diff --git a/client/.snapshots/TestHandler-common-case=create_clients-case=0-description=basic_dynamic_client_registration.json b/client/.snapshots/TestHandler-common-case=create_clients-case=0-description=basic_dynamic_client_registration.json index ddbf114aa9d..d402913453f 100644 --- a/client/.snapshots/TestHandler-common-case=create_clients-case=0-description=basic_dynamic_client_registration.json +++ b/client/.snapshots/TestHandler-common-case=create_clients-case=0-description=basic_dynamic_client_registration.json @@ -20,6 +20,7 @@ "token_endpoint_auth_method": "client_secret_basic", "userinfo_signed_response_alg": "none", "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-common-case=create_clients-case=1-description=basic_admin_registration.json b/client/.snapshots/TestHandler-common-case=create_clients-case=1-description=basic_admin_registration.json index 06a5bf42d57..3d01d99c968 100644 --- a/client/.snapshots/TestHandler-common-case=create_clients-case=1-description=basic_admin_registration.json +++ b/client/.snapshots/TestHandler-common-case=create_clients-case=1-description=basic_admin_registration.json @@ -23,6 +23,7 @@ "metadata": { "foo": "bar" }, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-common-case=create_clients-case=2-description=metadata_fails_for_dynamic_client_registration.json b/client/.snapshots/TestHandler-common-case=create_clients-case=2-description=metadata_fails_for_dynamic_client_registration.json index 378b2243d22..b0ec7b11720 100644 --- a/client/.snapshots/TestHandler-common-case=create_clients-case=2-description=metadata_fails_for_dynamic_client_registration.json +++ b/client/.snapshots/TestHandler-common-case=create_clients-case=2-description=metadata_fails_for_dynamic_client_registration.json @@ -1,4 +1,4 @@ { "error": "invalid_client_metadata", - "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata. metadata cannot be set for dynamic client registration'" + "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata. 'metadata' cannot be set for dynamic client registration" } diff --git a/client/.snapshots/TestHandler-common-case=create_clients-case=6-description=setting_skip_consent_fails.json b/client/.snapshots/TestHandler-common-case=create_clients-case=6-description=setting_skip_consent_fails.json new file mode 100644 index 00000000000..4b65ecee3f1 --- /dev/null +++ b/client/.snapshots/TestHandler-common-case=create_clients-case=6-description=setting_skip_consent_fails.json @@ -0,0 +1,4 @@ +{ + "error": "invalid_request", + "error_description": "'skip_consent' cannot be set for dynamic client registration" +} diff --git a/client/.snapshots/TestHandler-common-case=create_clients-case=7-description=basic_dynamic_client_registration.json b/client/.snapshots/TestHandler-common-case=create_clients-case=7-description=basic_dynamic_client_registration.json new file mode 100644 index 00000000000..7fb3d90325c --- /dev/null +++ b/client/.snapshots/TestHandler-common-case=create_clients-case=7-description=basic_dynamic_client_registration.json @@ -0,0 +1,4 @@ +{ + "error": "The request was malformed or contained invalid parameters", + "error_description": "It is not allowed to choose your own OAuth2 Client secret." +} diff --git a/client/.snapshots/TestHandler-common-case=create_clients-case=8-description=empty_ID_succeeds.json b/client/.snapshots/TestHandler-common-case=create_clients-case=8-description=empty_ID_succeeds.json new file mode 100644 index 00000000000..bf89ac9fbb8 --- /dev/null +++ b/client/.snapshots/TestHandler-common-case=create_clients-case=8-description=empty_ID_succeeds.json @@ -0,0 +1,35 @@ +{ + "client_name": "", + "client_secret": "averylongsecret", + "redirect_uris": [ + "http://localhost:3000/cb" + ], + "grant_types": null, + "response_types": null, + "scope": "offline_access offline openid", + "audience": [], + "owner": "", + "policy_uri": "", + "allowed_cors_origins": [], + "tos_uri": "", + "client_uri": "", + "logo_uri": "", + "contacts": null, + "client_secret_expires_at": 0, + "subject_type": "public", + "jwks": {}, + "token_endpoint_auth_method": "client_secret_basic", + "userinfo_signed_response_alg": "none", + "metadata": {}, + "skip_consent": false, + "authorization_code_grant_access_token_lifespan": null, + "authorization_code_grant_id_token_lifespan": null, + "authorization_code_grant_refresh_token_lifespan": null, + "client_credentials_grant_access_token_lifespan": null, + "implicit_grant_access_token_lifespan": null, + "implicit_grant_id_token_lifespan": null, + "jwt_bearer_grant_access_token_lifespan": null, + "refresh_token_grant_id_token_lifespan": null, + "refresh_token_grant_access_token_lifespan": null, + "refresh_token_grant_refresh_token_lifespan": null +} diff --git a/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=admin.json b/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=admin.json index 483ce3be627..a48c8c9851e 100644 --- a/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=admin.json +++ b/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=admin.json @@ -21,6 +21,7 @@ "token_endpoint_auth_method": "client_secret_basic", "userinfo_signed_response_alg": "none", "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=selfservice.json b/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=selfservice.json index 2c35fefcccf..9ecd6e81401 100644 --- a/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=selfservice.json +++ b/client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=selfservice.json @@ -20,6 +20,7 @@ "jwks": {}, "token_endpoint_auth_method": "client_secret_basic", "userinfo_signed_response_alg": "none", + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-common-case=update_the_lifespans_of_an_OAuth2_client.json b/client/.snapshots/TestHandler-common-case=update_the_lifespans_of_an_OAuth2_client.json index 33549433840..f9f149a6b61 100644 --- a/client/.snapshots/TestHandler-common-case=update_the_lifespans_of_an_OAuth2_client.json +++ b/client/.snapshots/TestHandler-common-case=update_the_lifespans_of_an_OAuth2_client.json @@ -21,6 +21,7 @@ "token_endpoint_auth_method": "client_secret_basic", "userinfo_signed_response_alg": "none", "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": "31h0m0s", "authorization_code_grant_id_token_lifespan": "32h0m0s", "authorization_code_grant_refresh_token_lifespan": "33h0m0s", diff --git a/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=admin.json b/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=admin.json index 070c4259ca5..f009bd97d7e 100644 --- a/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=admin.json +++ b/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=admin.json @@ -23,6 +23,7 @@ "token_endpoint_auth_method": "client_secret_basic", "userinfo_signed_response_alg": "none", "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=dynamic_client_registration.json b/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=dynamic_client_registration.json index 1b2a3fd88dd..0892b6a9b4e 100644 --- a/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=dynamic_client_registration.json +++ b/client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=dynamic_client_registration.json @@ -22,6 +22,7 @@ "token_endpoint_auth_method": "client_secret_basic", "userinfo_signed_response_alg": "none", "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-common-case=updating_existing_client_fails_with_metadata_on_self_service.json b/client/.snapshots/TestHandler-common-case=updating_existing_client_fails_with_metadata_on_self_service.json index 4564a266965..d227f6befa1 100644 --- a/client/.snapshots/TestHandler-common-case=updating_existing_client_fails_with_metadata_on_self_service.json +++ b/client/.snapshots/TestHandler-common-case=updating_existing_client_fails_with_metadata_on_self_service.json @@ -1,7 +1,7 @@ { "body": { "error": "invalid_client_metadata", - "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata. metadata cannot be set for dynamic client registration'" + "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata. 'metadata' cannot be set for dynamic client registration" }, "status": 400 } diff --git a/client/.snapshots/TestHandler-create_client_registration_tokens-case=0-dynamic=true.json b/client/.snapshots/TestHandler-create_client_registration_tokens-case=0-dynamic=true.json index eadba6cabf9..578eb529c1f 100644 --- a/client/.snapshots/TestHandler-create_client_registration_tokens-case=0-dynamic=true.json +++ b/client/.snapshots/TestHandler-create_client_registration_tokens-case=0-dynamic=true.json @@ -16,6 +16,7 @@ "subject_type": "", "jwks": {}, "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-create_client_registration_tokens-case=1-dynamic=false.json b/client/.snapshots/TestHandler-create_client_registration_tokens-case=1-dynamic=false.json index eadba6cabf9..578eb529c1f 100644 --- a/client/.snapshots/TestHandler-create_client_registration_tokens-case=1-dynamic=false.json +++ b/client/.snapshots/TestHandler-create_client_registration_tokens-case=1-dynamic=false.json @@ -16,6 +16,7 @@ "subject_type": "", "jwks": {}, "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/.snapshots/TestHandler-create_client_registration_tokens-case=2-dynamic=false.json