[SQSERVICES-1770] Register OAuth App (1/n)

cassandra-schema.cql

@@ -741,6 +741,24 @@ CREATE TABLE brig_test.team_invitation_info (
     AND read_repair_chance = 0.0
     AND speculative_retry = '99PERCENTILE';
 
+CREATE TABLE brig_test.provider_keys (
+    key text PRIMARY KEY,
+    provider uuid
+) WITH bloom_filter_fp_chance = 0.1
+    AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+
 CREATE TABLE brig_test.rich_info (
     user uuid PRIMARY KEY,
     json blob
@@ -801,12 +819,14 @@ CREATE TABLE brig_test.service_tag (
     AND read_repair_chance = 0.0
     AND speculative_retry = '99PERCENTILE';
 
-CREATE TABLE brig_test.login_codes (
-    user uuid PRIMARY KEY,
-    code text,
-    retries int,
-    timeout timestamp
-) WITH bloom_filter_fp_chance = 0.01
+CREATE TABLE brig_test.meta (
+    id int,
+    version int,
+    date timestamp,
+    descr text,
+    PRIMARY KEY (id, version)
+) WITH CLUSTERING ORDER BY (version ASC)
+    AND bloom_filter_fp_chance = 0.01
     AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
     AND comment = ''
     AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
@@ -1160,13 +1180,35 @@ CREATE TABLE brig_test.nonce (
     AND read_repair_chance = 0.0
     AND speculative_retry = '99PERCENTILE';
 
-CREATE TABLE brig_test.provider_keys (
-    key text PRIMARY KEY,
-    provider uuid
-) WITH bloom_filter_fp_chance = 0.1
+CREATE TABLE brig_test.login_codes (
+    user uuid PRIMARY KEY,
+    code text,
+    retries int,
+    timeout timestamp
+) WITH bloom_filter_fp_chance = 0.01
     AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
     AND comment = ''
-    AND compaction = {'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy'}
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+
+CREATE TABLE brig_test.oauth_client (
+    id uuid PRIMARY KEY,
+    name text,
+    redirect_uri blob,
+    secret blob
+) WITH bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
     AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
     AND crc_check_chance = 1.0
     AND dclocal_read_repair_chance = 0.1
@@ -1529,28 +1571,6 @@ CREATE TABLE brig_test.connection (
     AND speculative_retry = '99PERCENTILE';
 CREATE INDEX conn_status ON brig_test.connection (status);
 
-CREATE TABLE brig_test.meta (
-    id int,
-    version int,
-    date timestamp,
-    descr text,
-    PRIMARY KEY (id, version)
-) WITH CLUSTERING ORDER BY (version ASC)
-    AND bloom_filter_fp_chance = 0.01
-    AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
-    AND comment = ''
-    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
-    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
-    AND crc_check_chance = 1.0
-    AND dclocal_read_repair_chance = 0.1
-    AND default_time_to_live = 0
-    AND gc_grace_seconds = 864000
-    AND max_index_interval = 2048
-    AND memtable_flush_period_in_ms = 0
-    AND min_index_interval = 128
-    AND read_repair_chance = 0.0
-    AND speculative_retry = '99PERCENTILE';
-
 CREATE TABLE brig_test.invitation (
     inviter uuid,
     id uuid,

changelog.d/5-internal/pr-2882

@@ -0,0 +1 @@
+New internal endpoint to register OAuth clients

charts/nginz/values.yaml

@@ -377,6 +377,14 @@ nginx_conf:
       envs:
       - all
       disable_zauth: true
+    - path: /oauth/clients/([^/]*)$
+      envs:
+      - all
+    - path: i/oauth/clients$
+      envs:
+      - staging
+      disable_zauth: true
+      basic_auth: true
     galley:
     - path: /conversations/code-check
       disable_zauth: true

libs/types-common/src/Data/Id.hs

@@ -49,6 +49,7 @@ module Data.Id
     RequestId (..),
     BotId (..),
     NoId,
+    OAuthClientId,
   )
 where
 
@@ -87,7 +88,7 @@ import Servant (FromHttpApiData (..), ToHttpApiData (..))
 import Test.QuickCheck
 import Test.QuickCheck.Instances ()
 
