Added OIDC client CORS attributes

gatehouse_app/api/v1/organizations/clients.py

@@ -7,6 +7,7 @@ from gatehouse_app.utils.decorators import login_required, require_admin, full_a
 from gatehouse_app.extensions import db, bcrypt
 from gatehouse_app.utils.constants import AuditAction
 from gatehouse_app.services.audit_service import AuditService
+from gatehouse_app.utils.validators import validate_cors_origins
 
 
 @api_v1_bp.route("/organizations/<org_id>/clients", methods=["GET"])
@@ -63,6 +64,11 @@ def create_org_client(org_id):
     if not redirect_uris:
         return api_response(success=False, message="At least one redirect URI is required", status=400, error_type="VALIDATION_ERROR")
 
+    cors_origins_raw = data.get("allowed_cors_origins")
+    cors_origins, cors_error = validate_cors_origins(cors_origins_raw)
+    if cors_error:
+        return api_response(success=False, message=cors_error, status=400, error_type="VALIDATION_ERROR")
+
     client_id = _secrets.token_hex(16)
     client_secret = _secrets.token_urlsafe(32)
 
@@ -75,6 +81,7 @@ def create_org_client(org_id):
         grant_types=["authorization_code", "refresh_token"],
         response_types=["code"],
         scopes=["openid", "profile", "email"],
+        allowed_cors_origins=cors_origins,
         is_active=True,
         is_confidential=True,
     )
@@ -99,6 +106,7 @@ def create_org_client(org_id):
                 "client_secret": client_secret,
                 "redirect_uris": client.redirect_uris,
                 "scopes": client.scopes,
+                "allowed_cors_origins": client.allowed_cors_origins,
                 "created_at": client.created_at.isoformat() + "Z",
             }
         },
@@ -135,6 +143,12 @@ def update_org_client(org_id, client_id):
             return api_response(success=False, message="At least one redirect URI is required", status=400, error_type="VALIDATION_ERROR")
         client.redirect_uris = uris
 
+    if "allowed_cors_origins" in data:
+        cors_origins, cors_error = validate_cors_origins(data["allowed_cors_origins"])
+        if cors_error:
+            return api_response(success=False, message=cors_error, status=400, error_type="VALIDATION_ERROR")
+        client.allowed_cors_origins = cors_origins
+
     db.session.commit()
 
     AuditService.log_action(
@@ -155,6 +169,7 @@ def update_org_client(org_id, client_id):
                 "redirect_uris": client.redirect_uris,
                 "scopes": client.scopes,
                 "grant_types": client.grant_types,
+                "allowed_cors_origins": client.allowed_cors_origins,
                 "is_active": client.is_active,
                 "created_at": client.created_at.isoformat() + "Z",
             }