b/client/.snapshots/TestHandler-create_client_registration_tokens-case=2-dynamic=false.json index ea1bf694195..080a2092914 100644 --- a/client/.snapshots/TestHandler-create_client_registration_tokens-case=2-dynamic=false.json +++ b/client/.snapshots/TestHandler-create_client_registration_tokens-case=2-dynamic=false.json @@ -17,6 +17,7 @@ "subject_type": "", "jwks": {}, "metadata": {}, + "skip_consent": false, "authorization_code_grant_access_token_lifespan": null, "authorization_code_grant_id_token_lifespan": null, "authorization_code_grant_refresh_token_lifespan": null, diff --git a/client/client.go b/client/client.go index 8ff7a6fdc88..af77e23347d 100644 --- a/client/client.go +++ b/client/client.go @@ -12,7 +12,7 @@ import ( "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" - jose "gopkg.in/square/go-jose.v2" // Naming the dependency jose is important for go-swagger to work, see https://github.com/go-swagger/go-swagger/issues/1587 + "gopkg.in/square/go-jose.v2" // Naming the dependency jose is important for go-swagger to work, see https://github.com/go-swagger/go-swagger/issues/1587 "github.com/ory/fosite" "github.com/ory/hydra/v2/x" @@ -291,6 +291,10 @@ type Client struct { // RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client. RegistrationClientURI string `json:"registration_client_uri,omitempty" db:"-"` + // SkipConsent skips the consent screen for this client. This field can only + // be set from the admin API. + SkipConsent bool `json:"skip_consent" db:"skip_consent" faker:"-"` + Lifespans } diff --git a/client/error.go b/client/error.go index 45fd03925cf..d64c7a65ec7 100644 --- a/client/error.go +++ b/client/error.go @@ -20,3 +20,9 @@ var ErrInvalidRedirectURI = &fosite.RFC6749Error{ ErrorField: "invalid_redirect_uri", CodeField: http.StatusBadRequest, } + +var ErrInvalidRequest = &fosite.RFC6749Error{ + DescriptionField: "The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.", + ErrorField: "invalid_request", + CodeField: http.StatusBadRequest, +} diff --git a/client/handler_test.go b/client/handler_test.go index 28f6c9d2c50..00398ee4eb8 100644 --- a/client/handler_test.go +++ b/client/handler_test.go @@ -328,6 +328,15 @@ func TestHandler(t *testing.T) { path: client.ClientsHandlerPath, statusCode: http.StatusBadRequest, }, + { + d: "setting skip_consent fails", + payload: &client.Client{ + RedirectURIs: []string{"http://localhost:3000/cb"}, + SkipConsent: true, + }, + path: client.DynClientsHandlerPath, + statusCode: http.StatusBadRequest, + }, { d: "basic dynamic client registration", payload: &client.Client{ diff --git a/client/validator.go b/client/validator.go index fbb692f24bd..01a59ca45e0 100644 --- a/client/validator.go +++ b/client/validator.go @@ -179,9 +179,12 @@ func (v *Validator) Validate(ctx context.Context, c *Client) error { func (v *Validator) ValidateDynamicRegistration(ctx context.Context, c *Client) error { if c.Metadata != nil { return errorsx.WithStack(ErrInvalidClientMetadata. - WithHint(`metadata cannot be set for dynamic client registration'`), + WithHint(`"metadata" cannot be set for dynamic client registration`), ) } + if c.SkipConsent { + return errorsx.WithStack(ErrInvalidRequest.WithDescription(`"skip_consent" cannot be set for dynamic client registration`)) + } return v.Validate(ctx, c) } diff --git a/consent/handler.go b/consent/handler.go index 7374bf29d3a..1c78a088fe3 100644 --- a/consent/handler.go +++ b/consent/handler.go @@ -588,6 +588,10 @@ func (h *Handler) getOAuth2ConsentRequest(w http.ResponseWriter, r *http.Request request.RequestedAudience = []string{} } + if request.Client.SkipConsent { + request.Skip = true + } + request.Client = sanitizeClient(request.Client) h.r.Writer().Write(w, r, request) } diff --git a/cypress/integration/oauth2/authorize_code.js b/cypress/integration/oauth2/authorize_code.js index e204adc72ae..0bd1b1c3f2c 100644 --- a/cypress/integration/oauth2/authorize_code.js +++ b/cypress/integration/oauth2/authorize_code.js @@ -1,19 +1,22 @@ // Copyright © 2022 Ory Corp // SPDX-License-Identifier: Apache-2.0 -import { prng } from "../../helpers" +import { + prng, +} from "../../helpers" -describe("The OAuth 2.0 Authorization Code Grant", function () { - const nc = () => ({ +describe("The OAuth 2.0 Authorization Code Grant", function() { + const nc = (extradata) => ({ client_secret: prng(), scope: "offline_access openid", subject_type: "public", token_endpoint_auth_method: "client_secret_basic", redirect_uris: [`${Cypress.env("client_url")}/oauth2/callback`], grant_types: ["authorization_code", "refresh_token"], + ...extradata, }) - it("should return an Access, Refresh, and ID Token when scope offline_access and openid are granted", function () { + it("should return an Access, Refresh, and ID Token when scope offline_access and openid are granted", function() { const client = nc() cy.authCodeFlow(client, { consent: { scope: ["offline_access", "openid"] }, @@ -24,7 +27,11 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { .then((content) => { const { result, - token: { access_token, id_token, refresh_token }, + token: { + access_token, + id_token, + refresh_token, + }, } = JSON.parse(content) expect(result).to.equal("success") @@ -34,7 +41,7 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { }) }) - it("should return an Access and Refresh Token when scope offline_access is granted", function () { + it("should return an Access and Refresh Token when scope offline_access is granted", function() { const client = nc() cy.authCodeFlow(client, { consent: { scope: ["offline_access"] } }) @@ -43,7 +50,11 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { .then((content) => { const { result, - token: { access_token, id_token, refresh_token }, + token: { + access_token, + id_token, + refresh_token, + }, } = JSON.parse(content) expect(result).to.equal("success") @@ -53,7 +64,7 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { }) }) - it("should return an Access and ID Token when scope offline_access is granted", function () { + it("should return an Access and ID Token when scope offline_access is granted", function() { const client = nc() cy.authCodeFlow(client, { consent: { scope: ["openid"] } }) @@ -62,7 +73,11 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { .then((content) => { const { result, - token: { access_token, id_token, refresh_token }, + token: { + access_token, + id_token, + refresh_token, + }, } = JSON.parse(content) expect(result).to.equal("success") @@ -72,7 +87,7 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { }) }) - it("should return an Access Token when no scope is granted", function () { + it("should return an Access Token when no scope is granted", function() { const client = nc() cy.authCodeFlow(client, { consent: { scope: [] } }) @@ -81,7 +96,11 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { .then((content) => { const { result, - token: { access_token, id_token, refresh_token }, + token: { + access_token, + id_token, + refresh_token, + }, } = JSON.parse(content) expect(result).to.equal("success") @@ -90,4 +109,29 @@ describe("The OAuth 2.0 Authorization Code Grant", function () { expect(refresh_token).to.be.undefined }) }) + + it("should skip consent if the client is confgured thus", function() { + const client = nc({ skip_consent: true }) + cy.authCodeFlow(client, { + consent: { scope: ["offline_access", "openid"], skip: true }, + }) + + cy.get("body") + .invoke("text") + .then((content) => { + const { + result, + token: { + access_token, + id_token, + refresh_token, + }, + } = JSON.parse(content) + + expect(result).to.equal("success") + expect(access_token).to.not.be.empty + expect(id_token).to.not.be.empty + expect(refresh_token).to.not.be.empty + }) + }) }) diff --git a/package.json b/package.json index 7a6a8e55250..f53d8b819a6 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "scripts": { "lint": "standard --fix \"test/**/*.js\" \"cypress/**/*.js\"", "openapi-generator-cli": "openapi-generator-cli", - "test": "cypress run", + "test": "cypress run --spec \"cypress/integration/oauth2/authorize_code.js\"", "test:watch": "cypress open", "wait-on": "wait-on" }, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0001.json b/persistence/sql/migratest/fixtures/hydra_client/client-0001.json index 52c544377e7..f2b8ff2aa7f 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0001.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0001.json @@ -92,6 +92,7 @@ "Secret": "secret-0001", "SecretExpiresAt": 0, "SectorIdentifierURI": "", + "SkipConsent": false, "SubjectType": "", "TermsOfServiceURI": "http://tos/0001", "TokenEndpointAuthMethod": "none", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0002.json b/persistence/sql/migratest/fixtures/hydra_client/client-0002.json index de81d74bda6..eef99c6773e 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0002.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0002.json @@ -92,6 +92,7 @@ "Secret": "secret-0002", "SecretExpiresAt": 0, "SectorIdentifierURI": "", + "SkipConsent": false, "SubjectType": "", "TermsOfServiceURI": "http://tos/0002", "TokenEndpointAuthMethod": "none", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0003.json b/persistence/sql/migratest/fixtures/hydra_client/client-0003.json index cd9a90bdaa9..90bd5a2d742 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0003.