feat(ids-api): Default scopes for clients

[magnearun]

What

Adds phone, email and address as default scopes when creating clients

Adds migration that inserts these default scopes for existing clients

Why

These scopes should be granted by default

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features
  • Introduced default scopes ('email', 'address', 'phone') for specific client types, enhancing client scope management.
  • Expanded scope assignments for web and native client types in the admin service.

[coderabbitai]

Walkthrough

This pull request introduces a migration that adds default scopes to the client_allowed_scope table for specific client types in the database. The migration checks for existing client scopes and performs a bulk insert of new default scopes if necessary. The down method is defined but does not implement rollback logic, indicating that the migration is not intended to be reversible.

Changes

File	Change Summary
libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js	Added up and down methods for migration, implementing logic to insert default scopes for specific client types.

Possibly related PRs

• feat(native-app): Add optional scopes #14863: This PR modifies the logic for checking required scopes in the authentication process, which may relate to the default scopes being added in the main PR.
• feat(services-auth-api): Create scope for passkeys #15291: This PR introduces a new scope for passkeys, which could be relevant as it involves scope management similar to the default scopes being added in the main PR.
• chore(ids-auth-api): Change handling of alsoForDelegatedUser in createScope helper #16046: This PR includes a migration script that modifies scope handling, which is directly related to the changes in the main PR regarding scope management in the database.
• feat(ids-api): Filter out accessControlled scopes #16175: This PR filters out access-controlled scopes, which may connect to the management of scopes being added in the main PR.

Suggested labels

automerge

Suggested reviewers

• Herdismaria
• oskarjs

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (2)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (2)

1-1: Remove redundant 'use strict' directive

The 'use strict' directive is unnecessary in JavaScript modules as they are automatically in strict mode. Consider removing this line to adhere to modern JavaScript best practices.

Apply this change:

-'use strict';

🧰 Tools

🪛 Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

35-40: Consider implementing a rollback method

While it may not be necessary to remove the default scopes, it's generally a good practice to provide rollback functionality in migrations. This allows for more flexibility in managing database states and can be crucial for testing or recovering from failed deployments.

Consider implementing a down method that removes the default scopes added by this migration. Here's a potential implementation:

async down (queryInterface, Sequelize) {
  const defaultScopes = ['email', 'address', 'phone'];
  const clients = await queryInterface.sequelize.query(
    'SELECT "client_id" FROM "client" WHERE "client_type" IN (:clientTypes);',
    {
      type: queryInterface.sequelize.QueryTypes.SELECT,
      replacements: { clientTypes: ['web', 'native', 'spa'] }
    }
  );
  const clientIds = clients.map(client => client.client_id);

  if (clientIds.length) {
    await queryInterface.sequelize.query(
      'DELETE FROM "client_allowed_scope" WHERE "client_id" IN (:clientIds) AND "scope_name" IN (:scopes)',
      {
        replacements: { clientIds, scopes: defaultScopes }
      }
    );
  }
}

This implementation would remove the default scopes added by the up method, providing a way to revert the changes if necessary.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 52288e6 and a2ea02c.

📒 Files selected for processing (2)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)
• libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

🔇 Additional comments (3)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (2)

12-17: LGTM: Efficient retrieval of existing scopes

The query to fetch existing scopes is well-structured and uses parameterized input. The use of a Set for lookup is an efficient approach for checking existing scopes.

---

32-32: LGTM: Efficient bulk insert of new scopes

The use of bulkInsert is an efficient way to insert multiple rows at once. This approach is suitable for potentially large datasets and helps minimize database round-trips.

libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (1)

634-646: Approve changes with suggestions for improvement

The implementation correctly adds the new default scopes (email, phone, and address) for web and native client types, aligning with the PR objectives. However, consider the following improvements:

1. Fix the indentation of the new code block to match the rest of the file.
2. Add a comment explaining the rationale behind adding these specific scopes by default.

Here's a suggested revision with improved formatting and a comment:

 switch (client.clientType) {
   case ClientType.web:
   case ClientType.native:
-        scopes.push(...[{
-          clientId: client.clientId,
-          scopeName: 'profile',
-        }, {
-          clientId: client.clientId,
-          scopeName: 'email',
-        }, {
-          clientId: client.clientId,
-          scopeName: 'phone',
-        }, {
-          clientId: client.clientId,
-          scopeName: 'address',
-        }])
+        // Add default scopes for web and native clients to ensure
+        // access to essential user information
+        scopes.push(
+          ...[
+            { clientId: client.clientId, scopeName: 'profile' },
+            { clientId: client.clientId, scopeName: 'email' },
+            { clientId: client.clientId, scopeName: 'phone' },
+            { clientId: client.clientId, scopeName: 'address' },
+          ]
+        )
 }

Is a database migration planned to add these new default scopes for existing web and native clients? If not, consider creating one to ensure consistency across all clients.

[datadog-island-is]

Datadog Report

All test runs 32300e3 🔗

✅ 13 Total Test Services: 0 Failed, 13 Passed
⬆️ Test Sessions change in coverage: 1 increased (+0.02%), 27 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
api	0	0	0	4	0	2.43s	1 no change	Link
api-domains-auth-admin	0	0	0	18	0	9.97s	1 no change	Link
application-system-api	0	0	0	120	2	3m 20.53s	1 no change	Link
application-template-api-modules	0	0	0	123	0	2m 2.51s	1 no change	Link
auth-api-lib	0	0	0	20	0	28.93s	1 no change	Link
services-auth-admin-api	0	0	0	130	0	3m 10.03s	1 no change	Link
services-auth-delegation-api	0	0	0	262	0	2m 46.65s	1 no change	Link
services-auth-ids-api	0	0	0	152	0	1m 0.75s	1 no change	Link
services-auth-personal-representative	0	0	0	59	0	1m 18.08s	1 no change	Link
services-auth-personal-representative-public	0	0	0	10	0	27.59s	1 no change	Link

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

1-3: Remove redundant 'use strict' directive

The 'use strict' directive on line 1 is redundant in ES modules, as they are always in strict mode. Consider removing this line to improve code cleanliness.

Apply this change:

-'use strict'

 module.exports = {

🧰 Tools

🪛 Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between a2ea02c and 6431c0b.

📒 Files selected for processing (2)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)
• libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• libs/auth-api-lib/src/lib/clients/admin/admin-clients.service.ts

🧰 Additional context used

📓 Path-based instructions (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

🔇 Additional comments (2)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (2)

4-45: LGTM: Well-implemented migration logic

The up method is well-structured and follows good practices:

• It uses parameterized queries for security.
• It efficiently retrieves and processes data.
• It includes early returns to avoid unnecessary processing.

Good job on the implementation!

---

47-52: LGTM: Appropriate handling of down migration

The down method is intentionally left empty with a clear comment explaining that no rollback is needed. This is an acceptable approach when the migration doesn't require reversal.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.61%. Comparing base (304f753) to head (b768f5b).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16476      +/-   ##
==========================================
+ Coverage   36.53%   36.61%   +0.07%     
==========================================
  Files        6888     6877      -11     
  Lines      143642   143058     -584     
  Branches    40926    40723     -203     
==========================================
- Hits        52483    52384      -99     
+ Misses      91159    90674     -485     

Flag	Coverage Δ
api	3.35% <ø> (ø)
api-domains-auth-admin	48.48% <ø> (ø)
application-system-api	41.12% <ø> (ø)
application-template-api-modules	27.68% <ø> (+<0.01%)	⬆️
services-auth-admin-api	52.46% <100.00%> (ø)
services-auth-delegation-api	58.19% <0.00%> (ø)
services-auth-ids-api	52.05% <0.00%> (-0.01%)	⬇️
services-auth-personal-representative	45.56% <0.00%> (ø)
services-auth-personal-representative-public	41.71% <0.00%> (-0.04%)	⬇️
services-auth-public-api	49.56% <0.00%> (ø)
services-user-notification	46.84% <ø> (ø)
services-user-profile	61.83% <ø> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...lib/src/lib/clients/admin/admin-clients.service.ts	86.86% <100.00%> (ø)

... and 31 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e298ae4...b768f5b. Read the comment docs.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (2)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (2)

6-12: Add documentation for client type filtering

Consider adding a comment explaining why only 'web', 'native', and 'spa' client types are selected for default scopes.

+    // Only web, native, and spa clients should receive default scopes
     const clients = await queryInterface.sequelize.query(

---

50-55: Improve documentation for empty down method

While it's intentional to not implement rollback, the comment should explain why removing default scopes would be undesirable.

   async down(queryInterface, Sequelize) {
-    /**
-     * There is no need to go back
-     *
-     */
+    /**
+     * Rollback is not implemented as removing default scopes could break
+     * existing client functionality that depends on these permissions.
+     */
   },

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6431c0b and 34a1e24.

📒 Files selected for processing (1)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

🔇 Additional comments (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

19-29: LGTM! Efficient implementation using Set for lookups

The use of Set with composite keys provides efficient lookup capabilities, and the query is properly parameterized.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 34a1e24 and 04b30fb.

