Merge pull request #328 from authorizerdev/feat/add-microsoft-login

feat: add microsoft login

.github/workflows/release.yaml

@@ -2,36 +2,44 @@ on:
   workflow_dispatch:
     inputs:
       logLevel:
-        description: 'Log level'     
+        description: 'Log level'
         required: true
-        default: 'warning' 
+        default: 'warning'
         type: choice
         options:
-        - info
-        - warning
-        - debug 
+          - info
+          - warning
+          - debug
       tags:
         description: 'Tags'
-        required: false 
+        required: false
         type: boolean
   release:
     types: [created]
 
 jobs:
   releases:
-    name: Release Authorizer Binary
+    name: Release Authorizer
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v2
         with:
           node-version: '16'
+      - # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: linux/amd64,linux/arm64
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.17.3'
+          go-version: '^1.19.1'
       - name: Install dependencies
         run: |
-          sudo apt-get install build-essential wget zip gcc-mingw-w64 && \
+          sudo apt-get install build-essential wget zip  libc6-dev-arm64-cross && \
           echo "/usr/bin/x86_64-w64-mingw32-gcc" >> GITHUB_PATH && \
           wget --no-check-certificate --progress=dot:mega https://github.com/wangyoucao577/assets-uploader/releases/download/v0.3.0/github-assets-uploader-v0.3.0-linux-amd64.tar.gz -O github-assets-uploader.tar.gz && \
           tar -zxf github-assets-uploader.tar.gz && \
@@ -44,25 +52,26 @@ jobs:
         run: whereis go
       - name: Print Go Version
         run: go version
+      - name: Install gox
+        run: go install github.com/mitchellh/gox@latest
       - name: Set VERSION env
         run: echo VERSION=$(basename ${GITHUB_REF}) >> ${GITHUB_ENV}
       - name: Copy .env file
         run: mv .env.sample .env
-      - name: Package files for windows
+      - name: Build package
         run: |
           make clean && \
-          CGO_ENABLED=1 GOOS=windows CC=/usr/bin/x86_64-w64-mingw32-gcc make && \
-          mv build/server build/server.exe && \
-          zip -vr authorizer-${VERSION}-windows-amd64.zip .env app/build build templates dashboard/build
-      - name: Package files for linux
-        run: |
-          make clean && \
-          CGO_ENABLED=1 make && \
-          tar cvfz authorizer-${VERSION}-linux-amd64.tar.gz .env app/build build templates dashboard/build
+          make build && \
+          mkdir -p authorizer-${VERSION}-darwin-amd64/build authorizer-${VERSION}-darwin-amd64/app authorizer-${VERSION}-darwin-amd64/dashboard && cp build/darwin/amd64/server authorizer-${VERSION}-darwin-amd64/build/ && cp .env authorizer-${VERSION}-darwin-amd64/.env && cp -rf app/build authorizer-${VERSION}-darwin-amd64/app/build && cp -rf templates authorizer-${VERSION}-darwin-amd64/ && cp -rf dashboard/build authorizer-${VERSION}-darwin-amd64/dashboard/build && tar cvfz authorizer-${VERSION}-darwin-amd64.tar.gz authorizer-${VERSION}-darwin-amd64 && \
+          mkdir -p authorizer-${VERSION}-linux-amd64/build authorizer-${VERSION}-linux-amd64/app authorizer-${VERSION}-linux-amd64/dashboard && cp build/linux/amd64/server authorizer-${VERSION}-linux-amd64/build/ && cp .env authorizer-${VERSION}-linux-amd64/.env && cp -rf app/build authorizer-${VERSION}-linux-amd64/app/build && cp -rf templates authorizer-${VERSION}-linux-amd64/ && cp -rf dashboard/build authorizer-${VERSION}-linux-amd64/dashboard/build && tar cvfz authorizer-${VERSION}-linux-amd64.tar.gz authorizer-${VERSION}-linux-amd64 && \
+          mkdir -p authorizer-${VERSION}-linux-arm64/build authorizer-${VERSION}-linux-arm64/app authorizer-${VERSION}-linux-arm64/dashboard && cp build/linux/arm64/server authorizer-${VERSION}-linux-arm64/build/ && cp .env authorizer-${VERSION}-linux-arm64/.env && cp -rf app/build authorizer-${VERSION}-linux-arm64/app/build && cp -rf templates authorizer-${VERSION}-linux-arm64/ && cp -rf dashboard/build authorizer-${VERSION}-linux-arm64/dashboard/build && tar cvfz authorizer-${VERSION}-linux-arm64.tar.gz authorizer-${VERSION}-linux-arm64 && \
+          mkdir -p authorizer-${VERSION}-windows-amd64/build authorizer-${VERSION}-windows-amd64/app authorizer-${VERSION}-windows-amd64/dashboard && cp build/windows/amd64/server.exe authorizer-${VERSION}-windows-amd64/build/ && cp .env authorizer-${VERSION}-windows-amd64/.env && cp -rf app/build authorizer-${VERSION}-windows-amd64/app/build && cp -rf templates authorizer-${VERSION}-windows-amd64/ && cp -rf dashboard/build authorizer-${VERSION}-windows-amd64/dashboard/build && zip -vr authorizer-${VERSION}-windows-amd64.zip authorizer-${VERSION}-windows-amd64
       - name: Upload assets
         run: |
-          github-assets-uploader -f authorizer-${VERSION}-windows-amd64.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION} && \
+          github-assets-uploader -f authorizer-${VERSION}-darwin-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
           github-assets-uploader -f authorizer-${VERSION}-linux-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
+          github-assets-uploader -f authorizer-${VERSION}-linux-arm64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
+          github-assets-uploader -f authorizer-${VERSION}-windows-amd64.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
         with:
@@ -74,6 +83,11 @@ jobs:
         uses: docker/metadata-action@v3
         with:
           images: lakhansamani/authorizer
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v2
@@ -82,5 +96,6 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
           build-args: |
             VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}

.gitignore

@@ -15,4 +15,6 @@ test.db
 .vscode/
 .yalc
 yalc.lock
-certs/
+certs/
+*-shm
+*-wal

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.19.1-alpine as go-builder
+FROM golang:1.19.5-alpine as go-builder
 WORKDIR /authorizer
 COPY server server
 COPY Makefile .

Makefile

@@ -3,6 +3,12 @@ VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 
 cmd:
 	cd server && go build -ldflags "-w -X main.VERSION=$(VERSION)" -o '../build/server'
+build:
+	cd server && gox \
+		-osarch="linux/amd64 linux/arm64 darwin/amd64 windows/amd64" \
+		-ldflags "-w -X main.VERSION=$(VERSION)" \
+		-output="../build/{{.OS}}/{{.Arch}}/server" \
+		./...
 build-app:
 	cd app && npm i && npm run build
 build-dashboard:
@@ -10,7 +16,7 @@ build-dashboard:
 clean:
 	rm -rf build
 test:
-	rm -rf server/test/test.db && rm -rf test.db && cd server && go clean --testcache && TEST_DBS="sqlite" go test -p 1 -v ./test
+	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal && cd server && go clean --testcache && TEST_DBS="sqlite" go test -p 1 -v ./test
 test-mongodb:
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
 	cd server && go clean --testcache && TEST_DBS="mongodb" go test -p 1 -v ./test
@@ -20,23 +26,31 @@ test-scylladb:
 	cd server && go clean --testcache && TEST_DBS="scylladb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 test-arangodb:
-	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
+	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.10.3
 	cd server && go clean --testcache && TEST_DBS="arangodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_arangodb
 test-dynamodb:
 	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
 	cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
 	docker rm -vf dynamodb-local-test
+test-couchbase:
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
+	cd server && go clean --testcache && TEST_DBS="couchbase" go test -p 1 -v ./test
+	docker rm -vf couchbase-local-test
 test-all-db:
-	rm -rf server/test/test.db && rm -rf test.db
+	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal
 	docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
-	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
-	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.10.3
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
 	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb
 	docker rm -vf dynamodb-local-test
+	# docker rm -vf couchbase-local-test
 generate:
 	cd server && go run github.com/99designs/gqlgen generate && go mod tidy

app/.prettierrc.json

@@ -2,5 +2,5 @@
 	"tabWidth": 2,
 	"singleQuote": true,
 	"trailingComma": "all",
-	"useTabs": false
+	"useTabs": true
 }

