ory · aeneasr · Mar 14, 2020 · Mar 13, 2020 · Mar 13, 2020 · Mar 13, 2020
@@ -73,10 +73,10 @@ mocks:
 # Adds sql files to the binary using go-bindata
 .PHONY: sqlbin
 sqlbin:
-		cd client; go-bindata -o sql_migration_files.go -pkg client ./migrations/sql/...
-		cd consent; go-bindata -o sql_migration_files.go -pkg consent ./migrations/sql/...
-		cd jwk; go-bindata -o sql_migration_files.go -pkg jwk ./migrations/sql/...
-		cd oauth2; go-bindata -o sql_migration_files.go -pkg oauth2 ./migrations/sql/...
+		cd client; $$(go env GOPATH)/bin/go-bindata -o sql_migration_files.go -pkg client ./migrations/sql/...
+		cd consent; $$(go env GOPATH)/bin/go-bindata -o sql_migration_files.go -pkg consent ./migrations/sql/...
+		cd jwk; $$(go env GOPATH)/bin/go-bindata -o sql_migration_files.go -pkg jwk ./migrations/sql/...
+		cd oauth2; $$(go env GOPATH)/bin/go-bindata -o sql_migration_files.go -pkg oauth2 ./migrations/sql/...
 
 # Runs all code generators
 .PHONY: gen

@@ -426,7 +426,7 @@ export TEST_DATABASE_COCKROACHDB='cockroach://root@127.0.0.1:3446/defaultdb?sslm
 Then you can run `go test` as often as you'd like:
 
 ```shell script
-go test ./...
+go test -p 1 ./...
 
 # or in a module:
 cd client; go test .

@@ -21,88 +21,91 @@
 package client
 
 import (
-	"encoding/json"
 	"strings"
 	"time"
 
-	jose "gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/square/go-jose.v2" // Naming the dependency jose is important for go-swagger to work, see https://github.com/go-swagger/go-swagger/issues/1587
 
-	"github.com/ory/fosite" // Naming the dependency jose is important for go-swagger to work, see https://github.com/go-swagger/go-swagger/issues/1587
+	"github.com/ory/fosite"
+	"github.com/ory/hydra/x"
+	"github.com/ory/x/sqlxx"
 )
 
 // Client represents an OAuth 2.0 Client.
 //
 // swagger:model oAuth2Client
 type Client struct {
+	PK int64 `json:"-" db:"pk"`
+
 	// ClientID  is the id for this client.
-	ClientID string `json:"client_id"`
+	ClientID string `json:"client_id" db:"id"`
 
 	// Name is the human-readable string name of the client to be presented to the
 	// end-user during authorization.
-	Name string `json:"client_name"`
+	Name string `json:"client_name" db:"client_name"`
 
 	// Secret is the client's secret. The secret will be included in the create request as cleartext, and then
 	// never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users
 	// that they need to write the secret down as it will not be made available again.
-	Secret string `json:"client_secret,omitempty"`
+	Secret string `json:"client_secret,omitempty" db:"client_secret"`
 
 	// RedirectURIs is an array of allowed redirect urls for the client, for example http://mydomain/oauth/callback .
-	RedirectURIs []string `json:"redirect_uris"`
+	RedirectURIs sqlxx.StringSlicePipeDelimiter `json:"redirect_uris" db:"redirect_uris"`
 
 	// GrantTypes is an array of grant types the client is allowed to use.
 	//
 	// Pattern: client_credentials|authorization_code|implicit|refresh_token
-	GrantTypes []string `json:"grant_types"`
+	GrantTypes sqlxx.StringSlicePipeDelimiter `json:"grant_types" db:"grant_types"`
 
 	// ResponseTypes is an array of the OAuth 2.0 response type strings that the client can
 	// use at the authorization endpoint.
 	//
 	// Pattern: id_token|code|token
-	ResponseTypes []string `json:"response_types"`
+	ResponseTypes sqlxx.StringSlicePipeDelimiter `json:"response_types" db:"response_types"`
 
 	// Scope is a string containing a space-separated list of scope values (as
 	// described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
 	// can use when requesting access tokens.
