feat: add identifier field on tenant account

.env

@@ -16,3 +16,5 @@ LOCAL_KMS_DATASOURCE_DB=openid-federation-local-kms-db
 
 KC_BOOTSTRAP_ADMIN_USERNAME=admin
 KC_BOOTSTRAP_ADMIN_PASSWORD=admin
+
+OAUTH2_RESOURCE_SERVER_JWT_ISSUER_URI=http://localhost:8082/realms/openid-federation

.gitignore

@@ -24,3 +24,4 @@ captures
 /.run/*
 kotlin-js-store/
 .env
+/.docker/keycloak-dev/

modules/admin-server/src/main/resources/application.properties

@@ -7,4 +7,4 @@ spring.datasource.driver-class-name=org.postgresql.Driver
 # Mapping /actuator/health to /status
 management.endpoints.web.base-path=/
 management.endpoints.web.path-mapping.health=status
-spring.security.oauth2.resourceserver.jwt.issuer-uri=http://keycloak:8080/realms/openid-federation
+spring.security.oauth2.resourceserver.jwt.issuer-uri=${OAUTH2_RESOURCE_SERVER_JWT_ISSUER_URI}

modules/openapi/build.gradle.kts

@@ -198,7 +198,7 @@ npmPublish {
             authToken.set(System.getenv("NPM_TOKEN") ?: "")
         }
     }
-    packages{
+    packages {
         named("js") {
             packageJson {
                 "name" by "@sphereon/openid-federation-open-api"

modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml

@@ -3570,6 +3570,11 @@ components:
           type: string
           description: The username of the account.
           example: acmeco
+        identifier:
+          type: string
+          description: The identifier of the tenant account.
+          example: https://www.example.com/oidf
+
       required:
         - username
     CreateSubordinateDTO:
@@ -3578,7 +3583,7 @@ components:
         identifier:
           type: string
           description: The identifier of the subordinate account.
-          example: 'https://www.sphereon.com/subordinate'
+          example: 'https://www.example.com/subordinate'
       required:
         - identifier
     SubordinateAdminDTO:
@@ -3597,7 +3602,7 @@ components:
         identifier:
           type: string
           description: The unique identifier for the subordinate.
-          example: 'https://www.sphereon.com/subordinate'
+          example: 'https://www.example.com/subordinate'
         createdAt:
           type: string
           format: date-time
@@ -3618,13 +3623,19 @@ components:
       type: object
       properties:
         id:
-          type: string
+          type: integer
           description: The unique identifier for the account.
           example: 12345
         username:
           type: string
           description: The username of the account.
           example: acmecorp
+        identifier:
+          type: string
+          description: The identifier of the account.
+          format: uri
+          example: "https://www.example.com/oidf"
+          pattern: "^https?:\\/\\/.*$"
     CreateEntityStatementRequest:
       properties:
         dry_run:

modules/persistence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/11.sqm

@@ -0,0 +1 @@
+ALTER TABLE Account ADD COLUMN identifier VARCHAR(255) NULL;

modules/persistence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/Account.sq

@@ -2,7 +2,7 @@ findAll:
 SELECT * FROM Account WHERE deleted_at IS NULL;
 
 create:
-INSERT INTO Account (username) VALUES (?) RETURNING *;
+INSERT INTO Account (username, identifier) VALUES (?, ?) RETURNING *;
 
 delete:
 UPDATE Account SET deleted_at = CURRENT_TIMESTAMP WHERE id = ? RETURNING *;

modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/AccountService.kt

@@ -8,7 +8,7 @@ import com.sphereon.oid.fed.persistence.Persistence
 import com.sphereon.oid.fed.persistence.models.Account
 import com.sphereon.oid.fed.services.extensions.toAccountDTO
 
-class AccountService {
+class AccountService() {
     private val accountQueries = Persistence.accountQueries
 
     fun create(account: CreateAccountDTO): AccountDTO {
@@ -20,6 +20,7 @@ class AccountService {
 
         return accountQueries.create(
             username = account.username,
+            identifier = account.identifier,
         ).executeAsOne().toAccountDTO()
     }
 
@@ -28,7 +29,17 @@ class AccountService {
     }
 
     fun getAccountIdentifier(accountUsername: String): String {
-        val rootIdentifier = System.getenv("ROOT_IDENTIFIER") ?: "http://localhost:8080"
+        val account = accountQueries.findByUsername(accountUsername).executeAsOneOrNull()
+            ?: throw NotFoundException(Constants.ACCOUNT_NOT_FOUND)
+
+        val identifier = account.identifier
+
+        if (identifier != null) {
+            return identifier
+        }
+
+        val rootIdentifier =
+            System.getenv("ROOT_IDENTIFIER") ?: throw NotFoundException(Constants.ROOT_IDENTIFIER_NOT_SET)
 
         if (accountUsername == "root") {
             return rootIdentifier

modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/Constants.kt

@@ -25,5 +25,6 @@ class Constants {
         const val SUBORDINATE_STATEMENT_NOT_FOUND = "Subordinate statement not found"
         const val SUBORDINATE_METADATA_NOT_FOUND = "Subordinate metadata not found"
         const val SUBORDINATE_METADATA_ALREADY_EXISTS = "Subordinate metadata already exists"
+        const val ROOT_IDENTIFIER_NOT_SET = "Root identifier not set"
     }
 }

modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/extensions/AccountExtensions.kt

@@ -5,6 +5,8 @@ import com.sphereon.oid.fed.persistence.models.Account
 
 fun Account.toAccountDTO(): AccountDTO {
     return AccountDTO(
-        username = this.username
+        id = this.id,
+        username = this.username,
+        identifier = this.identifier
     )
 }