app/package-lock.json

@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "^1.1.2",
+				"@authorizerdev/authorizer-react": "^1.1.8",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -27,9 +27,9 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.0.tgz",
-			"integrity": "sha512-MdEw1SjhIm7pXq20AscHSbnAta2PC3w7GNBY52/OzmlBXUGH3ooUQX/aszbYOse3FlhapcrGrRvg4sNM7faGAg==",
+			"version": "1.1.4",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.4.tgz",
+			"integrity": "sha512-oLp3XMYU9xHlg5urpAOaw6NrKQ07SaI8oAi1BAMHZWivv5qi2V+6roey0y9MdvCUmsMULBBcZg87kuoMTXRJOw==",
 			"dependencies": {
 				"cross-fetch": "^3.1.5"
 			},
@@ -38,14 +38,11 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "1.1.2",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.2.tgz",
-			"integrity": "sha512-uBmuKnOVX8gp8CEUuGJuz04ep+8qMEzJXWd5leEGKYMIgolHpu/lOinnMUXhjh8YL3pA4+EhvB+hQXxUX+rRHQ==",
+			"version": "1.1.8",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.8.tgz",
+			"integrity": "sha512-5v9Zc7ZxiEQEHT1Fwj1jvEemdckcrn7mZPkdmJ/z0YOWNbF20ZpM4WsfrtJB+d293m7Rb1QKwzdFPkYINMh5tw==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^1.1.0",
-				"final-form": "^4.20.2",
-				"react-final-form": "^6.5.3",
-				"styled-components": "^5.3.0"
+				"@authorizerdev/authorizer-js": "^1.1.4"
 			},
 			"engines": {
 				"node": ">=10"
@@ -469,18 +466,6 @@
 				"node": ">=0.8.0"
 			}
 		},
-		"node_modules/final-form": {
-			"version": "4.20.4",
-			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.4.tgz",
-			"integrity": "sha512-hyoOVVilPLpkTvgi+FSJkFZrh0Yhy4BhE6lk/NiBwrF4aRV8/ykKEyXYvQH/pfUbRkOosvpESYouFb+FscsLrw==",
-			"dependencies": {
-				"@babel/runtime": "^7.10.0"
-			},
-			"funding": {
-				"type": "opencollective",
-				"url": "https://opencollective.com/final-form"
-			}
-		},
 		"node_modules/globals": {
 			"version": "11.12.0",
 			"resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
@@ -673,33 +658,6 @@
 				"react": "17.0.2"
 			}
 		},
-		"node_modules/react-final-form": {
-			"version": "6.5.7",
-			"resolved": "https://registry.npmjs.org/react-final-form/-/react-final-form-6.5.7.tgz",
-			"integrity": "sha512-o7tvJXB+McGiXOILqIC8lnOcX4aLhIBiF/Xi9Qet35b7XOS8R7KL8HLRKTfnZWQJm6MCE15v1U0SFive0NcxyA==",
-			"dependencies": {
-				"@babel/runtime": "^7.15.4"
-			},
-			"funding": {
-				"type": "opencollective",
-				"url": "https://opencollective.com/final-form"
-			},
-			"peerDependencies": {
-				"final-form": "4.20.4",
-				"react": "^16.8.0 || ^17.0.0"
-			}
-		},
-		"node_modules/react-final-form/node_modules/@babel/runtime": {
-			"version": "7.16.7",
-			"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.7.tgz",
-			"integrity": "sha512-9E9FJowqAsytyOY6LG+1KuueckRL+aQW+mKvXRXnuFGyRAyepJPmEo9vgMfXUA6O9u3IeEdv9MAkppFcaQwogQ==",
-			"dependencies": {
-				"regenerator-runtime": "^0.13.4"
-			},
-			"engines": {
-				"node": ">=6.9.0"
-			}
-		},
 		"node_modules/react-is": {
 			"version": "17.0.2",
 			"resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
@@ -876,22 +834,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.0.tgz",
-			"integrity": "sha512-MdEw1SjhIm7pXq20AscHSbnAta2PC3w7GNBY52/OzmlBXUGH3ooUQX/aszbYOse3FlhapcrGrRvg4sNM7faGAg==",
+			"version": "1.1.4",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.4.tgz",
+			"integrity": "sha512-oLp3XMYU9xHlg5urpAOaw6NrKQ07SaI8oAi1BAMHZWivv5qi2V+6roey0y9MdvCUmsMULBBcZg87kuoMTXRJOw==",
 			"requires": {
 				"cross-fetch": "^3.1.5"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "1.1.2",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.2.tgz",
-			"integrity": "sha512-uBmuKnOVX8gp8CEUuGJuz04ep+8qMEzJXWd5leEGKYMIgolHpu/lOinnMUXhjh8YL3pA4+EhvB+hQXxUX+rRHQ==",
+			"version": "1.1.8",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.8.tgz",
+			"integrity": "sha512-5v9Zc7ZxiEQEHT1Fwj1jvEemdckcrn7mZPkdmJ/z0YOWNbF20ZpM4WsfrtJB+d293m7Rb1QKwzdFPkYINMh5tw==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^1.1.0",
-				"final-form": "^4.20.2",
-				"react-final-form": "^6.5.3",
-				"styled-components": "^5.3.0"
+				"@authorizerdev/authorizer-js": "^1.1.4"
 			}
 		},
 		"@babel/code-frame": {
@@ -1231,14 +1186,6 @@
 			"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
 			"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
 		},
-		"final-form": {
-			"version": "4.20.4",
-			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.4.tgz",
-			"integrity": "sha512-hyoOVVilPLpkTvgi+FSJkFZrh0Yhy4BhE6lk/NiBwrF4aRV8/ykKEyXYvQH/pfUbRkOosvpESYouFb+FscsLrw==",
-			"requires": {
-				"@babel/runtime": "^7.10.0"
-			}
-		},
 		"globals": {
 			"version": "11.12.0",
 			"resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
@@ -1387,24 +1334,6 @@
 				"scheduler": "^0.20.2"
 			}
 		},
-		"react-final-form": {
-			"version": "6.5.7",
-			"resolved": "https://registry.npmjs.org/react-final-form/-/react-final-form-6.5.7.tgz",
-			"integrity": "sha512-o7tvJXB+McGiXOILqIC8lnOcX4aLhIBiF/Xi9Qet35b7XOS8R7KL8HLRKTfnZWQJm6MCE15v1U0SFive0NcxyA==",
-			"requires": {
-				"@babel/runtime": "^7.15.4"
-			},
-			"dependencies": {
-				"@babel/runtime": {
-					"version": "7.16.7",
-					"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.7.tgz",
-					"integrity": "sha512-9E9FJowqAsytyOY6LG+1KuueckRL+aQW+mKvXRXnuFGyRAyepJPmEo9vgMfXUA6O9u3IeEdv9MAkppFcaQwogQ==",
-					"requires": {
-						"regenerator-runtime": "^0.13.4"
-					}
-				}
-			}
-		},
 		"react-is": {
 			"version": "17.0.2",
 			"resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",

app/package.json

@@ -6,13 +6,13 @@
 	"scripts": {
 		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
 		"start": "NODE_ENV=development node ./esbuild.config.js",
-		"format": "prettier --write --use-tabs 'src/**/*.(ts|tsx|js|jsx)'"
+		"format": "prettier --write 'src/**/*.(ts|tsx|js|jsx)'"
 	},
 	"keywords": [],
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^1.1.2",
+		"@authorizerdev/authorizer-react": "^1.1.8",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",

app/src/Root.tsx

@@ -38,6 +38,8 @@ export default function Root({
 	const scope = searchParams.get('scope')
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
+	const code = searchParams.get('code') || '';
+	const nonce = searchParams.get('nonce') || '';
 
 	const urlProps: Record<string, any> = {
 		state,
@@ -58,9 +60,19 @@ export default function Root({
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
 			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
+
+			if (code !== '') {
+				params += `&code=${code}`;
+			}
+
+			if (nonce !== '') {
+				params += `&nonce=${nonce}`;
+			}
+
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
+
 			const url = new URL(redirectURL);
 			if (redirectURL.includes('?')) {
 				redirectURL = `${redirectURL}&${params}`;
@@ -74,7 +86,7 @@ export default function Root({
 			}
 		}
 		return () => {};
-	}, [token]);
+	}, [token, config]);
 
 	if (loading) {
 		return <h1>Loading...</h1>;
@@ -100,7 +112,7 @@ export default function Root({
 						<Route path="/app" exact>
 							<Login urlProps={urlProps} />
 						</Route>
-						<Route path="/app/signup" exact>
+						<Route path="/app/signup">
 							<SignUp urlProps={urlProps} />
 						</Route>
 						<Route path="/app/reset-password">

