OIDC app creation with encrypted secrets and application roles

2025-10-24 14:47:24 +11:00
parent 831bd083c2
commit 12e0ef66ed
32 changed files with 1983 additions and 72 deletions
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[8.1].define(version: 2025_10_23_234744) do
+ActiveRecord::Schema[8.1].define(version: 2025_10_24_033007) do
  create_table "application_groups", force: :cascade do |t|
    t.integer "application_id", null: false
    t.datetime "created_at", null: false
@@ -21,15 +21,33 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_23_234744) do
    t.index ["group_id"], name: "index_application_groups_on_group_id"
  end

+  create_table "application_roles", force: :cascade do |t|
+    t.boolean "active", default: true
+    t.integer "application_id", null: false
+    t.datetime "created_at", null: false
+    t.text "description"
+    t.string "display_name"
+    t.string "name", null: false
+    t.json "permissions", default: {}
+    t.datetime "updated_at", null: false
+    t.index ["application_id", "name"], name: "index_application_roles_on_application_id_and_name", unique: true
+    t.index ["application_id"], name: "index_application_roles_on_application_id"
+  end
+
  create_table "applications", force: :cascade do |t|
    t.boolean "active", default: true, null: false
    t.string "app_type", null: false
    t.string "client_id"
-    t.string "client_secret"
+    t.string "client_secret_digest"
    t.datetime "created_at", null: false
+    t.text "description"
+    t.json "managed_permissions", default: {}
    t.text "metadata"
    t.string "name", null: false
    t.text "redirect_uris"
+    t.string "role_claim_name", default: "roles"
+    t.string "role_mapping_mode", default: "disabled", null: false
+    t.string "role_prefix"
    t.string "slug", null: false
    t.datetime "updated_at", null: false
    t.index ["active"], name: "index_applications_on_active"
@@ -119,6 +137,18 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_23_234744) do
    t.index ["user_id"], name: "index_user_groups_on_user_id"
  end

+  create_table "user_role_assignments", force: :cascade do |t|
+    t.integer "application_role_id", null: false
+    t.datetime "created_at", null: false
+    t.json "metadata", default: {}
+    t.string "source", default: "oidc"
+    t.datetime "updated_at", null: false
+    t.integer "user_id", null: false
+    t.index ["application_role_id"], name: "index_user_role_assignments_on_application_role_id"
+    t.index ["user_id", "application_role_id"], name: "index_user_role_assignments_on_user_id_and_application_role_id", unique: true
+    t.index ["user_id"], name: "index_user_role_assignments_on_user_id"
+  end
+
  create_table "users", force: :cascade do |t|
    t.boolean "admin", default: false, null: false
    t.text "backup_codes"
@@ -135,6 +165,7 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_23_234744) do

  add_foreign_key "application_groups", "applications"
  add_foreign_key "application_groups", "groups"
+  add_foreign_key "application_roles", "applications"
  add_foreign_key "forward_auth_rule_groups", "forward_auth_rules"
  add_foreign_key "forward_auth_rule_groups", "groups"
  add_foreign_key "oidc_access_tokens", "applications"
@@ -144,4 +175,6 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_23_234744) do
  add_foreign_key "sessions", "users"
  add_foreign_key "user_groups", "groups"
  add_foreign_key "user_groups", "users"
+  add_foreign_key "user_role_assignments", "application_roles"
+  add_foreign_key "user_role_assignments", "users"
 end