fix: test, cleanup and changelog

CHANGELOG.md

@@ -7,25 +7,38 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
-### Changes
-
-- Added new feature in license key: `OAUTH`
-- Adds new core config:
-    - `oauth_provider_public_service_url`
-    - `oauth_provider_admin_service_url`
-    - `oauth_provider_consent_login_base_url`
-    - `oauth_provider_url_configured_in_oauth_provider`
-- Adds POST `/recipe/oauth/auth` for OAuth2 auth flow support
-- Adds POST `/recipe/oauth/clients` for OAuth2 client registration
-- Adds GET `/recipe/oauth/clients?clientId=example_id` for loading OAuth2 client
-- Adds DELETE `/recipe/oauth/clients` for deleting OAuth2 Clients
-- Creates new table `oauth_clients`
-- Introduces PATCH capabilities for core (receiving and sending PATCH requests)
-- Adds PATCH `/recipe/oauth/clients` for OAuth2 client update
+## [9.3.0]
 
-### Migration
+### Changes
 
-TODO: after plugin support
+- Adds support for OAuth2
+    - Added new feature in license key: `OAUTH`
+    - Adds new core config:
+        - `oauth_provider_public_service_url`
+        - `oauth_provider_admin_service_url`
+        - `oauth_provider_consent_login_base_url`
+        - `oauth_provider_url_configured_in_oauth_provider`
+    - Adds following APIs:
+        - POST `/recipe/oauth/clients`
+        - PUT `/recipe/oauth/clients`
+        - GET `/recipe/oauth/clients`
+        - GET `/recipe/oauth/clients/list`
+        - POST `/recipe/oauth/clients/remove`
+        - GET `/recipe/oauth/auth/requests/consent`
+        - PUT `/recipe/oauth/auth/requests/consent/accept`
+        - PUT `/recipe/oauth/auth/requests/consent/reject`
+        - GET `/recipe/oauth/auth/requests/login`
+        - PUT `/recipe/oauth/auth/requests/login/accept`
+        - PUT `/recipe/oauth/auth/requests/login/reject`
+        - GET `/recipe/oauth/auth/requests/logout`
+        - PUT `/recipe/oauth/auth/requests/logout/accept`
+        - PUT `/recipe/oauth/auth/requests/logout/reject`
+        - POST `/recipe/oauth/auth`
+        - POST `/recipe/oauth/token`
+        - POST `/recipe/oauth/introspect`
+        - POST `/recipe/oauth/session/revoke`
+        - POST `/recipe/oauth/token/revoke`
+        - POST `/recipe/oauth/tokens/revoke`
 
 ## [9.2.2] - 2024-09-04
 

config.yaml

@@ -160,7 +160,7 @@ core_config_version: 0
 # service.
 # oauth_provider_admin_service_url:
 
-# (OPTIONAL | Default: null) string value. If specified, the core uses this URL replace the default
+# (OPTIONAL | Default: null) string value. If specified, the core uses this URL to replace the default
 # consent and login URLs to {apiDomain}.
 # oauth_provider_consent_login_base_url:
 

devConfig.yaml

@@ -160,7 +160,7 @@ disable_telemetry: true
 # service.
 # oauth_provider_admin_service_url:
 
-# (OPTIONAL | Default: null) string value. If specified, the core uses this URL replace the default
+# (OPTIONAL | Default: null) string value. If specified, the core uses this URL to replace the default
 # consent and login URLs to {apiDomain}.
 # oauth_provider_consent_login_base_url:
 

src/main/java/io/supertokens/config/CoreConfig.java

@@ -297,7 +297,7 @@ public class CoreConfig {
     @JsonProperty
     @HideFromDashboard
     @ConfigDescription(
-            "If specified, the core uses this URL replace the default consent and login URLs to {apiDomain}.")
+            "If specified, the core uses this URL to replace the default consent and login URLs to {apiDomain}.")
     private String oauth_provider_consent_login_base_url = null;
 