app/yarn.lock

@@ -0,0 +1,588 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"@authorizerdev/authorizer-js@^1.1.4":
+  version "1.1.4"
+  resolved "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.4.tgz"
+  integrity sha512-oLp3XMYU9xHlg5urpAOaw6NrKQ07SaI8oAi1BAMHZWivv5qi2V+6roey0y9MdvCUmsMULBBcZg87kuoMTXRJOw==
+  dependencies:
+    cross-fetch "^3.1.5"
+
+"@authorizerdev/authorizer-react@^1.1.8":
+  version "1.1.8"
+  resolved "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.8.tgz"
+  integrity sha512-5v9Zc7ZxiEQEHT1Fwj1jvEemdckcrn7mZPkdmJ/z0YOWNbF20ZpM4WsfrtJB+d293m7Rb1QKwzdFPkYINMh5tw==
+  dependencies:
+    "@authorizerdev/authorizer-js" "^1.1.4"
+
+"@babel/code-frame@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz"
+  integrity sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==
+  dependencies:
+    "@babel/highlight" "^7.16.7"
+
+"@babel/generator@^7.16.8":
+  version "7.16.8"
+  resolved "https://registry.npmjs.org/@babel/generator/-/generator-7.16.8.tgz"
+  integrity sha512-1ojZwE9+lOXzcWdWmO6TbUzDfqLD39CmEhN8+2cX9XkDo5yW1OpgfejfliysR2AWLpMamTiOiAp/mtroaymhpw==
+  dependencies:
+    "@babel/types" "^7.16.8"
+    jsesc "^2.5.1"
+    source-map "^0.5.0"
+
+"@babel/helper-annotate-as-pure@^7.16.0":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.16.7.tgz"
+  integrity sha512-s6t2w/IPQVTAET1HitoowRGXooX8mCgtuP5195wD/QJPV6wYjpujCGF7JuMODVX2ZAJOf1GT6DT9MHEZvLOFSw==
+  dependencies:
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-environment-visitor@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.16.7.tgz"
+  integrity sha512-SLLb0AAn6PkUeAfKJCCOl9e1R53pQlGAfc4y4XuMRZfqeMYLE0dM1LMhqbGAlGQY0lfw5/ohoYWAe9V1yibRag==
+  dependencies:
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-function-name@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.16.7.tgz"
+  integrity sha512-QfDfEnIUyyBSR3HtrtGECuZ6DAyCkYFp7GHl75vFtTnn6pjKeK0T1DB5lLkFvBea8MdaiUABx3osbgLyInoejA==
+  dependencies:
+    "@babel/helper-get-function-arity" "^7.16.7"
+    "@babel/template" "^7.16.7"
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-get-function-arity@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.7.tgz"
+  integrity sha512-flc+RLSOBXzNzVhcLu6ujeHUrD6tANAOU5ojrRx/as+tbzf8+stUCj7+IfRRoAbEZqj/ahXEMsjhOhgeZsrnTw==
+  dependencies:
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-hoist-variables@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.7.tgz"
+  integrity sha512-m04d/0Op34H5v7pbZw6pSKP7weA6lsMvfiIAMeIvkY/R4xQtBSMFEigu9QTZ2qB/9l22vsxtM8a+Q8CzD255fg==
+  dependencies:
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-module-imports@^7.0.0", "@babel/helper-module-imports@^7.16.0":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.16.7.tgz"
+  integrity sha512-LVtS6TqjJHFc+nYeITRo6VLXve70xmq7wPhWTqDJusJEgGmkAACWwMiTNrvfoQo6hEhFwAIixNkvB0jPXDL8Wg==
+  dependencies:
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-split-export-declaration@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.16.7.tgz"
+  integrity sha512-xbWoy/PFoxSWazIToT9Sif+jJTlrMcndIsaOKvTA6u7QEo7ilkRZpjew18/W3c7nm8fXdUDXh02VXTbZ0pGDNw==
+  dependencies:
+    "@babel/types" "^7.16.7"
+
+"@babel/helper-validator-identifier@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.16.7.tgz"
+  integrity sha512-hsEnFemeiW4D08A5gUAZxLBTXpZ39P+a+DGDsHw1yxqyQ/jzFEnxf5uTEGp+3bzAbNOxU1paTgYS4ECU/IgfDw==
+
+"@babel/highlight@^7.16.7":
+  version "7.16.10"
+  resolved "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.10.tgz"
+  integrity sha512-5FnTQLSLswEj6IkgVw5KusNUUFY9ZGqe/TRFnP/BKYHYgfh7tc+C7mwiy95/yNP7Dh9x580Vv8r7u7ZfTBFxdw==
+  dependencies:
+    "@babel/helper-validator-identifier" "^7.16.7"
+    chalk "^2.0.0"
+    js-tokens "^4.0.0"
+
+"@babel/parser@^7.16.10", "@babel/parser@^7.16.7":
+  version "7.16.12"
+  resolved "https://registry.npmjs.org/@babel/parser/-/parser-7.16.12.tgz"
+  integrity sha512-VfaV15po8RiZssrkPweyvbGVSe4x2y+aciFCgn0n0/SJMR22cwofRV1mtnJQYcSB1wUTaA/X1LnA3es66MCO5A==
+
+"@babel/runtime@^7.1.2", "@babel/runtime@^7.12.1":
+  version "7.14.8"
+  resolved "https://registry.npmjs.org/@babel/runtime/-/runtime-7.14.8.tgz"
+  integrity sha512-twj3L8Og5SaCRCErB4x4ajbvBIVV77CGeFglHpeg5WC5FF8TZzBWXtTJ4MqaD9QszLYTtr+IsaAL2rEUevb+eg==
+  dependencies:
+    regenerator-runtime "^0.13.4"
+
+"@babel/template@^7.16.7":
+  version "7.16.7"
+  resolved "https://registry.npmjs.org/@babel/template/-/template-7.16.7.tgz"
+  integrity sha512-I8j/x8kHUrbYRTUxXrrMbfCa7jxkE7tZre39x3kjr9hvI82cK1FfqLygotcWN5kdPGWcLdWMHpSBavse5tWw3w==
+  dependencies:
+    "@babel/code-frame" "^7.16.7"
+    "@babel/parser" "^7.16.7"
+    "@babel/types" "^7.16.7"
+
+"@babel/traverse@^7.4.5":
+  version "7.16.10"
+  resolved "https://registry.npmjs.org/@babel/traverse/-/traverse-7.16.10.tgz"
+  integrity sha512-yzuaYXoRJBGMlBhsMJoUW7G1UmSb/eXr/JHYM/MsOJgavJibLwASijW7oXBdw3NQ6T0bW7Ty5P/VarOs9cHmqw==
+  dependencies:
+    "@babel/code-frame" "^7.16.7"
+    "@babel/generator" "^7.16.8"
+    "@babel/helper-environment-visitor" "^7.16.7"
+    "@babel/helper-function-name" "^7.16.7"
+    "@babel/helper-hoist-variables" "^7.16.7"
+    "@babel/helper-split-export-declaration" "^7.16.7"
+    "@babel/parser" "^7.16.10"
+    "@babel/types" "^7.16.8"
+    debug "^4.1.0"
+    globals "^11.1.0"
+
+"@babel/types@^7.16.7", "@babel/types@^7.16.8":
+  version "7.16.8"
+  resolved "https://registry.npmjs.org/@babel/types/-/types-7.16.8.tgz"
+  integrity sha512-smN2DQc5s4M7fntyjGtyIPbRJv6wW4rU/94fmYJ7PKQuZkC0qGMHXJbg6sNGt12JmVr4k5YaptI/XtiLJBnmIg==
+  dependencies:
+    "@babel/helper-validator-identifier" "^7.16.7"
+    to-fast-properties "^2.0.0"
+
+"@emotion/is-prop-valid@^0.8.8":
+  version "0.8.8"
+  resolved "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-0.8.8.tgz"
+  integrity sha512-u5WtneEAr5IDG2Wv65yhunPSMLIpuKsbuOktRojfrEiEvRyC85LgPMZI63cr7NUqT8ZIGdSVg8ZKGxIug4lXcA==
+  dependencies:
+    "@emotion/memoize" "0.7.4"
+
+"@emotion/memoize@0.7.4":
+  version "0.7.4"
+  resolved "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.7.4.tgz"
+  integrity sha512-Ja/Vfqe3HpuzRsG1oBtWTHk2PGZ7GR+2Vz5iYGelAw8dx32K0y7PjVuxK6z1nMpZOqAFsRUPCkK1YjJ56qJlgw==
+
+"@emotion/stylis@^0.8.4":
+  version "0.8.5"
+  resolved "https://registry.npmjs.org/@emotion/stylis/-/stylis-0.8.5.tgz"
+  integrity sha512-h6KtPihKFn3T9fuIrwvXXUOwlx3rfUvfZIcP5a6rh8Y7zjE3O06hT5Ss4S/YI1AYhuZ1kjaE/5EaOOI2NqSylQ==
+
+"@emotion/unitless@^0.7.4":
+  version "0.7.5"
+  resolved "https://registry.npmjs.org/@emotion/unitless/-/unitless-0.7.5.tgz"
+  integrity sha512-OWORNpfjMsSSUBVrRBVGECkhWcULOAJz9ZW8uK9qgxD+87M7jHRcvh/A96XXNhXTLmKcoYSQtBEX7lHMO7YRwg==
+
+"@types/history@*":
+  version "4.7.9"
+  resolved "https://registry.npmjs.org/@types/history/-/history-4.7.9.tgz"
+  integrity sha512-MUc6zSmU3tEVnkQ78q0peeEjKWPUADMlC/t++2bI8WnAG2tvYRPIgHG8lWkXwqc8MsUF6Z2MOf+Mh5sazOmhiQ==
+
+"@types/hoist-non-react-statics@*":
+  version "3.3.1"
+  resolved "https://registry.npmjs.org/@types/hoist-non-react-statics/-/hoist-non-react-statics-3.3.1.tgz"
+  integrity sha512-iMIqiko6ooLrTh1joXodJK5X9xeEALT1kM5G3ZLhD3hszxBdIEd5C75U834D9mLcINgD4OyZf5uQXjkuYydWvA==
+  dependencies:
+    "@types/react" "*"
+    hoist-non-react-statics "^3.3.0"
+
+"@types/prop-types@*":
+  version "15.7.4"
+  resolved "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.4.tgz"
+  integrity sha512-rZ5drC/jWjrArrS8BR6SIr4cWpW09RNTYt9AMZo3Jwwif+iacXAqgVjm0B0Bv/S1jhDXKHqRVNCbACkJ89RAnQ==
+
+"@types/react-dom@^17.0.9":
+  version "17.0.9"
+  resolved "https://registry.npmjs.org/@types/react-dom/-/react-dom-17.0.9.tgz"
+  integrity sha512-wIvGxLfgpVDSAMH5utdL9Ngm5Owu0VsGmldro3ORLXV8CShrL8awVj06NuEXFQ5xyaYfdca7Sgbk/50Ri1GdPg==
+  dependencies:
+    "@types/react" "*"
+
+"@types/react-router-dom@^5.1.8":
+  version "5.1.8"
+  resolved "https://registry.npmjs.org/@types/react-router-dom/-/react-router-dom-5.1.8.tgz"
+  integrity sha512-03xHyncBzG0PmDmf8pf3rehtjY0NpUj7TIN46FrT5n1ZWHPZvXz32gUyNboJ+xsL8cpg8bQVLcllptcQHvocrw==
+  dependencies:
+    "@types/history" "*"
+    "@types/react" "*"
+    "@types/react-router" "*"
+
+"@types/react-router@*":
+  version "5.1.16"
+  resolved "https://registry.npmjs.org/@types/react-router/-/react-router-5.1.16.tgz"
+  integrity sha512-8d7nR/fNSqlTFGHti0R3F9WwIertOaaA1UEB8/jr5l5mDMOs4CidEgvvYMw4ivqrBK+vtVLxyTj2P+Pr/dtgzg==
+  dependencies:
+    "@types/history" "*"
+    "@types/react" "*"
+
+"@types/react@*", "@types/react@^17.0.15":
+  version "17.0.15"
+  resolved "https://registry.npmjs.org/@types/react/-/react-17.0.15.tgz"
+  integrity sha512-uTKHDK9STXFHLaKv6IMnwp52fm0hwU+N89w/p9grdUqcFA6WuqDyPhaWopbNyE1k/VhgzmHl8pu1L4wITtmlLw==
+  dependencies:
+    "@types/prop-types" "*"
+    "@types/scheduler" "*"
+    csstype "^3.0.2"
+
+"@types/scheduler@*":
+  version "0.16.2"
+  resolved "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz"
+  integrity sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew==
+
+"@types/styled-components@^5.1.11":
+  version "5.1.25"
+  resolved "https://registry.npmjs.org/@types/styled-components/-/styled-components-5.1.25.tgz"
+  integrity sha512-fgwl+0Pa8pdkwXRoVPP9JbqF0Ivo9llnmsm+7TCI330kbPIFd9qv1Lrhr37shf4tnxCOSu+/IgqM7uJXLWZZNQ==
+  dependencies:
+    "@types/hoist-non-react-statics" "*"
+    "@types/react" "*"
+    csstype "^3.0.2"
+
+ansi-styles@^3.2.1:
+  version "3.2.1"
+  resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz"
+  integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==
+  dependencies:
+    color-convert "^1.9.0"
+
+"babel-plugin-styled-components@>= 1.12.0":
+  version "2.0.2"
+  resolved "https://registry.npmjs.org/babel-plugin-styled-components/-/babel-plugin-styled-components-2.0.2.tgz"
+  integrity sha512-7eG5NE8rChnNTDxa6LQfynwgHTVOYYaHJbUYSlOhk8QBXIQiMBKq4gyfHBBKPrxUcVBXVJL61ihduCpCQbuNbw==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.16.0"
+    "@babel/helper-module-imports" "^7.16.0"
+    babel-plugin-syntax-jsx "^6.18.0"
+    lodash "^4.17.11"
+
+babel-plugin-syntax-jsx@^6.18.0:
+  version "6.18.0"
+  resolved "https://registry.npmjs.org/babel-plugin-syntax-jsx/-/babel-plugin-syntax-jsx-6.18.0.tgz"
+  integrity sha1-CvMqmm4Tyno/1QaeYtew9Y0NiUY=
+
+camelize@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.npmjs.org/camelize/-/camelize-1.0.0.tgz"
+  integrity sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs=
+
+chalk@^2.0.0:
+  version "2.4.2"
+  resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz"
+  integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==
+  dependencies:
+    ansi-styles "^3.2.1"
+    escape-string-regexp "^1.0.5"
+    supports-color "^5.3.0"
+
+color-convert@^1.9.0:
+  version "1.9.3"
+  resolved "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz"
+  integrity sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==
+  dependencies:
+    color-name "1.1.3"
+
+color-name@1.1.3:
+  version "1.1.3"
+  resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz"
