Skip to content

feat: track authorizations with OAuth #28105

Description

@supalarry

Problem

We don't track when someone authorizes using continue with Cal.com

Solution

  1. Add users to OAuthClient model and each time someone authorizes using that client we track that in database similar like we do with PlatformOAuthClient.
  2. Update OAuth client card to have "users" button that takes to OAuth users page settings/developer/oauth/:clientId/users that fetches all oauth users and displays them and also displays total count of them. Display user name, email and when they authorized and refreshed tokens (to know if user is active).

Implementation

  1. In schema.prisma‎ create a new table OAuthAuthorization that tracks each time user authorizes an OAuth client. We could have added users: User[] to OAuthClient model, but having this table allows us to track current scopes authorized, when authorization happened and last time tokens were refreshed to know if user is active or not.
    1. Relations:
      1. The User table has oAuthAuthorizations OAuthAuthorization[] allowing to know what OAuth clients has each user authorized. Each user has only 1 authorization entry per OAuth client meaning that if they re-authorize we track the last scopes they have authorized. If we had multiple entries then it would be hard to display oauth users.
      2. And each OAuthClient has authorizations OAuthAuthorization[] to know which users have authorized using it.
    2. Code populating database:
      1. The new repository OAuthAuthorizationRepository.ts‎ is used to upsert a new entry and update last refreshed at.
      2. OAuthService.ts upserts a new entry when creating authorization code and updates refreshed at date when refreshing tokens.
  2. Frontend has been refactored to show "Users" button and "Settings" button:

Screenshot 2026-03-09 at 13.23.38.png

when "Users" button is clicked we display OAuth client users:

Screenshot 2026-03-09 at 13.23.48.png

in the future if we want we can also display scopes that user has authorized.

The code for this component is in oauth-client-users-view.tsx and it calls the new handler

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions