OIDC app creation with encrypted secrets and application roles

test/fixtures/applications.yml

@@ -1,21 +1,26 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 
-one:
-  name: MyString
-  slug: MyString
-  app_type: MyString
-  client_id: MyString
-  client_secret: MyString
-  redirect_uris: MyText
-  metadata: MyText
-  active: false
+<% require 'bcrypt' %>
 
-two:
-  name: MyString
-  slug: MyString
-  app_type: MyString
-  client_id: MyString
-  client_secret: MyString
-  redirect_uris: MyText
-  metadata: MyText
-  active: false
+kavita_app:
+  name: Kavita Reader
+  slug: kavita-reader
+  app_type: oidc
+  client_id: <%= SecureRandom.urlsafe_base64(32) %>
+  client_secret_digest: <%= BCrypt::Password.create(SecureRandom.urlsafe_base64(48)) %>
+  redirect_uris: |
+    https://kavita.example.com/signin-oidc
+    https://kavita.example.com/signout-callback-oidc
+  metadata: "{}"
+  active: true
+
+another_app:
+  name: Another App
+  slug: another-app
+  app_type: oidc
+  client_id: <%= SecureRandom.urlsafe_base64(32) %>
+  client_secret_digest: <%= BCrypt::Password.create(SecureRandom.urlsafe_base64(48)) %>
+  redirect_uris: |
+    https://app.example.com/auth/callback
+  metadata: "{}"
+  active: true

test/fixtures/groups.yml

@@ -1,9 +1,9 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 
-one:
-  name: MyString
-  description: MyText
+admin_group:
+  name: Administrators
+  description: System administrators with full access
 
-two:
-  name: MyString
-  description: MyText
+editor_group:
+  name: Editors
+  description: Content editors with limited access

test/fixtures/oidc_access_tokens.yml

@@ -1,15 +1,15 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 
 one:
-  token: MyString
-  application: one
-  user: one
-  scope: MyString
-  expires_at: 2025-10-23 16:40:39
+  token: <%= SecureRandom.urlsafe_base64(32) %>
+  application: kavita_app
+  user: alice
+  scope: "openid profile email"
+  expires_at: 2025-12-31 23:59:59
 
 two:
-  token: MyString
-  application: two
-  user: two
-  scope: MyString
-  expires_at: 2025-10-23 16:40:39
+  token: <%= SecureRandom.urlsafe_base64(32) %>
+  application: another_app
+  user: bob
+  scope: "openid profile email"
+  expires_at: 2025-12-31 23:59:59

test/fixtures/oidc_authorization_codes.yml

@@ -1,19 +1,19 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 
 one:
-  code: MyString
-  application: one
-  user: one
-  redirect_uri: MyString
-  scope: MyString
-  expires_at: 2025-10-23 16:40:38
+  code: <%= SecureRandom.urlsafe_base64(32) %>
+  application: kavita_app
+  user: alice
+  redirect_uri: "https://kavita.example.com/signin-oidc"
+  scope: "openid profile email"
+  expires_at: 2025-12-31 23:59:59
   used: false
 
 two:
-  code: MyString
-  application: two
-  user: two
-  redirect_uri: MyString
-  scope: MyString
-  expires_at: 2025-10-23 16:40:38
+  code: <%= SecureRandom.urlsafe_base64(32) %>
+  application: another_app
+  user: bob
+  redirect_uri: "https://app.example.com/auth/callback"
+  scope: "openid profile email"
+  expires_at: 2025-12-31 23:59:59
   used: false

test/fixtures/users.yml

@@ -1,9 +1,13 @@
 <% password_digest = BCrypt::Password.create("password") %>
 
-one:
-  email_address: one@example.com
+alice:
+  email_address: alice@example.com
   password_digest: <%= password_digest %>
+  admin: true
+  status: 0 # active
 
-two:
-  email_address: two@example.com
+bob:
+  email_address: bob@example.com
   password_digest: <%= password_digest %>
+  admin: false
+  status: 0 # active