+  integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=
+
+cross-fetch@^3.1.5:
+  version "3.1.5"
+  resolved "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz"
+  integrity sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==
+  dependencies:
+    node-fetch "2.6.7"
+
+css-color-keywords@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.npmjs.org/css-color-keywords/-/css-color-keywords-1.0.0.tgz"
+  integrity sha1-/qJhbcZ2spYmhrOvjb2+GAskTgU=
+
+css-to-react-native@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.npmjs.org/css-to-react-native/-/css-to-react-native-3.0.0.tgz"
+  integrity sha512-Ro1yETZA813eoyUp2GDBhG2j+YggidUmzO1/v9eYBKR2EHVEniE2MI/NqpTQ954BMpTPZFsGNPm46qFB9dpaPQ==
+  dependencies:
+    camelize "^1.0.0"
+    css-color-keywords "^1.0.0"
+    postcss-value-parser "^4.0.2"
+
+csstype@^3.0.2:
+  version "3.0.8"
+  resolved "https://registry.npmjs.org/csstype/-/csstype-3.0.8.tgz"
+  integrity sha512-jXKhWqXPmlUeoQnF/EhTtTl4C9SnrxSH/jZUih3jmO6lBKr99rP3/+FmrMj4EFpOXzMtXHAZkd3x0E6h6Fgflw==
+
+debug@^4.1.0:
+  version "4.3.3"
+  resolved "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz"
+  integrity sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==
+  dependencies:
+    ms "2.1.2"
+
+esbuild@^0.12.17:
+  version "0.12.17"
+  resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.12.17.tgz"
+  integrity sha512-GshKJyVYUnlSXIZj/NheC2O0Kblh42CS7P1wJyTbbIHevTG4jYMS9NNw8EOd8dDWD0dzydYHS01MpZoUcQXB4g==
+
+escape-string-regexp@^1.0.5:
+  version "1.0.5"
+  resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz"
+  integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=
+
+globals@^11.1.0:
+  version "11.12.0"
+  resolved "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz"
+  integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==
+
+has-flag@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz"
+  integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0=
+
+history@^4.9.0:
+  version "4.10.1"
+  resolved "https://registry.npmjs.org/history/-/history-4.10.1.tgz"
+  integrity sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==
+  dependencies:
+    "@babel/runtime" "^7.1.2"
+    loose-envify "^1.2.0"
+    resolve-pathname "^3.0.0"
+    tiny-invariant "^1.0.2"
+    tiny-warning "^1.0.0"
+    value-equal "^1.0.1"
+
+hoist-non-react-statics@^3.0.0, hoist-non-react-statics@^3.1.0, hoist-non-react-statics@^3.3.0:
+  version "3.3.2"
+  resolved "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz"
+  integrity sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==
+  dependencies:
+    react-is "^16.7.0"
+
+isarray@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
+  integrity sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=
+
+"js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz"
+  integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==
+
+jsesc@^2.5.1:
+  version "2.5.2"
+  resolved "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz"
+  integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==
+
+lodash@^4.17.11:
+  version "4.17.21"
+  resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
+  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
+
+loose-envify@^1.1.0, loose-envify@^1.2.0, loose-envify@^1.3.1, loose-envify@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz"
+  integrity sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==
+  dependencies:
+    js-tokens "^3.0.0 || ^4.0.0"
+
+mini-create-react-context@^0.4.0:
+  version "0.4.1"
+  resolved "https://registry.npmjs.org/mini-create-react-context/-/mini-create-react-context-0.4.1.tgz"
+  integrity sha512-YWCYEmd5CQeHGSAKrYvXgmzzkrvssZcuuQDDeqkT+PziKGMgE+0MCCtcKbROzocGBG1meBLl2FotlRwf4gAzbQ==
+  dependencies:
+    "@babel/runtime" "^7.12.1"
+    tiny-warning "^1.0.3"
+
+ms@2.1.2:
+  version "2.1.2"
+  resolved "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz"
+  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
+
+node-fetch@2.6.7:
+  version "2.6.7"
+  resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz"
+  integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
+  dependencies:
+    whatwg-url "^5.0.0"
+
+object-assign@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz"
+  integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
+
+path-to-regexp@^1.7.0:
+  version "1.8.0"
+  resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz"
+  integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==
+  dependencies:
+    isarray "0.0.1"
+
+postcss-value-parser@^4.0.2:
+  version "4.2.0"
+  resolved "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz"
+  integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
+
+prettier@2.7.1:
+  version "2.7.1"
+  resolved "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz"
+  integrity sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==
+
+prop-types@^15.0.0, prop-types@^15.6.2:
+  version "15.7.2"
+  resolved "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz"
+  integrity sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==
+  dependencies:
+    loose-envify "^1.4.0"
+    object-assign "^4.1.1"
+    react-is "^16.8.1"
+
+react-dom@^17.0.2, "react-dom@>= 16.8.0":
+  version "17.0.2"
+  resolved "https://registry.npmjs.org/react-dom/-/react-dom-17.0.2.tgz"
+  integrity sha512-s4h96KtLDUQlsENhMn1ar8t2bEa+q/YAtj8pPPdIjPDGBDIVNsrD9aXNWqspUe6AzKCIG0C1HZZLqLV7qpOBGA==
+  dependencies:
+    loose-envify "^1.1.0"
+    object-assign "^4.1.1"
+    scheduler "^0.20.2"
+
+react-is@^16.6.0:
+  version "16.13.1"
+  resolved "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz"
+  integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==
+
+react-is@^16.7.0:
+  version "16.13.1"
+  resolved "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz"
+  integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==
+
+react-is@^16.8.1:
+  version "16.13.1"
+  resolved "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz"
+  integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==
+
+react-is@^17.0.2, "react-is@>= 16.8.0":
+  version "17.0.2"
+  resolved "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz"
+  integrity sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==
+
+react-router-dom@^5.2.0:
+  version "5.2.0"
+  resolved "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.2.0.tgz"
+  integrity sha512-gxAmfylo2QUjcwxI63RhQ5G85Qqt4voZpUXSEqCwykV0baaOTQDR1f0PmY8AELqIyVc0NEZUj0Gov5lNGcXgsA==
+  dependencies:
+    "@babel/runtime" "^7.1.2"
+    history "^4.9.0"
+    loose-envify "^1.3.1"
+    prop-types "^15.6.2"
+    react-router "5.2.0"
+    tiny-invariant "^1.0.2"
+    tiny-warning "^1.0.0"
+
+react-router@5.2.0:
+  version "5.2.0"
+  resolved "https://registry.npmjs.org/react-router/-/react-router-5.2.0.tgz"
+  integrity sha512-smz1DUuFHRKdcJC0jobGo8cVbhO3x50tCL4icacOlcwDOEQPq4TMqwx3sY1TP+DvtTgz4nm3thuo7A+BK2U0Dw==
+  dependencies:
+    "@babel/runtime" "^7.1.2"
+    history "^4.9.0"
+    hoist-non-react-statics "^3.1.0"
+    loose-envify "^1.3.1"
+    mini-create-react-context "^0.4.0"
+    path-to-regexp "^1.7.0"
+    prop-types "^15.6.2"
+    react-is "^16.6.0"
+    tiny-invariant "^1.0.2"
+    tiny-warning "^1.0.0"
+
+"react@^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0", react@^17.0.2, "react@>= 16.8.0", react@>=15, react@>=16, react@17.0.2:
+  version "17.0.2"
+  resolved "https://registry.npmjs.org/react/-/react-17.0.2.tgz"
+  integrity sha512-gnhPt75i/dq/z3/6q/0asP78D0u592D5L1pd7M8P+dck6Fu/jJeL6iVVK23fptSUZj8Vjf++7wXA8UNclGQcbA==
+  dependencies:
+    loose-envify "^1.1.0"
+    object-assign "^4.1.1"
+
+regenerator-runtime@^0.13.4:
+  version "0.13.9"
+  resolved "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.9.tgz"
+  integrity sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==
+
+resolve-pathname@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz"
+  integrity sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng==
+
+scheduler@^0.20.2:
+  version "0.20.2"
+  resolved "https://registry.npmjs.org/scheduler/-/scheduler-0.20.2.tgz"
+  integrity sha512-2eWfGgAqqWFGqtdMmcL5zCMK1U8KlXv8SQFGglL3CEtd0aDVDWgeF/YoCmvln55m5zSk3J/20hTaSBeSObsQDQ==
+  dependencies:
+    loose-envify "^1.1.0"
+    object-assign "^4.1.1"
+
+shallowequal@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.npmjs.org/shallowequal/-/shallowequal-1.1.0.tgz"
+  integrity sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ==
+
+source-map@^0.5.0:
+  version "0.5.7"
+  resolved "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz"
+  integrity sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=
+
+styled-components@^5.3.0, "styled-components@>= 2":
+  version "5.3.3"
+  resolved "https://registry.npmjs.org/styled-components/-/styled-components-5.3.3.tgz"
+  integrity sha512-++4iHwBM7ZN+x6DtPPWkCI4vdtwumQ+inA/DdAsqYd4SVgUKJie5vXyzotA00ttcFdQkCng7zc6grwlfIfw+lw==
+  dependencies:
+    "@babel/helper-module-imports" "^7.0.0"
+    "@babel/traverse" "^7.4.5"
+    "@emotion/is-prop-valid" "^0.8.8"
+    "@emotion/stylis" "^0.8.4"
+    "@emotion/unitless" "^0.7.4"
+    babel-plugin-styled-components ">= 1.12.0"
+    css-to-react-native "^3.0.0"
+    hoist-non-react-statics "^3.0.0"
+    shallowequal "^1.1.0"
+    supports-color "^5.5.0"
+
+supports-color@^5.3.0, supports-color@^5.5.0:
+  version "5.5.0"
+  resolved "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz"
+  integrity sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==
+  dependencies:
+    has-flag "^3.0.0"
+
+tiny-invariant@^1.0.2:
+  version "1.1.0"
+  resolved "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.1.0.tgz"
+  integrity sha512-ytxQvrb1cPc9WBEI/HSeYYoGD0kWnGEOR8RY6KomWLBVhqz0RgTwVO9dLrGz7dC+nN9llyI7OKAgRq8Vq4ZBSw==
+
+tiny-warning@^1.0.0, tiny-warning@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz"
+  integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==
+
+to-fast-properties@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz"
+  integrity sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=
+
+tr46@~0.0.3:
+  version "0.0.3"
+  resolved "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz"
+  integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==
+
+typescript@^4.3.5:
+  version "4.3.5"
+  resolved "https://registry.npmjs.org/typescript/-/typescript-4.3.5.tgz"
+  integrity sha512-DqQgihaQ9cUrskJo9kIyW/+g0Vxsk8cDtZ52a3NGh0YNTfpUSArXSohyUGnvbPazEPLu398C0UxmKSOrPumUzA==
+
+value-equal@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz"
+  integrity sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw==
+
+webidl-conversions@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz"
+  integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==
+
+whatwg-url@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz"
+  integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==
+  dependencies:
+    tr46 "~0.0.3"
+    webidl-conversions "^3.0.0"

