feat(gotrue): add custom OAuth providers admin API with custom_claims_allowlist#1519
Open
spydon wants to merge 7 commits into
Open
Conversation
…_allowlist Adds admin.customProviders with list/create/get/update/delete for custom OIDC/OAuth providers, mirroring supabase-js. The create, update, and read types carry the custom_claims_allowlist field for copying raw identity provider claims into the user's custom_claims.
…e enum name Moves the custom OAuth provider admin types out of types.dart into custom_oauth_provider.dart, and drops the redundant CustomProviderType.value in favour of the enum's built-in name.
…_claims_allowlist-to-custom-providers
Collaborator
|
I actually already vibe coded this api locally for a project right when the api came out 2 months ago, because I needed it for a project, but never took the time to polish it and create the pr 😅 |
Contributor
Author
Sounds like you're the perfect person to review this then 😁 |
Vinzent03
reviewed
Jul 4, 2026
…3-parityauth-add-custom_claims_allowlist-to-custom-providers
- Parse provider timestamps into DateTime instead of String - Use null-aware map elements in the params toJson methods - Document validation errors as AuthException with a validation_failed code
…h-add-custom_claims_allowlist-to-custom-providers' into lukasklingsbo/sdk-1173-parityauth-add-custom_claims_allowlist-to-custom-providers
Vinzent03
approved these changes
Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Implements the custom OAuth/OIDC providers admin API in gotrue, exposed as
client.auth.admin.customProviders, mirroring theadmin.customProvidersAPI in supabase-js (/admin/custom-providers). This is distinct from the existing OAuth 2.1 server clients API (admin.oauth).Resolves SDK-1173.
The parity issue asked to add
custom_claims_allowlistto the custom providers admin types, but that API did not exist in the Flutter SDK at all, so this adds the full surface including the field.Changes
GoTrueAdminCustomProvidersApiwithlistProviders({type}),createProvider,getProvider,updateProvider,deleteProvider.GoTrueAdminApiasadmin.customProviders.CustomProviderType,OIDCDiscoveryDocument,CustomOAuthProvider,CreateCustomProviderParams,UpdateCustomProviderParams.customClaimsAllowlist(serialized ascustom_claims_allowlist), an opt-in allowlist of raw identity provider claim keys copied verbatim into the user'scustom_claims. Optional, absent by default.Usage
Tests
custom_claims_allowlist(present, absent, empty) across the create/update/read types.Integration tests use OAuth2 providers (OIDC creation triggers a server-side discovery-document fetch, which would be network-dependent). They do not assert
customClaimsAllowlistround-trips through the server, since the auth image bundled with the pinned Supabase CLI accepts the field but does not yet echo it in responses; serialization is covered by the unit tests.