Skip to content

feat(admin): add OAuth scopes management page#20660

Draft
nshirley wants to merge 1 commit into
mainfrom
FXA-13786
Draft

feat(admin): add OAuth scopes management page#20660
nshirley wants to merge 1 commit into
mainfrom
FXA-13786

Conversation

@nshirley
Copy link
Copy Markdown
Contributor

@nshirley nshirley commented May 28, 2026

Because:

  • fxa_oauth.scopes is only seeded from the OAUTH_SCOPES env var at auth-server boot, so there is no way to add or remove a scope in deployed (k8s) environments without a redeploy.
  • Downstream work needs to reference scope rows by a stable numeric id and accept arbitrary scope values (including the empty string).

This commit:

  • Adds patch-036-037.sql: replaces the scope PRIMARY KEY with an AUTO_INCREMENT id, keeping scope as a UNIQUE index so grant-time lookups are unchanged.
  • Adds the Scope model (fxa-shared) and an OAuthScopesController at /api/oauth-scopes: GET (list), POST (create), DELETE :id. Create validates body shape and the 128-char limit, accepts any string, and maps ER_DUP_ENTRY to 409; delete returns 404 when missing.
  • Adds OAuthScopes (view), CreateOAuthScope, and DeleteOAuthScope AdminPanelFeatures, gating create/delete to Admin and view to Support (mirrors the WafTokens split).
  • Adds PageOAuthScopes (list, create form, per-row delete behind a confirm dialog and warning banner) plus Nav and route wiring.

Closes FXA-13786

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).
  • I have manually reviewed all AI generated code. (still self reviewing! Will mark as such when done)

How to review (Optional)

  • Key files/areas to focus on:
  • Suggested review order:
  • Risky or complex parts:

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

Any other information that is important to this pull request.

@nshirley
feat(admin): add OAuth scopes management page
123465b 
Because:
- fxa_oauth.scopes is only seeded from the OAUTH_SCOPES env var at
  auth-server boot, so there is no way to add or remove a scope in
  deployed (k8s) environments without a redeploy.
- Downstream work needs to reference scope rows by a stable numeric
  id and accept arbitrary scope values (including the empty string).

This commit:
- Adds patch-036-037.sql: replaces the `scope` PRIMARY KEY with an
  AUTO_INCREMENT `id`, keeping `scope` as a UNIQUE index so grant-time
  lookups are unchanged.
- Adds the Scope model (fxa-shared) and an OAuthScopesController at
  /api/oauth-scopes: GET (list), POST (create), DELETE :id. Create
  validates body shape and the 128-char limit, accepts any string,
  and maps ER_DUP_ENTRY to 409; delete returns 404 when missing.
- Adds OAuthScopes (view), CreateOAuthScope, and DeleteOAuthScope
  AdminPanelFeatures, gating create/delete to Admin and view to
  Support (mirrors the WafTokens split).
- Adds PageOAuthScopes (list, create form, per-row delete behind a
  confirm dialog and warning banner) plus Nav and route wiring.

Closes FXA-13786
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nshirley