     @NotConflictingInApp

src/main/java/io/supertokens/inmemorydb/Start.java

@@ -712,6 +712,8 @@ public void addInfoToNonAuthRecipesBasedOnUserId(TenantIdentifier tenantIdentifi
             }
         } else if (className.equals(JWTRecipeStorage.class.getName())) {
             /* Since JWT recipe tables do not store userId we do not add any data to them */
+        } else if (className.equals(OAuthStorage.class.getName())) {
+            /* Since OAuth tables store client-related data, we don't add user-specific data here */
         } else if (className.equals(ActiveUsersStorage.class.getName())) {
             try {
                 ActiveUsersQueries.updateUserLastActive(this, tenantIdentifier.toAppIdentifier(), userId);

src/main/java/io/supertokens/inmemorydb/queries/GeneralQueries.java

@@ -438,6 +438,7 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
 
             // index
             update(start, OAuthQueries.getQueryToCreateOAuthRevokeTimestampIndex(start), NO_OP_SETTER);
+            update(start, OAuthQueries.getQueryToCreateOAuthRevokeExpIndex(start), NO_OP_SETTER);
         }
 
         if (!doesTableExists(start, Config.getConfig(start).getOAuthM2MTokensTable())) {

src/main/java/io/supertokens/inmemorydb/queries/OAuthQueries.java

@@ -67,6 +67,12 @@ public static String getQueryToCreateOAuthRevokeTimestampIndex(Start start) {
                 + oAuth2RevokeTable + "(timestamp DESC, app_id DESC);";
     }
 
+    public static String getQueryToCreateOAuthRevokeExpIndex(Start start) {
+        String oAuth2RevokeTable = Config.getConfig(start).getOAuthRevokeTable();
+        return "CREATE INDEX IF NOT EXISTS oauth_revoke_exp_index ON "
+                + oAuth2RevokeTable + "(exp DESC);";
+    }
+
     public static String getQueryToCreateOAuthM2MTokensTable(Start start) {
         String oAuth2M2MTokensTable = Config.getConfig(start).getOAuthM2MTokensTable();
         // @formatter:off
@@ -91,7 +97,7 @@ public static String getQueryToCreateOAuthM2MTokenIatIndex(Start start) {
     public static String getQueryToCreateOAuthM2MTokenExpIndex(Start start) {
         String oAuth2M2MTokensTable = Config.getConfig(start).getOAuthM2MTokensTable();
         return "CREATE INDEX IF NOT EXISTS oauth_m2m_token_exp_index ON "
-                + oAuth2M2MTokensTable + "(exp DESC, app_id DESC);";
+                + oAuth2M2MTokensTable + "(exp DESC);";
     }
 
     public static String getQueryToCreateOAuthLogoutChallengesTable(Start start) {
@@ -117,7 +123,7 @@ public static String getQueryToCreateOAuthLogoutChallengesTable(Start start) {
     public static String getQueryToCreateOAuthLogoutChallengesTimeCreatedIndex(Start start) {
         String oAuth2LogoutChallengesTable = Config.getConfig(start).getOAuthLogoutChallengesTable();
         return "CREATE INDEX IF NOT EXISTS oauth_logout_challenges_time_created_index ON "
-                + oAuth2LogoutChallengesTable + "(time_created ASC, app_id ASC);";
+                + oAuth2LogoutChallengesTable + "(time_created DESC);";
     }
 
     public static boolean doesOAuthClientIdExist(Start start, String clientId, AppIdentifier appIdentifier)

src/main/java/io/supertokens/webserver/InputParser.java

@@ -26,9 +26,7 @@
 
 import java.io.BufferedReader;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.List;
 
 public class InputParser {
     public static JsonObject parseJsonObjectOrThrowError(HttpServletRequest request)
@@ -237,19 +235,4 @@ public static Integer parseIntOrThrowError(JsonObject element, String fieldName,
         }
 