dashboard/.prettierrc.json

@@ -2,5 +2,5 @@
 	"tabWidth": 2,
 	"singleQuote": true,
 	"trailingComma": "all",
-	"useTabs": false
+	"useTabs": true
 }

dashboard/src/components/DeleteEmailTemplateModal.tsx

@@ -44,7 +44,7 @@ const DeleteEmailTemplateModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -53,7 +53,7 @@ const DeleteEmailTemplateModal = ({
 				title: capitalizeFirstLetter(res.data?._delete_email_template.message),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/DeleteUserModal.tsx

@@ -51,7 +51,7 @@ const DeleteUserModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -60,7 +60,7 @@ const DeleteUserModal = ({
 				title: capitalizeFirstLetter(res.data?._delete_user.message),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/DeleteWebhookModal.tsx

@@ -44,7 +44,7 @@ const DeleteWebhookModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -53,7 +53,7 @@ const DeleteWebhookModal = ({
 				title: capitalizeFirstLetter(res.data?._delete_webhook.message),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/EditUserModal.tsx

@@ -104,14 +104,14 @@ const EditUserModal = ({
 				title: 'User data update failed',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (res.data?._update_user?.id) {
 			toast({
 				title: 'User data update successful',
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/EnvComponents/JWTConfiguration.tsx

@@ -43,7 +43,7 @@ const JSTConfigurations = ({
 				title: `JWT config copied successfully`,
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} catch (err) {
 			console.error({
@@ -54,7 +54,7 @@ const JSTConfigurations = ({
 				title: `Failed to copy JWT config`,
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 	};

dashboard/src/components/EnvComponents/OAuthConfig.tsx

@@ -16,6 +16,7 @@ import {
 	FaLinkedin,
 	FaApple,
 	FaTwitter,
+	FaMicrosoft,
 } from 'react-icons/fa';
 import { TextInputType, HiddenInputType } from '../../constants';
 