 	//
 	// Pattern: ([a-zA-Z0-9\.\*]+\s?)+
-	Scope string `json:"scope"`
+	Scope string `json:"scope" db:"scope"`
 
 	// Audience is a whitelist defining the audiences this client is allowed to request tokens for. An audience limits
 	// the applicability of an OAuth 2.0 Access Token to, for example, certain API endpoints. The value is a list
 	// of URLs. URLs MUST NOT contain whitespaces.
-	Audience []string `json:"audience"`
+	Audience sqlxx.StringSlicePipeDelimiter `json:"audience" db:"audience"`
 
 	// Owner is a string identifying the owner of the OAuth 2.0 Client.
-	Owner string `json:"owner"`
+	Owner string `json:"owner" db:"owner"`
 
 	// PolicyURI is a URL string that points to a human-readable privacy policy document
 	// that describes how the deployment organization collects, uses,
 	// retains, and discloses personal data.
-	PolicyURI string `json:"policy_uri"`
+	PolicyURI string `json:"policy_uri" db:"policy_uri"`
 
 	// AllowedCORSOrigins are one or more URLs (scheme://host[:port]) which are allowed to make CORS requests
 	// to the /oauth/token endpoint. If this array is empty, the sever's CORS origin configuration (`CORS_ALLOWED_ORIGINS`)
 	// will be used instead. If this array is set, the allowed origins are appended to the server's CORS origin configuration.
 	// Be aware that environment variable `CORS_ENABLED` MUST be set to `true` for this to work.
-	AllowedCORSOrigins []string `json:"allowed_cors_origins"`
+	AllowedCORSOrigins sqlxx.StringSlicePipeDelimiter `json:"allowed_cors_origins" db:"allowed_cors_origins"`
 
 	// TermsOfServiceURI is a URL string that points to a human-readable terms of service
 	// document for the client that describes a contractual relationship
 	// between the end-user and the client that the end-user accepts when
 	// authorizing the client.
-	TermsOfServiceURI string `json:"tos_uri"`
+	TermsOfServiceURI string `json:"tos_uri" db:"tos_uri"`
 
 	// ClientURI is an URL string of a web page providing information about the client.
 	// If present, the server SHOULD display this URL to the end-user in
 	// a clickable fashion.
-	ClientURI string `json:"client_uri"`
+	ClientURI string `json:"client_uri" db:"client_uri"`
 
 	// LogoURI is an URL string that references a logo for the client.
-	LogoURI string `json:"logo_uri"`
+	LogoURI string `json:"logo_uri" db:"logo_uri"`
 
 	// Contacts is a array of strings representing ways to contact people responsible
 	// for this client, typically email addresses.
-	Contacts []string `json:"contacts"`
+	Contacts sqlxx.StringSlicePipeDelimiter `json:"contacts" db:"contacts"`
 
 	// SecretExpiresAt is an integer holding the time at which the client
 	// secret will expire or 0 if it will not expire. The time is
@@ -111,15 +114,15 @@ type Client struct {
 	//
 	// This feature is currently not supported and it's value will always
 	// be set to 0.
-	SecretExpiresAt int `json:"client_secret_expires_at"`
+	SecretExpiresAt int `json:"client_secret_expires_at" db:"client_secret_expires_at"`
 
 	// SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a
 	// list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.
-	SubjectType string `json:"subject_type"`
+	SubjectType string `json:"subject_type" db:"subject_type"`
 
 	// URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a
 	// file with a single JSON array of redirect_uri values.
-	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty"`
+	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty" db:"sector_identifier_uri"`
 
 	// URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains
 	// the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the
@@ -129,7 +132,7 @@ type Client struct {
 	// signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used
 	// to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST
 	// match those in the certificate.
-	JSONWebKeysURI string `json:"jwks_uri,omitempty"`
+	JSONWebKeysURI string `json:"jwks_uri,omitempty" db:"jwks_uri"`
 
 	// Client's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as
 	// the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter
@@ -138,58 +141,58 @@ type Client struct {
 	// can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation
 	// (which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks
 	// parameters MUST NOT be used together.
-	JSONWebKeys *jose.JSONWebKeySet `json:"jwks,omitempty"`
+	JSONWebKeys *x.JoseJSONWebKeySet `json:"jwks,omitempty" db:"jwks"`
 
 	// Requested Client Authentication method for the Token Endpoint. The options are client_secret_post,
 	// client_secret_basic, private_key_jwt, and none.