     }
-
-    public static void throwErrorOnMissingRequiredField(JsonObject input, List<String> requiredFields)
-            throws ServletException {
-        List<String> missingFields = new ArrayList<>();
-        for(String requiredField : requiredFields){
-            if(input.get(requiredField) == null || input.get(requiredField).isJsonNull() ||
-                    input.get(requiredField).getAsString().isEmpty()){
-                missingFields.add(requiredField);
-            }
-        }
-        if(!missingFields.isEmpty()){
-            throw new ServletException(new WebserverAPI.BadRequestException("Field name `" + String.join("','", missingFields)
-                    + "` is missing in JSON input"));
-        }
-    }
 }

src/main/java/io/supertokens/webserver/WebserverAPI.java

@@ -158,10 +158,6 @@ protected void doTrace(HttpServletRequest req, HttpServletResponse resp) throws
         this.sendTextResponse(405, "Method not supported", resp);
     }
 
-    protected void doPatch(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException{
-        this.sendTextResponse(405, "Method not supported", resp);
-    }
-
     private void assertThatVersionIsCompatible(SemVer version) throws ServletException {
         if (version == null) {
             throw new ServletException(new BadRequestException("cdi-version not provided"));
@@ -503,12 +499,7 @@ protected void service(HttpServletRequest req, HttpServletResponse resp) throws
                 Logging.info(main, tenantIdentifier,
                         "API called: " + req.getRequestURI() + ". Method: " + req.getMethod(), false);
             }
-            String method = req.getMethod();
-            if(method.equals("PATCH")){
-                this.doPatch(req, resp);
-            } else {
-                super.service(req, resp);
-            }
+            super.service(req, resp);
 
         } catch (Exception e) {
             Logging.error(main, tenantIdentifier,

src/main/java/io/supertokens/webserver/api/oauth/OAuthLogoutAPI.java

@@ -2,7 +2,6 @@
 
 import java.io.IOException;
 import java.util.HashMap;
-import java.util.Map;
 
 import com.google.gson.JsonArray;
 import com.google.gson.JsonObject;
@@ -119,16 +118,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO
             }
 
             // Validations are complete, time to respond
-
-            if (postLogoutRedirectionUri == null && state == null && idTokenHint == null) {
-                JsonObject response = new JsonObject();
-                response.addProperty("status", "OK");
-                response.addProperty("redirectTo", "{apiDomain}/fallbacks/logout/callback");
-                super.sendJsonResponse(200, response, resp);
-
-                return;
-            }
-
             String redirectTo = OAuth.createLogoutRequestAndReturnRedirectUri(main, appIdentifier, storage, clientId, postLogoutRedirectionUri, sessionHandle, state);
 
             JsonObject response = new JsonObject();

src/test/java/io/supertokens/test/httpRequest/HttpRequestForTesting.java

@@ -198,31 +198,6 @@ public static <T> T sendJsonRequest(Main main, String requestID, String url, Jso
         }
     }
 
-    public static <T> T sendJsonPATCHRequest(Main main, String url, JsonElement requestBody)
-            throws IOException, InterruptedException,
-            HttpResponseException {
-
-        HttpClient client = null;
-
-        String body = requestBody.toString();
-        java.net.http.HttpRequest rawRequest = java.net.http.HttpRequest.newBuilder()
-                .uri(URI.create(url))
-                .method("PATCH", java.net.http.HttpRequest.BodyPublishers.ofString(body))
-                .build();
-        client = HttpClient.newHttpClient();
-        HttpResponse<String> response = client.send(rawRequest, HttpResponse.BodyHandlers.ofString());
-
-        int responseCode = response.statusCode();
-
-        if (responseCode < STATUS_CODE_ERROR_THRESHOLD) {
-            if (!isJsonValid(response.body().toString())) {
-                return (T) response.body().toString();
-            }
-            return (T) (new JsonParser().parse(response.body().toString()));
-        }
-        throw new io.supertokens.test.httpRequest.HttpResponseException(responseCode, response.body().toString());
-    }
-
     public static <T> T sendJsonPOSTRequest(Main main, String requestID, String url, JsonElement requestBody,
                                             int connectionTimeoutMS, int readTimeoutMS, Integer version,
                                             String cdiVersion, String rid)