@@ -303,6 +304,57 @@ const OAuthConfig = ({
 							/>
 						</Center>
 					</Flex>
+					<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+						<Center
+							w={isNotSmallerScreen ? '55px' : '35px'}
+							h="35px"
+							marginRight="1.5%"
+							border="1px solid #3b5998"
+							borderRadius="5px"
+						>
+							<FaMicrosoft />
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '35%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+							marginRight="1.5%"
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								inputType={TextInputType.MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID}
+								placeholder="Microsoft Active Directory TenantID"
+							/>
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '35%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+							marginRight="1.5%"
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								inputType={TextInputType.MICROSOFT_CLIENT_ID}
+								placeholder="Microsoft Client ID"
+							/>
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '70%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								fieldVisibility={fieldVisibility}
+								setFieldVisibility={setFieldVisibility}
+								inputType={HiddenInputType.MICROSOFT_CLIENT_SECRET}
+								placeholder="Microsoft Client Secret"
+							/>
+						</Center>
+					</Flex>
 				</Stack>
 			</Box>
 		</div>

dashboard/src/components/GenerateKeysModal.tsx

@@ -73,7 +73,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 					title: 'Error occurred generating jwt keys',
 					isClosable: true,
 					status: 'error',
-					position: 'bottom-right',
+					position: 'top-right',
 				});
 				closeHandler();
 			} else {
@@ -107,7 +107,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 				title: 'Error occurred setting jwt keys',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -116,7 +116,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 			title: 'JWT keys updated successfully',
 			isClosable: true,
 			status: 'success',
-			position: 'bottom-right',
+			position: 'top-right',
 		});
 		closeHandler();
 	};

dashboard/src/components/InviteMembersModal.tsx

@@ -105,7 +105,7 @@ const InviteMembersModal = ({
 					title: 'Invites sent successfully!',
 					isClosable: true,
 					status: 'success',
-					position: 'bottom-right',
+					position: 'top-right',
 				});
 				setLoading(false);
 				updateUserList();
@@ -117,7 +117,7 @@ const InviteMembersModal = ({
 				title: error?.message || 'Error occurred, try again!',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			setLoading(false);
 		}

dashboard/src/components/UpdateEmailTemplateModal.tsx

@@ -29,6 +29,10 @@ import {
 	Tbody,
 	Td,
 	Code,
+	Radio,
+	RadioGroup,
+	Stack,
+	Textarea,
 } from '@chakra-ui/react';
 import { FaPlus, FaAngleDown, FaAngleUp } from 'react-icons/fa';
 import { useClient } from 'urql';
@@ -38,6 +42,7 @@ import {
 	EmailTemplateInputDataFields,
 	emailTemplateEventNames,
 	emailTemplateVariables,
+	EmailTemplateEditors,
 } from '../constants';
 import { capitalizeFirstLetter } from '../utils';
 import { AddEmailTemplate, EditEmailTemplate } from '../graphql/mutation';
@@ -66,6 +71,8 @@ interface templateVariableDataTypes {
 interface emailTemplateDataType {
 	[EmailTemplateInputDataFields.EVENT_NAME]: string;
 	[EmailTemplateInputDataFields.SUBJECT]: string;
+	[EmailTemplateInputDataFields.TEMPLATE]: string;
+	[EmailTemplateInputDataFields.DESIGN]: string;
 }
 
 interface validatorDataType {
@@ -75,6 +82,8 @@ interface validatorDataType {
 const initTemplateData: emailTemplateDataType = {
 	[EmailTemplateInputDataFields.EVENT_NAME]: emailTemplateEventNames.Signup,
 	[EmailTemplateInputDataFields.SUBJECT]: '',
+	[EmailTemplateInputDataFields.TEMPLATE]: '',
+	[EmailTemplateInputDataFields.DESIGN]: '',
 };
 
 const initTemplateValidatorData: validatorDataType = {
@@ -91,6 +100,9 @@ const UpdateEmailTemplate = ({
 	const emailEditorRef = useRef(null);
 	const { isOpen, onOpen, onClose } = useDisclosure();
 	const [loading, setLoading] = useState<boolean>(false);
+	const [editor, setEditor] = useState<string>(
+		EmailTemplateEditors.PLAIN_HTML_EDITOR,
+	);
 	const [templateVariables, setTemplateVariables] = useState<
 		templateVariableDataTypes[]
 	>([]);
@@ -107,9 +119,11 @@ const UpdateEmailTemplate = ({
 		if (selectedTemplate) {
 			const { design } = selectedTemplate;
 			try {
-				const designData = JSON.parse(design);
-				// @ts-ignore
-				emailEditorRef.current.editor.loadDesign(designData);
+				if (design) {
+					const designData = JSON.parse(design);
+					// @ts-ignore
+					emailEditorRef.current.editor.loadDesign(designData);
+				}
 			} catch (error) {
 				console.error(error);
 				onClose();
@@ -136,70 +150,85 @@ const UpdateEmailTemplate = ({
 		);
 	};
 
+	const updateTemplate = async (params: emailTemplateDataType) => {
+		let res: any = {};
+		if (
+			view === UpdateModalViews.Edit &&
+			selectedTemplate?.[EmailTemplateInputDataFields.ID]
+		) {
+			res = await client
+				.mutation(EditEmailTemplate, {
+					params: {
+						...params,
+						id: selectedTemplate[EmailTemplateInputDataFields.ID],
+					},
+				})
+				.toPromise();
+		} else {
+			res = await client.mutation(AddEmailTemplate, { params }).toPromise();
+		}
+		setLoading(false);
+		if (res.error) {
+			toast({
+				title: capitalizeFirstLetter(res.error.message),
+				isClosable: true,
+				status: 'error',
+				position: 'top-right',
+			});
+		} else if (
+			res.data?._add_email_template ||
+			res.data?._update_email_template
+		) {
+			toast({
+				title: capitalizeFirstLetter(
+					res.data?._add_email_template?.message ||
+						res.data?._update_email_template?.message,
+				),
+				isClosable: true,
+				status: 'success',
+				position: 'top-right',
+			});
+			setTemplateData({
+				...initTemplateData,
+			});
+			setValidator({ ...initTemplateValidatorData });
+			fetchEmailTemplatesData();
+		}
+	};
+
 	const saveData = async () => {
 		if (!validateData()) return;
 		setLoading(true);
-		// @ts-ignore
-		return await emailEditorRef.current.editor.exportHtml(async (data) => {
-			const { design, html } = data;
-			if (!html || !design) {
-				setLoading(false);
-				return;
-			}
-			const params = {
-				[EmailTemplateInputDataFields.EVENT_NAME]:
-					templateData[EmailTemplateInputDataFields.EVENT_NAME],
-				[EmailTemplateInputDataFields.SUBJECT]:
-					templateData[EmailTemplateInputDataFields.SUBJECT],
-				[EmailTemplateInputDataFields.TEMPLATE]: html.trim(),
-				[EmailTemplateInputDataFields.DESIGN]: JSON.stringify(design),
-			};
-			let res: any = {};
-			if (
-				view === UpdateModalViews.Edit &&
-				selectedTemplate?.[EmailTemplateInputDataFields.ID]
-			) {
-				res = await client
-					.mutation(EditEmailTemplate, {
-						params: {
-							...params,
-							id: selectedTemplate[EmailTemplateInputDataFields.ID],
-						},
-					})
-					.toPromise();
-			} else {
-				res = await client.mutation(AddEmailTemplate, { params }).toPromise();
-			}
-			setLoading(false);
-			if (res.error) {
-				toast({
-					title: capitalizeFirstLetter(res.error.message),
-					isClosable: true,
-					status: 'error',
-					position: 'bottom-right',
-				});
-			} else if (
-				res.data?._add_email_template ||
-				res.data?._update_email_template
-			) {
-				toast({
-					title: capitalizeFirstLetter(
-						res.data?._add_email_template?.message ||
-							res.data?._update_email_template?.message,
-					),
-					isClosable: true,
-					status: 'success',
-					position: 'bottom-right',
-				});
-				setTemplateData({
-					...initTemplateData,
-				});
-				setValidator({ ...initTemplateValidatorData });
-				fetchEmailTemplatesData();
-			}
-			view === UpdateModalViews.ADD && onClose();
-		});
+		let params: emailTemplateDataType = {
+			[EmailTemplateInputDataFields.EVENT_NAME]:
+				templateData[EmailTemplateInputDataFields.EVENT_NAME],
+			[EmailTemplateInputDataFields.SUBJECT]:
+				templateData[EmailTemplateInputDataFields.SUBJECT],
+			[EmailTemplateInputDataFields.TEMPLATE]:
+				templateData[EmailTemplateInputDataFields.TEMPLATE],
+			[EmailTemplateInputDataFields.DESIGN]: '',
+		};
+		if (editor === EmailTemplateEditors.UNLAYER_EDITOR) {
+			// @ts-ignore
+			await emailEditorRef.current.editor.exportHtml(async (data) => {
+				const { design, html } = data;
+				if (!html || !design) {
+					setLoading(false);
+					return;
+				}
+				params = {
+					...params,
+					[EmailTemplateInputDataFields.TEMPLATE]: html.trim(),
+					[EmailTemplateInputDataFields.DESIGN]: JSON.stringify(design),
+				};
+				await updateTemplate(params);
+			});
+		} else {
+			await updateTemplate(params);
+		}
+		view === UpdateModalViews.ADD && onClose();
 	};
+
 	const resetData = () => {
 		if (selectedTemplate) {
 			setTemplateData(selectedTemplate);
@@ -207,6 +236,8 @@ const UpdateEmailTemplate = ({
 			setTemplateData({ ...initTemplateData });
 		}
 	};
+
+	// set template data if edit modal is open
 	useEffect(() => {
 		if (
 			isOpen &&
@@ -214,10 +245,12 @@ const UpdateEmailTemplate = ({
 			selectedTemplate &&
 			Object.keys(selectedTemplate || {}).length
 		) {
-			const { id, created_at, template, design, ...rest } = selectedTemplate;
+			const { id, created_at, ...rest } = selectedTemplate;
 			setTemplateData(rest);
 		}
 	}, [isOpen]);
+
+	// set template variables
 	useEffect(() => {
 		const updatedTemplateVariables = Object.entries(
 			emailTemplateVariables,
@@ -244,6 +277,51 @@ const UpdateEmailTemplate = ({
 		setTemplateVariables(updatedTemplateVariables);
 	}, [templateData[EmailTemplateInputDataFields.EVENT_NAME]]);
 
+	// change editor
+	useEffect(() => {
+		if (isOpen && selectedTemplate) {
+			const { design } = selectedTemplate;
+			if (design) {
+				setEditor(EmailTemplateEditors.UNLAYER_EDITOR);
+			} else {
+				setEditor(EmailTemplateEditors.PLAIN_HTML_EDITOR);
+			}
+		}
+	}, [isOpen, selectedTemplate]);
+
+	// reset fields when editor is changed
+	useEffect(() => {
+		if (selectedTemplate?.design) {
+			if (editor === EmailTemplateEditors.UNLAYER_EDITOR) {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: selectedTemplate.template,
+					[EmailTemplateInputDataFields.DESIGN]: selectedTemplate.design,
+				});
+			} else {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: '',
+					[EmailTemplateInputDataFields.DESIGN]: '',
+				});
+			}
+		} else if (selectedTemplate?.template) {
+			if (editor === EmailTemplateEditors.UNLAYER_EDITOR) {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: '',
+					[EmailTemplateInputDataFields.DESIGN]: '',
+				});
+			} else {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: selectedTemplate?.template,
+					[EmailTemplateInputDataFields.DESIGN]: '',
+				});
+			}
+		}
+	}, [editor]);
+
 	return (
 		<>
 			{view === UpdateModalViews.ADD ? (
@@ -414,7 +492,22 @@ const UpdateEmailTemplate = ({
 								alignItems="center"
 								marginBottom="2%"
 							>
-								Template Body
+								<Flex flex="1">Template Body</Flex>
+								<Flex flex="3">
+									<RadioGroup
+										onChange={(value) => setEditor(value)}
+										value={editor}
+									>
+										<Stack direction="row" spacing="50px">
+											<Radio value={EmailTemplateEditors.PLAIN_HTML_EDITOR}>
+												Plain HTML
+											</Radio>
+											<Radio value={EmailTemplateEditors.UNLAYER_EDITOR}>
+												Unlayer Editor
+											</Radio>
+										</Stack>
+									</RadioGroup>
+								</Flex>
 							</Flex>
 							<Flex
 								width="100%"
@@ -423,7 +516,22 @@ const UpdateEmailTemplate = ({
 								border="1px solid"
 								borderColor="gray.200"
 							>
-								<EmailEditor ref={emailEditorRef} onReady={onReady} />
+								{editor === EmailTemplateEditors.UNLAYER_EDITOR ? (
+									<EmailEditor ref={emailEditorRef} onReady={onReady} />
+								) : (
+									<Textarea
+										value={templateData.template}
+										onChange={(e) => {
+											setTemplateData({
+												...templateData,
+												[EmailTemplateInputDataFields.TEMPLATE]: e.target.value,
+											});
+										}}
+										placeholder="Template HTML"
+										border="0"
+										height="500px"
+									/>
+								)}
 							</Flex>
 						</Flex>
 					</ModalBody>

dashboard/src/components/UpdateWebhookModal.tsx

@@ -290,7 +290,7 @@ const UpdateWebhookModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (res.data?._add_webhook || res.data?._update_webhook) {
 			toast({
@@ -299,7 +299,7 @@ const UpdateWebhookModal = ({
 				),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			setWebhook({
 				...initWebhookData,

dashboard/src/constants.ts

@@ -10,6 +10,8 @@ export const TextInputType = {
 	LINKEDIN_CLIENT_ID: 'LINKEDIN_CLIENT_ID',
 	APPLE_CLIENT_ID: 'APPLE_CLIENT_ID',
 	TWITTER_CLIENT_ID: 'TWITTER_CLIENT_ID',
+	MICROSOFT_CLIENT_ID: 'MICROSOFT_CLIENT_ID',
+	MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: 'MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID',
 	JWT_ROLE_CLAIM: 'JWT_ROLE_CLAIM',
 	REDIS_URL: 'REDIS_URL',
 	SMTP_HOST: 'SMTP_HOST',
@@ -38,6 +40,7 @@ export const HiddenInputType = {
 	LINKEDIN_CLIENT_SECRET: 'LINKEDIN_CLIENT_SECRET',
 	APPLE_CLIENT_SECRET: 'APPLE_CLIENT_SECRET',
 	TWITTER_CLIENT_SECRET: 'TWITTER_CLIENT_SECRET',
+	MICROSOFT_CLIENT_SECRET: 'MICROSOFT_CLIENT_SECRET',
 	JWT_SECRET: 'JWT_SECRET',
 	SMTP_PASSWORD: 'SMTP_PASSWORD',
 	ADMIN_SECRET: 'ADMIN_SECRET',
@@ -120,6 +123,9 @@ export interface envVarTypes {
 	APPLE_CLIENT_SECRET: string;
 	TWITTER_CLIENT_ID: string;
 	TWITTER_CLIENT_SECRET: string;
+	MICROSOFT_CLIENT_ID: string;
+	MICROSOFT_CLIENT_SECRET: string;
+	MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: string;
 	ROLES: [string] | [];
 	DEFAULT_ROLES: [string] | [];
 	PROTECTED_ROLES: [string] | [];
@@ -337,3 +343,8 @@ export const webhookPayloadExample: string = `{
 	},
 	"auth_recipe":"google"
  }`;
+
+export enum EmailTemplateEditors {
+	UNLAYER_EDITOR = 'unlayer_editor',
+	PLAIN_HTML_EDITOR = 'plain_html_editor',
+}

dashboard/src/graphql/queries/index.ts

@@ -32,6 +32,9 @@ export const EnvVariablesQuery = `
       APPLE_CLIENT_SECRET
       TWITTER_CLIENT_ID
       TWITTER_CLIENT_SECRET
+      MICROSOFT_CLIENT_ID
+      MICROSOFT_CLIENT_SECRET
+      MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID
       DEFAULT_ROLES
       PROTECTED_ROLES
       ROLES

dashboard/src/pages/Auth.tsx

@@ -57,7 +57,7 @@ export default function Auth() {
 					title: capitalizeFirstLetter(error.message),
 					isClosable: true,
 					status: 'error',
-					position: 'bottom-right',
+					position: 'top-right',
 				});
 			});
 		}

dashboard/src/pages/Environment.tsx

@@ -52,6 +52,9 @@ const Environment = () => {
 		APPLE_CLIENT_SECRET: '',
 		TWITTER_CLIENT_ID: '',
 		TWITTER_CLIENT_SECRET: '',
+		MICROSOFT_CLIENT_ID: '',
+		MICROSOFT_CLIENT_SECRET: '',
+		MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: '',
 		ROLES: [],
 		DEFAULT_ROLES: [],
 		PROTECTED_ROLES: [],
@@ -203,7 +206,7 @@ const Environment = () => {
 			} variables`,
 			isClosable: true,
 			status: 'success',
-			position: 'bottom-right',
+			position: 'top-right',
 		});
 	};
 

dashboard/src/pages/Users.tsx

@@ -180,14 +180,14 @@ export default function Users() {
 				title: 'User verification failed',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (res.data?._update_user?.id) {
 			toast({
 				title: 'User verification successful',
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		updateUserList();
@@ -211,14 +211,14 @@ export default function Users() {
 						title: 'User access enable failed',
 						isClosable: true,
 						status: 'error',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				} else {
 					toast({
 						title: 'User access enabled successfully',
 						isClosable: true,
 						status: 'success',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				}
 				updateUserList();
@@ -236,14 +236,14 @@ export default function Users() {
 						title: 'User access revoke failed',
 						isClosable: true,
 						status: 'error',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				} else {
 					toast({
 						title: 'User access revoked successfully',
 						isClosable: true,
 						status: 'success',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				}
 				updateUserList();
@@ -268,7 +268,7 @@ export default function Users() {
 				} for user`,
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			updateUserList();
 			return;
@@ -277,7 +277,7 @@ export default function Users() {
 			title: 'Multi factor authentication update failed for user',
 			isClosable: true,
 			status: 'error',
-			position: 'bottom-right',
+			position: 'top-right',
 		});
 	};
 

scripts/couchbase-test.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -x
+set -m
+
+sleep 15
+
+# Setup index and memory quota
+# curl -v -X POST http://127.0.0.1:8091/pools/default -d memoryQuota=300 -d indexMemoryQuota=300
+
+# Setup services
+curl -v http://127.0.0.1:8091/node/controller/setupServices -d services=kv%2Cn1ql%2Cindex
+
+# Setup credentials
+curl -v http://127.0.0.1:8091/settings/web -d port=8091 -d username=Administrator -d password=password
+
+# Setup Memory Optimized Indexes
+curl -i -u Administrator:password -X POST http://127.0.0.1:8091/settings/indexes -d 'storageMode=memory_optimized'
+
+# Load travel-sample bucket
+#curl -v -u Administrator:password -X POST http://127.0.0.1:8091/sampleBuckets/install -d '["travel-sample"]'
+
+echo "Type: $TYPE"
+
+if [ "$TYPE" = "WORKER" ]; then
+  echo "Sleeping ..."
+  sleep 15
+
+  #IP=`hostname -s`
+  IP=`hostname -I | cut -d ' ' -f1`
+  echo "IP: " $IP
+
+  echo "Auto Rebalance: $AUTO_REBALANCE"
+  if [ "$AUTO_REBALANCE" = "true" ]; then
+    couchbase-cli rebalance --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
+  else
+    couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
+  fi;
+fi;

