supabase / auth / 16805096183

push

github

feat: add oauth2 client support (#2098)

## Summary

This PR implements OAuth2 client support in Supabase Auth, enabling
applications to register OAuth clients programmatically. This is a
foundational step toward full OAuth 2.1 server compliance.

## Features Added

### Client Registration Endpoints
- Manual Registration (POST /admin/oauth/clients) - Admin-only endpoint
for manual client registration
- Dynamic Registration (POST /oauth/clients/register) - OAuth 2 Dynamic
Client Registration compliant endpoint (configurable by env variable)

 ### Client Management Endpoints
- List Clients (GET /admin/oauth/clients) - List all registered OAuth 
- Get Client (GET /admin/oauth/clients/{client_id}) - Retrieve specific
client
- Delete Client (DELETE /admin/oauth/clients/{client_id}) - Soft-delete
OAuth clients

## Notes on Technical Implementation

### Database Schema
- New `oauth_clients` table
- Indexing & soft-delete support

### Code Organization
- New `internal/api/oauthserver` package for OAuth server functionality.
This package aimed to include all oauth server code. Note that Supabase
Auth as of today is already a OAuth client to other OAuth Providers (i.e
google)
- Shared utilities in `internal/api/shared` to avoid circular
dependencies. Planning to move the necessary code as we go. Started with
`sendJSON` function.
- Comprehensive test coverage with both unit and integration tests

## Quick Test
Register a new OAuth client:
```sh
curl -X POST http://localhost:9999/oauth/clients/register \
    -H "Content-Type: application/json" \
    -d '{
      "client_name": "My App",
      "redirect_uris": ["https://myapp.example.com/callback"]
    }'
```

## Important Note
There is no breaking change in this PR. This is purely additive
functionality that doesn't affect existing authentication flows.

358 of 448 new or added lines in 13 files covered. (79.91%)

12235 of 17275 relevant lines covered (70.82%)

70.53 hits per line