Skip to content

feat(console): OAuth client rotation/revoke UI + secret status [v1.10.0]#18

Merged
lopadova merged 1 commit into
mainfrom
task/h11-client-rotation-ui
Jul 3, 2026
Merged

feat(console): OAuth client rotation/revoke UI + secret status [v1.10.0]#18
lopadova merged 1 commit into
mainfrom
task/h11-client-rotation-ui

Conversation

@lopadova

@lopadova lopadova commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Consumes v1.10.0: Applications Details shows OAuth client secret status + Rotate (zero-downtime) / Revoke actions. IamRolesSeeder gains iam:clients.manage. Green: build+lint, 19 tests, E2E (onboard + rotate).

Consumes package v1.10.0. Application Details gains an "OAuth client" section: shows client_id +
secret_status badge (ok/expiring/expired/revoked/public), secret_expires_at, and a grace-until badge
during a rollover. Actions: Rotate secret (issues a new one shown once, old kept for the grace window —
zero downtime) and Revoke client. IamRolesSeeder gains iam:clients.manage (drift-guard + super-admin role).

Green: SPA build (tsc) + oxlint, php artisan test 19/19 (drift-guard), pint, Playwright golden-path
(now onboards an app AND rotates its client secret end to end).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lopadova lopadova added the testE2E Run the end-to-end Playwright CI label Jul 3, 2026
@lopadova lopadova merged commit 903cf7f into main Jul 3, 2026
3 checks passed
@lopadova lopadova deleted the task/h11-client-rotation-ui branch July 3, 2026 19:44

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 90bca0d4fc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

const res = await apiPost<Row>(`applications/${encodeURIComponent(appKey)}/rotate-secret`)
setNewSecret(asText(pick(res, ['client_secret'])))
toast.success('Secret rotated — the old one stays valid during the grace window.')
void load()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep the rotated secret visible if refresh fails

When the rotate POST has already succeeded, this immediate load() can still fail independently (for example a transient network/server error or session redirect). load() sets loading and then failed, and the render path returns null, so the one-time newSecret from the successful response disappears before the operator can copy it. Because that secret cannot be fetched again, keep the rotate response visible and refresh the status without hiding the credentials on a refresh failure.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

testE2E Run the end-to-end Playwright CI

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant