feat(auth): add method for updating OAuth client (#840)

* feat(auth): add method for updating OAuth client

- Fix documentation saying `browser` when it should be `client`
- Fix clientId defined as raw String when it should be `UUID`
- Fix types defined as enum when it should be made resilient and defined as a RawRepresentable struct

* feat: add public init for UpdateOAuthClientParams

* test: add test for update oauth client

* docs: fix spelling and grammar in updateClient documentation (#841)

* Initial plan

* docs: fix spelling and grammar in updateClient documentation

Co-authored-by: grdsdev <5923044+grdsdev@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: grdsdev <5923044+grdsdev@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

Sources/Auth/AuthAdminOAuth.swift

@@ -20,7 +20,7 @@ public struct AuthAdminOAuth: Sendable {
   /// Lists all OAuth clients with optional pagination.
   /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
   ///
-  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the browser.
+  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the client.
   public func listClients(
     params: PageParams? = nil
   ) async throws -> ListOAuthClientsPaginatedResponse {
@@ -71,7 +71,7 @@ public struct AuthAdminOAuth: Sendable {
   /// Creates a new OAuth client.
   /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
   ///
-  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the browser.
+  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the client.
   @discardableResult
   public func createClient(params: CreateOAuthClientParams) async throws -> OAuthClient {
     try await api.execute(
@@ -88,8 +88,8 @@ public struct AuthAdminOAuth: Sendable {
   /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
   ///
   /// - Parameter clientId: The unique identifier of the OAuth client.
-  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the browser.
-  public func getClient(clientId: String) async throws -> OAuthClient {
+  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the client.
+  public func getClient(clientId: UUID) async throws -> OAuthClient {
     try await api.execute(
       HTTPRequest(
         url: configuration.url.appendingPathComponent("admin/oauth/clients/\(clientId)"),
@@ -99,13 +99,33 @@ public struct AuthAdminOAuth: Sendable {
     .decoded(decoder: configuration.decoder)
   }
 
+  /// Updates an existing OAuth client registration. Only the provided fields will be updated.
+  /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+  ///
+  /// - Parameter clientId: The unique identifier of the OAuth client.
+  /// - Parameter params: The fields to update.
+  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the client.
+  public func updateClient(
+    clientId: UUID,
+    params: UpdateOAuthClientParams
+  ) async throws -> OAuthClient {
+    try await api.execute(
+      HTTPRequest(
+        url: configuration.url.appendingPathComponent("admin/oauth/clients/\(clientId)"),
+        method: .put,
+        body: configuration.encoder.encode(params)
+      )
+    )
+    .decoded(decoder: configuration.decoder)
+  }
+
   /// Deletes an OAuth client.
   /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
   ///
   /// - Parameter clientId: The unique identifier of the OAuth client to delete.
-  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the browser.
+  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the client.
   @discardableResult
-  public func deleteClient(clientId: String) async throws -> OAuthClient {
+  public func deleteClient(clientId: UUID) async throws -> OAuthClient {
     try await api.execute(
       HTTPRequest(
         url: configuration.url.appendingPathComponent("admin/oauth/clients/\(clientId)"),
@@ -119,9 +139,9 @@ public struct AuthAdminOAuth: Sendable {
   /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
   ///
   /// - Parameter clientId: The unique identifier of the OAuth client.
-  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the browser.
+  /// - Note: This function should only be called on a server. Never expose your `service_role` key in the client.
   @discardableResult
-  public func regenerateClientSecret(clientId: String) async throws -> OAuthClient {
+  public func regenerateClientSecret(clientId: UUID) async throws -> OAuthClient {
     try await api.execute(
       HTTPRequest(
         url: configuration.url

Sources/Auth/Types.swift

@@ -1032,36 +1032,74 @@ public struct ListUsersPaginatedResponse: Hashable, Sendable {
 
 /// OAuth client grant types supported by the OAuth 2.1 server.
 /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
-public enum OAuthClientGrantType: String, Codable, Hashable, Sendable {
-  case authorizationCode = "authorization_code"
-  case refreshToken = "refresh_token"
+public struct OAuthClientGrantType: RawRepresentable, Codable, Hashable, Sendable,
+  ExpressibleByStringLiteral
+{
+  public let rawValue: String
+  public init(rawValue: String) {
+    self.rawValue = rawValue
+  }
+  public init(stringLiteral value: String) {
+    self.init(rawValue: value)
+  }
+
+  public static let authorizationCode: OAuthClientGrantType = "authorization_code"
+  public static let refreshToken: OAuthClientGrantType = "refresh_token"
 }
 
