Skip to content

feat(auth): add OAuth 2.1 client admin endpoints #1240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(auth): add OAuth 2.1 client admin endpoints #1240

wants to merge 1 commit into from

Conversation

grdsdev
Copy link
Contributor

@grdsdev grdsdev commented Oct 2, 2025

Summary

Adds OAuth 2.1 client administration endpoints to supabase-auth based on the implementation from supabase-js.

This PR implements a new admin.oauth namespace with full CRUD operations for managing OAuth clients when the OAuth 2.1 server is enabled in Supabase Auth.

Changes

New Types (types.py)

  • OAuthClient - OAuth client object returned from the OAuth 2.1 server
  • OAuthClientResponse - Response type for OAuth client operations
  • OAuthClientListResponse - Response type for listing OAuth clients with pagination
  • CreateOAuthClientParams - Parameters for creating a new OAuth client
  • PageParams and Pagination - Pagination support
  • Type literals for grant types, response types, client types, and registration types

New API Classes

  • AsyncGoTrueAdminOAuthAPI - Async OAuth admin API
  • SyncGoTrueAdminOAuthAPI - Sync OAuth admin API

New Admin Methods (admin.oauth)

  • list_clients(params?: PageParams) - List OAuth clients with optional pagination
  • create_client(params: CreateOAuthClientParams) - Register new OAuth client
  • get_client(client_id: str) - Get client details by ID
  • delete_client(client_id: str) - Remove OAuth client
  • regenerate_client_secret(client_id: str) - Regenerate client secret

Tests

  • Comprehensive test coverage for all OAuth client operations
  • Tests gracefully handle cases where OAuth 2.1 server is not enabled

Implementation Notes

  • Follows existing patterns in the codebase (similar to admin.mfa)
  • Includes proper error handling and type safety
  • All methods require service_role key and should only be called server-side
  • Only relevant when the OAuth 2.1 server is enabled in Supabase Auth

References

Test plan

  • Code passes all existing tests
  • New tests added for OAuth client operations
  • Ruff checks pass
  • Manual testing with OAuth 2.1 enabled server (if available)

🤖 Generated with Claude Code

@grdsdev @claude
feat(auth): add OAuth 2.1 client admin endpoints
f42ebc0 
Add OAuth 2.1 client administration endpoints to supabase-auth based on
the implementation from supabase-js PR #1582.

This adds a new `admin.oauth` namespace with full CRUD operations for
managing OAuth clients when the OAuth 2.1 server is enabled.

New admin.oauth methods:
- list_clients() - List OAuth clients with pagination
- create_client() - Register new OAuth client
- get_client() - Get client details by ID
- delete_client() - Remove OAuth client
- regenerate_client_secret() - Regenerate client secret

All methods include proper error handling and follow existing patterns
(similar to admin.mfa). These methods are only relevant when the OAuth
2.1 server is enabled in Supabase Auth.

References: supabase/supabase-js#1582

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@grdsdev