📒 Files selected for processing (1)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

49-53: Enhance error logging for better debugging

While error handling is implemented correctly, adding detailed error logging would help with debugging production issues.

 } catch (err) {
+  console.error('Failed to add default scopes:', {
+    error: err.message,
+    stack: err.stack,
+    migration: '20241018150418-add-default-scopes-to-client-allowed-scope-table'
+  })
   await transaction.rollback()
   throw err
 }

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 04b30fb and 4ef0040.

📒 Files selected for processing (1)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

🔇 Additional comments (2)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (2)

1-1: Remove redundant 'use strict' directive

The 'use strict' directive is unnecessary as JavaScript modules are automatically in strict mode.

-'use strict'

🧰 Tools

🪛 Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

37-43: Consider batch processing for large datasets

For better memory management with large datasets, consider processing clients in batches.

-for (const clientId of clientIds) {
+const BATCH_SIZE = 1000;
+for (let i = 0; i < clientIds.length; i += BATCH_SIZE) {
+  const batchClientIds = clientIds.slice(i, i + BATCH_SIZE);
+  for (const clientId of batchClientIds) {
     rows.push(
       ...DEFAULT_SCOPES
         .filter((scope) => {
           return !existingScopesLookup.has(`${clientId}-${scope}`)
         })
         .map((scope) => ({ client_id: clientId, scope_name: scope })),
     )
+  }
 }

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (3)

49-51: Add logging for affected rows

Consider adding logging to track the number of scopes added, which would be helpful for monitoring and verification.

       await queryInterface.bulkInsert('client_allowed_scope', rows, {
         transaction,
       })
+      console.log(`Added ${rows.length} default scopes to ${new Set(rows.map(r => r.client_id)).size} clients`)

---

52-55: Use more descriptive error variable name

Rename 'err' to 'error' for better clarity and consistency with JavaScript conventions.

-    } catch (err) {
+    } catch (error) {
       await transaction.rollback()
-      throw err
+      throw error
     }

---

58-63: Document the rationale for skipping down migration

While the comment indicates there's no need to go back, it would be helpful to document the reasoning behind this decision. Consider adding a more detailed comment explaining why rolling back these default scopes is not necessary or desirable.

 async down(queryInterface, Sequelize) {
   /**
-   * There is no need to go back
-   *
-   */
+   * Down migration is intentionally not implemented because:
+   * 1. These scopes are considered fundamental to client functionality
+   * 2. Removing them could break existing client integrations
+   * 3. The change is considered forward-only
+   */
 },

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 4ef0040 and 9de3f7a.

📒 Files selected for processing (1)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

49-51: Add logging for migration progress

Consider adding logging statements to track the migration progress:

 await queryInterface.bulkInsert('client_allowed_scope', rows, {
   transaction,
 })
+console.log(`Successfully inserted ${rows.length} new scope entries for ${clientIds.length} clients`);

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 9de3f7a and a46f346.

📒 Files selected for processing (1)

• libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🪛 Biome

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

🔇 Additional comments (1)

libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js (1)

59-64: Verify the decision to skip down migration

The comment suggests that rollback is not needed. However, please confirm if this aligns with your team's migration strategy. Consider:

1. What happens if the feature needs to be rolled back?
2. How would you handle scope removal if needed in the future?

✅ Verification successful

Empty down migration is appropriate in this case

The up migration only adds default scopes ('email', 'address', 'phone') to existing clients of specific types. Implementing a down migration is unnecessary because:

1. The migration is additive and only affects new default scopes
2. These scopes are fundamental to client operation and removing them could break existing functionality
3. If scope removal is needed in the future, it should be handled through a new forward migration with proper business logic

The decision to skip the down migration aligns with best practices for migrations that introduce essential default data.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if there are other migrations that implement scope removal
rg -l "DELETE.*FROM.*client_allowed_scope" libs/auth-api-lib/migrations/

Length of output: 74

---

Script:

#!/bin/bash
# Let's examine the up migration to understand what changes are being made
cat libs/auth-api-lib/migrations/20241018150418-add-default-scopes-to-client-allowed-scope-table.js

# Check for any other migrations related to client_allowed_scope table
rg -l "client_allowed_scope" libs/auth-api-lib/migrations/

# Check if there are any migrations with similar scope-related operations
rg -l "scope" libs/auth-api-lib/migrations/

Length of output: 4905

[GunnlaugurG]

Look into adding ClientType.spa to the defaultClientScopes switch case.. Otherwise LGTM

[magnearun]

@GunnlaugurG I checked with Eiki, we are no longer creating spa clients, that is the reason the type is not in the switch case.

[GunnlaugurG]

Lgtm