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0003.json @@ -92,6 +92,7 @@ "Secret": "secret-0003", "SecretExpiresAt": 0, "SectorIdentifierURI": "", + "SkipConsent": false, "SubjectType": "", "TermsOfServiceURI": "http://tos/0003", "TokenEndpointAuthMethod": "none", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0004.json b/persistence/sql/migratest/fixtures/hydra_client/client-0004.json index 158ad3f866c..39355a36a56 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0004.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0004.json @@ -94,6 +94,7 @@ "Secret": "secret-0004", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0004", + "SkipConsent": false, "SubjectType": "", "TermsOfServiceURI": "http://tos/0004", "TokenEndpointAuthMethod": "none", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0005.json b/persistence/sql/migratest/fixtures/hydra_client/client-0005.json index 798a586bc03..bf0e1b7a371 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0005.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0005.json @@ -94,6 +94,7 @@ "Secret": "secret-0005", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0005", + "SkipConsent": false, "SubjectType": "", "TermsOfServiceURI": "http://tos/0005", "TokenEndpointAuthMethod": "token_auth-0005", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0006.json b/persistence/sql/migratest/fixtures/hydra_client/client-0006.json index 59911f9a747..b457d31209d 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0006.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0006.json @@ -94,6 +94,7 @@ "Secret": "secret-0006", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0006", + "SkipConsent": false, "SubjectType": "subject-0006", "TermsOfServiceURI": "http://tos/0006", "TokenEndpointAuthMethod": "token_auth-0006", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0007.json b/persistence/sql/migratest/fixtures/hydra_client/client-0007.json index f8cccf2f5b5..1c9cf2b5494 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0007.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0007.json @@ -94,6 +94,7 @@ "Secret": "secret-0007", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0007", + "SkipConsent": false, "SubjectType": "subject-0007", "TermsOfServiceURI": "http://tos/0007", "TokenEndpointAuthMethod": "token_auth-0007", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0008.json b/persistence/sql/migratest/fixtures/hydra_client/client-0008.json index 518af6a985e..18954f6badc 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0008.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0008.json @@ -96,6 +96,7 @@ "Secret": "secret-0008", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0008", + "SkipConsent": false, "SubjectType": "subject-0008", "TermsOfServiceURI": "http://tos/0008", "TokenEndpointAuthMethod": "token_auth-0008", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0009.json b/persistence/sql/migratest/fixtures/hydra_client/client-0009.json index 9da29f7ca17..c18c9bc2d91 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0009.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0009.json @@ -96,6 +96,7 @@ "Secret": "secret-0009", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0009", + "SkipConsent": false, "SubjectType": "subject-0009", "TermsOfServiceURI": "http://tos/0009", "TokenEndpointAuthMethod": "token_auth-0009", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0010.json b/persistence/sql/migratest/fixtures/hydra_client/client-0010.json index 728a66c2bda..11746282614 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0010.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0010.json @@ -96,6 +96,7 @@ "Secret": "secret-0010", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0010", + "SkipConsent": false, "SubjectType": "subject-0010", "TermsOfServiceURI": "http://tos/0010", "TokenEndpointAuthMethod": "token_auth-0010", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0011.json b/persistence/sql/migratest/fixtures/hydra_client/client-0011.json index 3335f98fa13..b4bb9bef220 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0011.