b0a9c68cef 100644 --- a/packages/backend/src/api/resources/OAuthApplication.ts +++ b/packages/backend/src/api/resources/OAuthApplication.ts @@ -1,21 +1,69 @@ import type { OAuthApplicationJSON } from './JSON'; +/** + * The Backend `OAuthApplication` object holds information about an OAuth application. + */ export class OAuthApplication { constructor( + /** + * The unique identifier for the OAuth application. + */ readonly id: string, + /** + * The instance ID of the OAuth application. + */ readonly instanceId: string, + /** + * The name of the new OAuth application. + */ readonly name: string, + /** + * The client ID of the client. + */ readonly clientId: string, + /** + * Indicates whether the client is public. If true, the Proof Key of Code Exchange (PKCE) flow can be used. + */ readonly isPublic: boolean, // NOTE: `public` is reserved + /** + * Scopes for the new OAuth application. Available scopes are `profile`, `email`, `public_metadata`, `private_metadata`. Defaults to `profile email`. Provide the requested scopes as a string, separated by spaces. + */ readonly scopes: string, + /** + * An array of redirect URIs of the new OAuth application. + */ readonly redirectUris: Array, + /** + * + */ readonly authorizeUrl: string, + /** + * + */ readonly tokenFetchUrl: string, + /** + * + */ readonly userInfoUrl: string, + /** + * + */ readonly discoveryUrl: string, + /** + * + */ readonly tokenIntrospectionUrl: string, + /** + * The date when the OAuth application was first created. + */ readonly createdAt: number, + /** + * The date when the OAuth application was last updated. + */ readonly updatedAt: number, + /** + * The client secret. + */ readonly clientSecret?: string, ) {} From 5621349bf46ceee40fd0929382d8812538d8d954 Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Thu, 24 Jul 2025 15:30:14 +0200 Subject: [PATCH 2/7] Add new properties --- packages/backend/src/api/resources/JSON.ts | 5 +++ .../src/api/resources/OAuthApplication.ts | 41 +++++++++++++++---- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/packages/backend/src/api/resources/JSON.ts b/packages/backend/src/api/resources/JSON.ts index 369a215d0e9..d1a1e761121 100644 --- a/packages/backend/src/api/resources/JSON.ts +++ b/packages/backend/src/api/resources/JSON.ts @@ -312,6 +312,11 @@ export interface OAuthApplicationJSON extends ClerkResourceJSON { instance_id: string; name: string; client_id: string; + client_uri: string | null; + client_image_url: string | null; + dynamically_registered: boolean; + consent_screen_enabled: boolean; + pkce_required: boolean; public: boolean; scopes: string; redirect_uris: Array; diff --git a/packages/backend/src/api/resources/OAuthApplication.ts b/packages/backend/src/api/resources/OAuthApplication.ts index 7b0a9c68cef..0df7b6d68a0 100644 --- a/packages/backend/src/api/resources/OAuthApplication.ts +++ b/packages/backend/src/api/resources/OAuthApplication.ts @@ -10,7 +10,7 @@ export class OAuthApplication { */ readonly id: string, /** - * The instance ID of the OAuth application. + * The ID of the instance that this OAuth application belongs to. */ readonly instanceId: string, /** @@ -18,9 +18,29 @@ export class OAuthApplication { */ readonly name: string, /** - * The client ID of the client. + * The ID of the client associated with the OAuth application. */ readonly clientId: string, + /** + * The public-facing URL of the OAuth application, often shown on consent screens. + */ + readonly clientUri: string | null, + /** + * The URL of the image or logo representing the OAuth application. + */ + readonly clientImageUrl: string | null, + /** + * Specifies whether the OAuth application is dynamically registered. + */ + readonly dynamicallyRegistered: boolean, + /** + * Specifies whether the consent screen should be displayed in the authentication flow. Cannot be disabled for dynamically registered OAuth applications. + */ + readonly consentScreenEnabled: boolean, + /** + * Specifies whether the Proof Key of Code Exchange (PKCE) flow should be required in the authentication flow. + */ + readonly pkceRequired: boolean, /** * Indicates whether the client is public. If true, the Proof Key of Code Exchange (PKCE) flow can be used. */ @@ -34,23 +54,23 @@ export class OAuthApplication { */ readonly redirectUris: Array, /** - * + * The URL used to authorize the user and obtain an authorization code. */ readonly authorizeUrl: string, /** - * + * The URL used by the client to exchange an authorization code for an access token. */ readonly tokenFetchUrl: string, /** - * + * The URL where the client can retrieve user information using an access token. */ readonly userInfoUrl: string, /** - * + * The OpenID Connect discovery endpoint URL for this OAuth application. */ readonly discoveryUrl: string, /** - * + * The URL used to introspect and validate issued access tokens. */ readonly tokenIntrospectionUrl: string, /** @@ -62,7 +82,7 @@ export class OAuthApplication { */ readonly updatedAt: number, /** - * The client secret. + * The client secret associated with the OAuth application. Empty if public client. */ readonly clientSecret?: string, ) {} @@ -73,6 +93,11 @@ export class OAuthApplication { data.instance_id, data.name, data.client_id, + data.client_uri, + data.client_image_url, + data.dynamically_registered, + data.consent_screen_enabled, + data.pkce_required, data.public, data.scopes, data.redirect_uris, From 7f7782c484a58ff6b727d0f99500b8a9d32fddf4 Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Thu, 24 Jul 2025 15:47:10 +0200 Subject: [PATCH 3/7] Remove text --- packages/backend/src/api/resources/OAuthApplication.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/backend/src/api/resources/OAuthApplication.ts b/packages/backend/src/api/resources/OAuthApplication.ts index 0df7b6d68a0..9061904b387 100644 --- a/packages/backend/src/api/resources/OAuthApplication.ts +++ b/packages/backend/src/api/resources/OAuthApplication.ts @@ -46,7 +46,7 @@ export class OAuthApplication { */ readonly isPublic: boolean, // NOTE: `public` is reserved /** - * Scopes for the new OAuth application. Available scopes are `profile`, `email`, `public_metadata`, `private_metadata`. Defaults to `profile email`. Provide the requested scopes as a string, separated by spaces. + * Scopes for the new OAuth application. */ readonly scopes: string, /** From 29249aeab6aad66698fe7e16310b11fd59ba3fa5 Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Mon, 25 Aug 2025 15:03:20 -0600 Subject: [PATCH 4/7] Add empty changeset --- .changeset/small-moments-find.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .changeset/small-moments-find.md diff --git a/.changeset/small-moments-find.md b/.changeset/small-moments-find.md new file mode 100644 index 00000000000..a845151cc84 --- /dev/null +++ b/.changeset/small-moments-find.md @@ -0,0 +1,2 @@ +--- +--- From 55c446292779a4719bb505156e4a348cc8eff45f Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Mon, 25 Aug 2025 16:16:27 -0600 Subject: [PATCH 5/7] Add changeset for OAuthApplicationJSON --- .changeset/blue-comics-kneel.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/blue-comics-kneel.md diff --git a/.changeset/blue-comics-kneel.md b/.changeset/blue-comics-kneel.md new file mode 100644 index 00000000000..66c1fd17956 --- /dev/null +++ b/.changeset/blue-comics-kneel.md @@ -0,0 +1,5 @@ +--- +'@clerk/backend': minor +--- + +Add missing properties to OAuthApplicationJSON From 7e4caff7d9eb86dd42bf9de05842360a1e555a0e Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Mon, 25 Aug 2025 16:26:52 -0600 Subject: [PATCH 6/7] Add missing export for failing test --- .typedoc/__tests__/__snapshots__/file-structure.test.ts.snap | 1 + 1 file changed, 1 insertion(+) diff --git a/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap b/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap index 6a75f9fcb75..f9ab0a47be6 100644 --- a/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap +++ b/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap @@ -237,6 +237,7 @@ exports[`Typedoc output > should have a deliberate file structure 1`] = ` "backend/infer-auth-object-from-token.mdx", "backend/invitation-status.mdx", "backend/invitation.mdx", + "backend/oauth-application.mdx", "backend/organization-invitation-status.mdx", "backend/organization-invitation.mdx", "backend/organization-membership-public-user-data.mdx", From 3ad2bf7e6b67b68740be558c06b0977e3f173f2f Mon Sep 17 00:00:00 2001 From: Sarah Soutoul Date: Mon, 25 Aug 2025 16:34:22 -0600 Subject: [PATCH 7/7] Fix path --- .typedoc/__tests__/__snapshots__/file-structure.test.ts.snap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap b/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap index f9ab0a47be6..89824595a63 100644 --- a/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap +++ b/.typedoc/__tests__/__snapshots__/file-structure.test.ts.snap @@ -237,7 +237,7 @@ exports[`Typedoc output > should have a deliberate file structure 1`] = ` "backend/infer-auth-object-from-token.mdx", "backend/invitation-status.mdx", "backend/invitation.mdx", - "backend/oauth-application.mdx", + "backend/o-auth-application.mdx", "backend/organization-invitation-status.mdx", "backend/organization-invitation.mdx", "backend/organization-membership-public-user-data.mdx",