 /// OAuth client response types supported by the OAuth 2.1 server.
 /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
-public enum OAuthClientResponseType: String, Codable, Hashable, Sendable {
-  case code
+public struct OAuthClientResponseType: RawRepresentable, Codable, Hashable, Sendable,
+  ExpressibleByStringLiteral
+{
+  public let rawValue: String
+  public init(rawValue: String) {
+    self.rawValue = rawValue
+  }
+  public init(stringLiteral value: String) {
+    self.init(rawValue: value)
+  }
+
+  public static let code: OAuthClientResponseType = "code"
 }
 
 /// OAuth client type indicating whether the client can keep credentials confidential.
 /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
-public enum OAuthClientType: String, Codable, Hashable, Sendable {
-  case `public`
-  case confidential
+public struct OAuthClientType: RawRepresentable, Codable, Hashable, Sendable,
+  ExpressibleByStringLiteral
+{
+  public let rawValue: String
+  public init(rawValue: String) {
+    self.rawValue = rawValue
+  }
+  public init(stringLiteral value: String) {
+    self.init(rawValue: value)
+  }
+  public static let `public`: OAuthClientType = "public"
+  public static let confidential: OAuthClientType = "confidential"
 }
 
 /// OAuth client registration type.
 /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
-public enum OAuthClientRegistrationType: String, Codable, Hashable, Sendable {
-  case dynamic
-  case manual
+public struct OAuthClientRegistrationType: RawRepresentable, Codable, Hashable, Sendable,
+  ExpressibleByStringLiteral
+{
+  public let rawValue: String
+  public init(rawValue: String) {
+    self.rawValue = rawValue
+  }
+  public init(stringLiteral value: String) {
+    self.init(rawValue: value)
+  }
+  public static let dynamic: OAuthClientRegistrationType = "dynamic"
+  public static let manual: OAuthClientRegistrationType = "manual"
 }
 
 /// OAuth client object returned from the OAuth 2.1 server.
 /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
 public struct OAuthClient: Codable, Hashable, Sendable {
   /// Unique identifier for the OAuth client
-  public let clientId: String
+  public let clientId: UUID
   /// Human-readable name of the OAuth client
   public let clientName: String
   /// Client secret (only returned on registration and regeneration)
@@ -1074,6 +1112,8 @@ public struct OAuthClient: Codable, Hashable, Sendable {
   public let registrationType: OAuthClientRegistrationType
   /// URI of the OAuth client
   public let clientUri: String?
+  /// URL of the client application's logo
+  public let logoUri: String?
   /// Array of allowed redirect URIs
   public let redirectUris: [String]
   /// Array of allowed grant types
@@ -1121,6 +1161,35 @@ public struct CreateOAuthClientParams: Encodable, Hashable, Sendable {
   }
 }
 
+/// Parameters for updating an existing OAuth client.
+/// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+public struct UpdateOAuthClientParams: Encodable, Hashable, Sendable {
+  /// Human-readable name of the client application
+  public let clientName: String?
+  /// URL of the client application's homepage
+  public let clientUri: String?
+  /// URL of the client application's logo
+  public let logoUri: String?
+  /// Array of redirect URIs used by the client
+  public let redirectUris: [String]?
+  /// OAuth grant types the client is authorized to use
+  public let grantTypes: [OAuthClientGrantType]?
+
+  public init(
+    clientName: String? = nil,
+    clientUri: String? = nil,
+    logoUri: String? = nil,
+    redirectUris: [String]? = nil,
+    grantTypes: [OAuthClientGrantType]? = nil
+  ) {
+    self.clientName = clientName
+    self.clientUri = clientUri
+    self.logoUri = logoUri
+    self.redirectUris = redirectUris
+    self.grantTypes = grantTypes
+  }
+}
+
 /// Response type for listing OAuth clients.
 /// Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
 public struct ListOAuthClientsPaginatedResponse: Hashable, Sendable {