ory
Support additional metadata fields like logo_uri, client_uri, policy_uri, etc.
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [x] I have joined the Ory Community Slack.
- [x] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe your problem
The Hydra endpoint to create OAuth2 clients currently supports some more properties as covered by hydra-maester CRDs. Therefore, clients with metadata attributes such as logo_uri, contacts or policy_uri cannot be created.
Describe your ideal solution
Ideally, the CRDs cover all fields that are provided by the API endpoint.
A quick check of OAuth2ClientJSON and the Hydra OpenAPI spec shows that the following fields are missing:
- access_token_strategy
- client_secret_expires_at
- client_uri
- contacts
- created_at
- logo_uri
- policy_uri
- refresh_token_grant_refresh_token_lifespan
- registration_access_token
- registration_client_uri
- request_object_signing_alg
- request_uris
- sector_identifier_uri
- skip_logout_consent
- subject_type
- token_endpoint_auth_signing_alg
- tos_uri
- updated_at
- userinfo_signed_response_alg
Idk if it really makes sense to cover all fields (e.g. created_at, updated_at) but it would be definitely helpful to cover the missing metadata fields (e.g. logo_uri, policy_uri, tos_uri, contacts).
Workarounds or alternatives
Currently I'm creating the clients without the mentioned fields.
Version
0.0.34-arm64
Additional Context
If there is an idea which fields should be covered, I can take care of the implementation
After a little bit of browsing the source code, I saw that the property owner is used in another way.
https://github.com/ory/hydra-maester/blob/aa0bff206ad33d1ac410094b04de1049d5d131c4/controllers/oauth2client_controller.go#L228
It might be a good idea to move this to a custom metadata property to allow users using the owner property for another purpose
I'm interested in the possibility to set userinfo_signed_response_alg. My server is configured with 2 possible values, None and RS256 ; some clients want the answer signed and some other unsigned.
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
name: my-oauth2-client
namespace: default
spec:
userinfo_signed_response_alg: "RS256"
