feat: updated identity providers in admin panel

2026-03-25 15:17:48 +00:00
parent 1f1fd90890
commit 6774c401bf
7 changed files with 689 additions and 332 deletions
--- a/backend/internal/application/services/auth_service.go
+++ b/backend/internal/application/services/auth_service.go
@@ -319,6 +319,57 @@ func (s *AuthService) CreateProvider(ctx context.Context, req *dto.CreateAuthPro
 	return dto.NewAuthProviderDTO(provider), nil
 }

+// UpdateProvider updates an existing OAuth/OIDC provider.
+// If ClientSecret is empty, the existing encrypted secret is preserved.
+func (s *AuthService) UpdateProvider(ctx context.Context, providerID bson.ObjectID, req *dto.UpdateAuthProviderRequest) (*dto.AuthProviderDTO, error) {
+	if s.providerRepo == nil || s.encryptor == nil {
+		return nil, errors.New("provider configuration unavailable")
+	}
+
+	existing, err := s.providerRepo.GetProviderByID(ctx, providerID)
+	if err != nil {
+		return nil, err
+	}
+
+	providerType := strings.ToLower(strings.TrimSpace(req.Type))
+	if providerType != "oidc" && providerType != "oauth2" {
+		return nil, errors.New("provider type must be oidc or oauth2")
+	}
+
+	name := strings.TrimSpace(req.Name)
+	clientID := strings.TrimSpace(req.ClientID)
+	authorizationURL := strings.TrimSpace(req.AuthorizationURL)
+	tokenURL := strings.TrimSpace(req.TokenURL)
+	if name == "" || clientID == "" || authorizationURL == "" || tokenURL == "" {
+		return nil, errors.New("missing required provider fields")
+	}
+
+	existing.Name = name
+	existing.Type = providerType
+	existing.ClientID = clientID
+	existing.AuthorizationURL = authorizationURL
+	existing.TokenURL = tokenURL
+	existing.UserInfoURL = strings.TrimSpace(req.UserInfoURL)
+	existing.Scopes = normalizeScopes(req.Scopes, providerType)
+	existing.IDTokenClaim = strings.TrimSpace(req.IDTokenClaim)
+	existing.IsActive = req.IsActive
+
+	clientSecret := strings.TrimSpace(req.ClientSecret)
+	if clientSecret != "" {
+		encrypted, err := s.encryptor.Encrypt(clientSecret)
+		if err != nil {
+			return nil, err
+		}
+		existing.ClientSecret = encrypted
+	}
+
+	if err := s.providerRepo.UpdateProvider(ctx, existing); err != nil {
+		return nil, err
+	}
+
+	return dto.NewAuthProviderDTO(existing), nil
+}
+
 // BuildProviderAuthorizationURL constructs a provider authorization URL.
 func (s *AuthService) BuildProviderAuthorizationURL(ctx context.Context, providerID bson.ObjectID, redirectURI, state string) (string, error) {
 	flags, err := s.GetFeatureFlags(ctx)