feat: allow custom client IDs (#864)

backend/internal/dto/oidc_dto.go

@@ -29,7 +29,7 @@ type OidcClientWithAllowedGroupsCountDto struct {
 	AllowedUserGroupsCount int64 `json:"allowedUserGroupsCount"`
 }
 
-type OidcClientCreateDto struct {
+type OidcClientUpdateDto struct {
 	Name                     string                   `json:"name" binding:"required,max=50" unorm:"nfc"`
 	CallbackURLs             []string                 `json:"callbackURLs"`
 	LogoutCallbackURLs       []string                 `json:"logoutCallbackURLs"`
@@ -40,6 +40,11 @@ type OidcClientCreateDto struct {
 	LaunchURL                *string                  `json:"launchURL" binding:"omitempty,url"`
 }
 
+type OidcClientCreateDto struct {
+	OidcClientUpdateDto
+	ID string `json:"id" binding:"omitempty,client_id,min=2,max=128"`
+}
+
 type OidcClientCredentialsDto struct {
 	FederatedIdentities []OidcClientFederatedIdentityDto `json:"federatedIdentities,omitempty"`
 }

backend/internal/dto/validations.go

@@ -18,6 +18,8 @@ func init() {
 	// [a-zA-Z0-9]$     : The username must end with an alphanumeric character
 	var validateUsernameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.@-]*[a-zA-Z0-9]$")
 
+	var validateClientIDRegex = regexp.MustCompile("^[a-zA-Z0-9._-]+$")
+
 	// Maximum allowed value for TTLs
 	const maxTTL = 31 * 24 * time.Hour
 
@@ -28,6 +30,14 @@ func init() {
 	if err != nil {
 		panic("Failed to register custom validation for username: " + err.Error())
 	}
+
+	err = v.RegisterValidation("client_id", func(fl validator.FieldLevel) bool {
+		return validateClientIDRegex.MatchString(fl.Field().String())
+	})
+	if err != nil {
+		panic("Failed to register custom validation for client_id: " + err.Error())
+	}
+
 	err = v.RegisterValidation("ttl", func(fl validator.FieldLevel) bool {
 		ttl, ok := fl.Field().Interface().(utils.JSONDuration)
 		if !ok {