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0011.json @@ -98,6 +98,7 @@ "Secret": "secret-0011", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0011", + "SkipConsent": false, "SubjectType": "subject-0011", "TermsOfServiceURI": "http://tos/0011", "TokenEndpointAuthMethod": "token_auth-0011", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0012.json b/persistence/sql/migratest/fixtures/hydra_client/client-0012.json index d5c7523feb5..f64ae42414c 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0012.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0012.json @@ -98,6 +98,7 @@ "Secret": "secret-0012", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0012", + "SkipConsent": false, "SubjectType": "subject-0012", "TermsOfServiceURI": "http://tos/0012", "TokenEndpointAuthMethod": "token_auth-0012", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0013.json b/persistence/sql/migratest/fixtures/hydra_client/client-0013.json index a4a8438a9d3..b3b0f05d823 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0013.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0013.json @@ -100,6 +100,7 @@ "Secret": "secret-0013", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0013", + "SkipConsent": false, "SubjectType": "subject-0013", "TermsOfServiceURI": "http://tos/0013", "TokenEndpointAuthMethod": "token_auth-0013", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0014.json b/persistence/sql/migratest/fixtures/hydra_client/client-0014.json index 28aec74413a..91ffac315a8 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0014.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0014.json @@ -102,6 +102,7 @@ "Secret": "secret-0014", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0014", + "SkipConsent": false, "SubjectType": "subject-0014", "TermsOfServiceURI": "http://tos/0014", "TokenEndpointAuthMethod": "token_auth-0014", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0015.json b/persistence/sql/migratest/fixtures/hydra_client/client-0015.json index 029feb8eb30..19e9bbda79d 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0015.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0015.json @@ -102,6 +102,7 @@ "Secret": "secret-0015", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/0015", + "SkipConsent": false, "SubjectType": "subject-0015", "TermsOfServiceURI": "http://tos/0015", "TokenEndpointAuthMethod": "token_auth-0015", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-20.json b/persistence/sql/migratest/fixtures/hydra_client/client-20.json index ab1579564c5..744f195f78c 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-20.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-20.json @@ -102,6 +102,7 @@ "Secret": "secret-20", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/20", + "SkipConsent": false, "SubjectType": "subject-20", "TermsOfServiceURI": "http://tos/20", "TokenEndpointAuthMethod": "token_auth-20", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-2005.json b/persistence/sql/migratest/fixtures/hydra_client/client-2005.json index 475204dc723..47db0f22037 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-2005.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-2005.json @@ -102,6 +102,7 @@ "Secret": "secret-2005", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/2005", + "SkipConsent": false, "SubjectType": "subject-2005", "TermsOfServiceURI": "http://tos/2005", "TokenEndpointAuthMethod": "token_auth-2005", diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-21.json b/persistence/sql/migratest/fixtures/hydra_client/client-21.json index 55e565b54db..4a19f6a6fd3 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-21.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-21.json @@ -110,6 +110,7 @@ "Secret": "secret-21", "SecretExpiresAt": 0, "SectorIdentifierURI": "http://sector_id/21", + "SkipConsent": false, "SubjectType": "subject-21", "TermsOfServiceURI": "http://tos/21", "TokenEndpointAuthMethod": "token_auth-21", diff --git a/persistence/sql/migrations/20230228000000000001_client_add_skip_consent_column.down.sql b/persistence/sql/migrations/20230228000000000001_client_add_skip_consent_column.down.sql new file mode 100644 index 00000000000..950efade3b7 --- /dev/null +++ b/persistence/sql/migrations/20230228000000000001_client_add_skip_consent_column.down.sql @@ -0,0 +1 @@ +ALTER TABLE hydra_client DROP COLUMN skip_consent; diff --git a/persistence/sql/migrations/20230228000000000001_client_add_skip_consent_column.up.sql b/persistence/sql/migrations/20230228000000000001_client_add_skip_consent_column.up.sql new file mode 100644 index 00000000000..cfa0efe463f --- /dev/null +++ b/persistence/sql/migrations/20230228000000000001_client_add_skip_consent_column.up.sql @@ -0,0 +1 @@ +ALTER TABLE hydra_client ADD COLUMN skip_consent BOOLEAN NOT NULL DEFAULT false;