-	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`
+	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty" db:"token_endpoint_auth_method"`
 
 	// Array of request_uri values that are pre-registered by the RP for use at the OP. Servers MAY cache the
 	// contents of the files referenced by these URIs and not retrieve them at the time they are used in a request.
 	// OPs can require that request_uri values used be pre-registered with the require_request_uri_registration
 	// discovery parameter.
-	RequestURIs []string `json:"request_uris,omitempty"`
+	RequestURIs sqlxx.StringSlicePipeDelimiter `json:"request_uris,omitempty" db:"request_uris"`
 
 	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects
 	// from this Client MUST be rejected, if not signed with this algorithm.
-	RequestObjectSigningAlgorithm string `json:"request_object_signing_alg,omitempty"`
+	RequestObjectSigningAlgorithm string `json:"request_object_signing_alg,omitempty" db:"request_object_signing_alg"`
 
 	// JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT
 	// [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims
 	// as a UTF-8 encoded JSON object using the application/json content-type.
-	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty"`
+	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty" db:"userinfo_signed_response_alg"`
 
 	// CreatedAt returns the timestamp of the client's creation.
-	CreatedAt time.Time `json:"created_at,omitempty"`
+	CreatedAt time.Time `json:"created_at,omitempty" db:"created_at"`
 
 	// UpdatedAt returns the timestamp of the last update.
-	UpdatedAt time.Time `json:"updated_at,omitempty"`
+	UpdatedAt time.Time `json:"updated_at,omitempty" db:"updated_at"`
 
 	// RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query
 	// parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the
 	// request and to determine which of the potentially multiple sessions is to be logged out; if either is
 	// included, both MUST be.
-	FrontChannelLogoutURI string `json:"frontchannel_logout_uri,omitempty"`
+	FrontChannelLogoutURI string `json:"frontchannel_logout_uri,omitempty" db:"frontchannel_logout_uri"`
 
 	// Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be
 	// included to identify the RP session with the OP when the frontchannel_logout_uri is used.
 	// If omitted, the default value is false.
-	FrontChannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required,omitempty"`
+	FrontChannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required,omitempty" db:"frontchannel_logout_session_required"`
 
 	// Array of URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the
 	// post_logout_redirect_uri parameter after a logout has been performed.
-	PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"`
+	PostLogoutRedirectURIs sqlxx.StringSlicePipeDelimiter `json:"post_logout_redirect_uris,omitempty" db:"post_logout_redirect_uris"`
 
 	// RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
-	BackChannelLogoutURI string `json:"backchannel_logout_uri,omitempty"`
+	BackChannelLogoutURI string `json:"backchannel_logout_uri,omitempty" db:"backchannel_logout_uri"`
 
 	// Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout
 	// Token to identify the RP session with the OP when the backchannel_logout_uri is used.
 	// If omitted, the default value is false.
-	BackChannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty"`
+	BackChannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty" db:"backchannel_logout_session_required"`
 
 	// Metadata is arbitrary data.
-	Metadata json.RawMessage `json:"metadata,omitempty"`
+	Metadata sqlxx.JSONRawMessage `json:"metadata,omitempty" db:"metadata"`
 }
 
 func (c *Client) GetID() string {
@@ -249,7 +252,10 @@ func (c *Client) GetJSONWebKeysURI() string {
 }
 
 func (c *Client) GetJSONWebKeys() *jose.JSONWebKeySet {
-	return c.JSONWebKeys
+	if c.JSONWebKeys == nil {
+		return nil
+	}
+	return c.JSONWebKeys.JSONWebKeySet
 }
 
 func (c *Client) GetTokenEndpointAuthSigningAlgorithm() string {

@@ -66,11 +66,18 @@ type swaggerListClientsResult struct {
 	Body []Client
 }
 
-// swagger:parameters getOAuth2Client deleteOAuth2Client
-type swaggerQueryClientPayload struct {
+// swagger:parameters getOAuth2Client
+type swaggerGetOAuth2Client struct {
+	// The id of the OAuth 2.0 Client.
+	//
+	// in: path
+	ID string `json:"id"`
+}
+
+// swagger:parameters deleteOAuth2Client
+type swaggerDeleteOAuth2Client struct {
 	// The id of the OAuth 2.0 Client.
 	//
-	// unique: true
 	// in: path
 	ID string `json:"id"`
 }