-data IdTag = A | C | I | U | P | S | T | STo
+data IdTag = A | C | I | U | P | S | T | STo | OAuthClient
 
 idTagName :: IdTag -> Text
 idTagName A = "Asset"
@@ -98,6 +99,7 @@ idTagName P = "Provider"
 idTagName S = "Service"
 idTagName T = "Team"
 idTagName STo = "ScimToken"
+idTagName OAuthClient = "OAuthClient"
 
 class KnownIdTag (t :: IdTag) where
   idTagValue :: IdTag
@@ -118,6 +120,8 @@ instance KnownIdTag 'T where idTagValue = T
 
 instance KnownIdTag 'STo where idTagValue = STo
 
+instance KnownIdTag 'OAuthClient where idTagValue = OAuthClient
+
 type AssetId = Id 'A
 
 type InvitationId = Id 'I
@@ -136,6 +140,8 @@ type TeamId = Id 'T
 
 type ScimTokenId = Id 'STo
 
+type OAuthClientId = Id 'OAuthClient
+
 -- Id -------------------------------------------------------------------------
 
 data NoId = NoId deriving (Eq, Show, Generic)

services/brig/brig.cabal

@@ -30,6 +30,7 @@ library
     Brig.API.MLS.KeyPackages
     Brig.API.MLS.KeyPackages.Validation
     Brig.API.MLS.Util
+    Brig.API.OAuth
     Brig.API.Properties
     Brig.API.Public
     Brig.API.Public.Swagger
@@ -442,6 +443,7 @@ executable brig-integration
     API.Metrics
     API.MLS
     API.MLS.Util
+    API.OAuth
     API.Provider
     API.RichInfo.Util
     API.Search
@@ -680,6 +682,7 @@ executable brig-schema
     V71_AddTableVCodesThrottle
     V72_AddNonceTable
     V73_ReplaceNonceTable
+    V74_AddOAuthClientTable
     V9
     V_FUTUREWORK
 

services/brig/schema/src/Main.hs

@@ -83,6 +83,7 @@ import qualified V70_UserEmailUnvalidated
 import qualified V71_AddTableVCodesThrottle
 import qualified V72_AddNonceTable
 import qualified V73_ReplaceNonceTable
+import qualified V74_AddOAuthClientTable
 import qualified V9
 
 main :: IO ()
@@ -155,7 +156,8 @@ main = do
       V70_UserEmailUnvalidated.migration,
       V71_AddTableVCodesThrottle.migration,
       V72_AddNonceTable.migration,
-      V73_ReplaceNonceTable.migration
+      V73_ReplaceNonceTable.migration,
+      V74_AddOAuthClientTable.migration
       -- When adding migrations here, don't forget to update
       -- 'schemaVersion' in Brig.App
 

services/brig/schema/src/V74_AddOAuthClientTable.hs

@@ -0,0 +1,40 @@
+{-# LANGUAGE QuasiQuotes #-}
+
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module V74_AddOAuthClientTable
+  ( migration,
+  )
+where
+
+import Cassandra.Schema
+import Imports
+import Text.RawString.QQ
+
+migration :: Migration
+migration =
+  Migration 74 "Add table for OAuth clients" $ do
+    schema'
+      [r|
+        CREATE TABLE IF NOT EXISTS oauth_client
+          ( id uuid PRIMARY KEY
+          , name text
+          , redirect_uri blob
+          , secret blob
+          ) 
+     |]

services/brig/src/Brig/API/Internal.hs

@@ -30,6 +30,7 @@ import qualified Brig.API.Connection as API
 import Brig.API.Error
 import Brig.API.Handler
 import Brig.API.MLS.KeyPackages.Validation
+import Brig.API.OAuth (IOAuthAPI, internalOauthAPI)
 import Brig.API.Types
 import qualified Brig.API.User as API
 import qualified Brig.API.User as Api
@@ -105,14 +106,24 @@ import Wire.API.User.RichInfo
 -- Sitemap (servant)
 
 servantSitemap ::
+  Members
+    '[ BlacklistStore,
+       GalleyProvider,
+       UserPendingActivationStore p
+     ]
+    r =>
+  ServerT (BrigIRoutes.API :<|> IOAuthAPI) (Handler r)
+servantSitemap = brigInternalAPI :<|> internalOauthAPI
+
+brigInternalAPI ::
   Members
     '[ BlacklistStore,
        GalleyProvider,
        UserPendingActivationStore p
      ]
     r =>
   ServerT BrigIRoutes.API (Handler r)
-servantSitemap =
+brigInternalAPI =
   ejpdAPI
     :<|> accountAPI
     :<|> mlsAPI