client: Add optional metadata field (#1602)

Added field `metadata` to client payloads which can be used to store arbitrary JSON blobs.l Closes #1594
ory · Oct 18, 2019 · c84adc7 · c84adc7
1 parent 44ee9e2
commit c84adc7
Show file tree

Hide file tree

Showing 75 changed files with 1,019 additions and 860 deletions.
diff --git a/client/client.go b/client/client.go
@@ -21,6 +21,7 @@
 package client
 
 import (
+	"encoding/json"
 	"strings"
 	"time"
 
@@ -186,6 +187,9 @@ type Client struct {
 	// Token to identify the RP session with the OP when the backchannel_logout_uri is used.
 	// If omitted, the default value is false.
 	BackChannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty"`
+
+	// Metadata is arbitrary data.
+	Metadata json.RawMessage `json:"metadata,omitempty"`
 }
 
 func (c *Client) GetID() string {

diff --git a/client/manager_sql.go b/client/manager_sql.go
@@ -90,6 +90,7 @@ type sqlData struct {
 	PostLogoutRedirectURIs            string    `db:"post_logout_redirect_uris"`
 	BackChannelLogoutURI              string    `db:"backchannel_logout_uri"`
 	BackChannelLogoutSessionRequired  bool      `db:"backchannel_logout_session_required"`
+	Metadata                          []byte    `db:"metadata"`
 }
 
 var sqlParams = []string{
@@ -124,6 +125,7 @@ var sqlParams = []string{
 	"post_logout_redirect_uris",
 	"backchannel_logout_uri",
 	"backchannel_logout_session_required",
+	"metadata",
 }
 
 func sqlDataFromClient(d *Client) (*sqlData, error) {
@@ -147,6 +149,11 @@ func sqlDataFromClient(d *Client) (*sqlData, error) {
 		updatedAt = time.Now()
 	}
 
+	metadata, err := json.Marshal(d.Metadata)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
 	return &sqlData{
 		ID:                                d.GetID(),
 		Name:                              d.Name,
@@ -179,6 +186,7 @@ func sqlDataFromClient(d *Client) (*sqlData, error) {
 		PostLogoutRedirectURIs:            strings.Join(d.PostLogoutRedirectURIs, "|"),
 		BackChannelLogoutURI:              d.BackChannelLogoutURI,
 		BackChannelLogoutSessionRequired:  d.BackChannelLogoutSessionRequired,
+		Metadata:                          []byte(metadata),
 	}, nil
 }
 
@@ -213,7 +221,8 @@ func (d *sqlData) ToClient() (*Client, error) {
 		FrontChannelLogoutSessionRequired: d.FrontChannelLogoutSessionRequired,
 		PostLogoutRedirectURIs:            stringsx.Splitx(d.PostLogoutRedirectURIs, "|"),
 		BackChannelLogoutURI:              d.BackChannelLogoutURI,
-		BackChannelLogoutSessionRequired:  d.BackChannelLogoutSessionRequired,
+		BackChannelLogoutSessionRequired:  d.BackChannelLogoutSessionRequired, //
+		Metadata:                          d.Metadata,
 	}
 
 	if d.JSONWebKeys != "" {

diff --git a/client/migrations/sql/cockroach/13.sql b/client/migrations/sql/cockroach/13.sql
@@ -36,4 +36,4 @@ CREATE TABLE IF NOT EXISTS hydra_client (
 );
 
 -- +migrate Down
-DROP TABLE hydra_client;
+DROP TABLE hydra_client;
diff --git a/client/migrations/sql/cockroach/14.sql b/client/migrations/sql/cockroach/14.sql
@@ -0,0 +1,5 @@
+-- +migrate Up
+ALTER TABLE hydra_client ADD metadata TEXT NOT NULL DEFAULT '{}';
+
+-- +migrate Down
+ALTER TABLE hydra_client DROP COLUMN metadata;
diff --git a/client/migrations/sql/mysql/14.sql b/client/migrations/sql/mysql/14.sql
@@ -0,0 +1,9 @@
+-- +migrate Up
+ALTER TABLE hydra_client ADD metadata TEXT NULL;
+
+UPDATE hydra_client SET metadata='{}';
+
+ALTER TABLE hydra_client MODIFY metadata TEXT NOT NULL;
+
+-- +migrate Down
+ALTER TABLE hydra_client DROP COLUMN metadata;
diff --git a/client/migrations/sql/postgres/14.sql b/client/migrations/sql/postgres/14.sql
@@ -0,0 +1,9 @@
+-- +migrate Up
+ALTER TABLE hydra_client ADD metadata TEXT NULL;
+
+UPDATE hydra_client SET metadata='{}';
+
+ALTER TABLE hydra_client ALTER COLUMN metadata SET NOT NULL;
+
+-- +migrate Down
+ALTER TABLE hydra_client DROP COLUMN metadata;
diff --git a/client/migrations/sql/tests/14_test.sql b/client/migrations/sql/tests/14_test.sql
@@ -0,0 +1,4 @@
+-- +migrate Up
+INSERT INTO hydra_client (id, allowed_cors_origins, client_name, client_secret, redirect_uris, grant_types, response_types, scope, owner, policy_uri, tos_uri, client_uri, logo_uri, contacts, client_secret_expires_at, sector_identifier_uri, jwks, jwks_uri, token_endpoint_auth_method, request_uris, request_object_signing_alg, userinfo_signed_response_alg, subject_type, audience, created_at, updated_at, frontchannel_logout_uri, frontchannel_logout_session_required, post_logout_redirect_uris, backchannel_logout_uri, backchannel_logout_session_required, metadata) VALUES ('14-data', 'http://localhost|http://google', 'some-client', 'abcdef', 'http://localhost|http://google', 'authorize_code|implicit', 'token|id_token', 'foo|bar', 'aeneas', 'http://policy', 'http://tos', 'http://client', 'http://logo', 'aeneas|foo', 0, 'http://sector', '{"keys": []}', 'http://jwks', 'none', 'http://uri1|http://uri2', 'rs256', 'rs526', 'public', 'https://www.ory.sh/api', NOW(), NOW(), 'http://fc-logout/', true, 'http://redir1/|http://redir2/', 'http://bc-logout/', true,  '{"foo":"bar"}');
+
+-- +migrate Down
diff --git a/client/sdk_test.go b/client/sdk_test.go
@@ -66,6 +66,7 @@ func createTestClient(prefix string) *models.Client {
 		TokenEndpointAuthMethod:   "client_secret_basic",
 		UserinfoSignedResponseAlg: "none",
 		SubjectType:               "public",
+		Metadata:                  map[string]interface{}{"foo": "bar"},
 		//SectorIdentifierUri:   "https://sector.com/foo",
 	}
 }
@@ -108,6 +109,7 @@ func TestClientSDK(t *testing.T) {
 		assert.NotEmpty(t, result.Payload.CreatedAt)
 		result.Payload.CreatedAt = strfmt.DateTime{}
 		assert.EqualValues(t, compareClient, result.Payload)
+		assert.EqualValues(t, "bar", result.Payload.Metadata["foo"])
 
 		// secret is not returned on GetOAuth2Client
 		compareClient.Secret = ""