server/constants/auth_methods.go

@@ -3,6 +3,8 @@ package constants
 const (
 	// AuthRecipeMethodBasicAuth is the basic_auth auth method
 	AuthRecipeMethodBasicAuth = "basic_auth"
+	// AuthRecipeMethodMobileBasicAuth is the mobile basic_auth method, where user can signup using mobile number and password
+	AuthRecipeMethodMobileBasicAuth = "mobile_basic_auth"
 	// AuthRecipeMethodMagicLinkLogin is the magic_link_login auth method
 	AuthRecipeMethodMagicLinkLogin = "magic_link_login"
 	// AuthRecipeMethodGoogle is the google auth method
@@ -17,4 +19,6 @@ const (
 	AuthRecipeMethodApple = "apple"
 	// AuthRecipeMethodTwitter is the twitter auth method
 	AuthRecipeMethodTwitter = "twitter"
+	// AuthRecipeMethodMicrosoft is the microsoft auth method
+	AuthRecipeMethodMicrosoft = "microsoft"
 )

server/constants/db_types.go

@@ -27,4 +27,6 @@ const (
 	DbTypePlanetScaleDB = "planetscale"
 	// DbTypeDynamoDB is the Dynamo database type
 	DbTypeDynamoDB = "dynamodb"
+	// DbTypeCouchbaseDB is the Couchbase database type
+	DbTypeCouchbaseDB = "couchbase"
 )

server/constants/env.go

@@ -43,6 +43,13 @@ const (
 	EnvKeyDatabaseCertKey = "DATABASE_CERT_KEY"
 	// EnvKeyDatabaseCACert key for env variable DATABASE_CA_CERT
 	EnvKeyDatabaseCACert = "DATABASE_CA_CERT"
+	// EnvCouchbaseBucket key for env variable COUCHBASE_BUCKET
+	EnvCouchbaseBucket = "COUCHBASE_BUCKET"
+	// EnvCouchbaseBucketRAMQuotaMB key for env variable COUCHBASE_BUCKET_RAM_QUOTA
+	// This value should be parsed as number
+	EnvCouchbaseBucketRAMQuotaMB = "COUCHBASE_BUCKET_RAM_QUOTA"
+	// EnvCouchbaseBucket key for env variable COUCHBASE_SCOPE
+	EnvCouchbaseScope = "COUCHBASE_SCOPE"
 	// EnvKeySmtpHost key for env variable SMTP_HOST
 	EnvKeySmtpHost = "SMTP_HOST"
 	// EnvKeySmtpPort key for env variable SMTP_PORT
@@ -101,6 +108,12 @@ const (
 	EnvKeyTwitterClientID = "TWITTER_CLIENT_ID"
 	// EnvKeyTwitterClientSecret key for env variable TWITTER_CLIENT_SECRET
 	EnvKeyTwitterClientSecret = "TWITTER_CLIENT_SECRET"
+	// EnvKeyMicrosoftClientID key for env variable MICROSOFT_CLIENT_ID
+	EnvKeyMicrosoftClientID = "MICROSOFT_CLIENT_ID"
+	// EnvKeyMicrosoftActiveDirectoryTenantID key for env variable MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID
+	EnvKeyMicrosoftActiveDirectoryTenantID = "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID"
+	// EnvKeyMicrosoftClientSecret key for env variable MICROSOFT_CLIENT_SECRET
+	EnvKeyMicrosoftClientSecret = "MICROSOFT_CLIENT_SECRET"
 	// EnvKeyOrganizationName key for env variable ORGANIZATION_NAME
 	EnvKeyOrganizationName = "ORGANIZATION_NAME"
 	// EnvKeyOrganizationLogo key for env variable ORGANIZATION_LOGO
@@ -125,6 +138,8 @@ const (
 	EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION"
 	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH
 	EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION"
+	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_MOBILE_BASIC_AUTH
+	EnvKeyDisableMobileBasicAuthentication = "DISABLE_MOBILE_BASIC_AUTHENTICATION"
 	// EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN
 	EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN"
 	// EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE

server/constants/oauth2.go

@@ -0,0 +1,19 @@
+package constants
+
+const (
+	// - query: for Authorization Code grant. 302 Found triggers redirect.
+	ResponseModeQuery = "query"
+	// - fragment: for Implicit grant. 302 Found triggers redirect.
+	ResponseModeFragment = "fragment"
+	// - form_post: 200 OK with response parameters embedded in an HTML form as hidden parameters.
+	ResponseModeFormPost = "form_post"
+	// - web_message: For Silent Authentication. Uses HTML5 web messaging.
+	ResponseModeWebMessage = "web_message"
+
+	// For the Authorization Code grant, use response_type=code to include the authorization code.
+	ResponseTypeCode = "code"
+	// For the Implicit grant, use response_type=token to include an access token.
+	ResponseTypeToken = "token"
+	// For the Implicit grant of id_token, use response_type=id_token to include an identifier token.
+	ResponseTypeIDToken = "id_token"
+)

server/constants/oauth_info_urls.go

@@ -16,4 +16,8 @@ const (
 	LinkedInEmailURL    = "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))"
 
 	TwitterUserInfoURL = "https://api.twitter.com/2/users/me?user.fields=id,name,profile_image_url,username"
+
+	// Get microsoft user info.
+	// Ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo
+	MicrosoftUserInfoURL = "https://graph.microsoft.com/oidc/userinfo"
 )

server/db/db.go

@@ -7,6 +7,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/providers"
 	"github.com/authorizerdev/authorizer/server/db/providers/arangodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/cassandradb"
+	"github.com/authorizerdev/authorizer/server/db/providers/couchbase"
 	"github.com/authorizerdev/authorizer/server/db/providers/dynamodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/mongodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/sql"
@@ -21,11 +22,12 @@ func InitDB() error {
 
 	envs := memorystore.RequiredEnvStoreObj.GetRequiredEnv()
 
-	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB
+	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB && envs.DatabaseType != constants.DbTypeCouchbaseDB
 	isArangoDB := envs.DatabaseType == constants.DbTypeArangodb
 	isMongoDB := envs.DatabaseType == constants.DbTypeMongodb
 	isCassandra := envs.DatabaseType == constants.DbTypeCassandraDB || envs.DatabaseType == constants.DbTypeScyllaDB
 	isDynamoDB := envs.DatabaseType == constants.DbTypeDynamoDB
+	isCouchbaseDB := envs.DatabaseType == constants.DbTypeCouchbaseDB
 
 	if isSQL {
 		log.Info("Initializing SQL Driver for: ", envs.DatabaseType)
@@ -72,5 +74,14 @@ func InitDB() error {
 		}
 	}
 
+	if isCouchbaseDB {
+		log.Info("Initializing CouchbaseDB Driver for: ", envs.DatabaseType)
+		Provider, err = couchbase.NewProvider()
+		if err != nil {
+			log.Fatal("Failed to initialize Couchbase driver: ", err)
+			return err
+		}
+	}
+
 	return nil
 }

server/db/models/env.go

@@ -4,10 +4,11 @@ package models
 
 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
-	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
-	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	Key           string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID            string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData       string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash          string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs.
+	UpdatedAt     int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt     int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }

server/db/models/user.go

@@ -25,7 +25,7 @@ type User struct {
 	Nickname                 *string `json:"nickname" bson:"nickname" cql:"nickname" dynamo:"nickname"`
 	Gender                   *string `json:"gender" bson:"gender" cql:"gender" dynamo:"gender"`
 	Birthdate                *string `json:"birthdate" bson:"birthdate" cql:"birthdate" dynamo:"birthdate"`
-	PhoneNumber              *string `gorm:"unique" json:"phone_number" bson:"phone_number" cql:"phone_number" dynamo:"phone_number"`
+	PhoneNumber              *string `gorm:"index" json:"phone_number" bson:"phone_number" cql:"phone_number" dynamo:"phone_number"`
 	PhoneNumberVerifiedAt    *int64  `json:"phone_number_verified_at" bson:"phone_number_verified_at" cql:"phone_number_verified_at" dynamo:"phone_number_verified_at"`
 	Picture                  *string `json:"picture" bson:"picture" cql:"picture" dynamo:"picture"`
 	Roles                    string  `json:"roles" bson:"roles" cql:"roles" dynamo:"roles"`

server/db/providers/arangodb/email_template.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -52,7 +51,7 @@ func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagin
 
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.EmailTemplate, pagination.Offset, pagination.Limit)
 
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, nil)
 	if err != nil {
 		return nil, err

server/db/providers/arangodb/provider.go

@@ -2,8 +2,11 @@ package arangodb
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/arangodb/go-driver/http"
 	"github.com/authorizerdev/authorizer/server/db/models"
@@ -22,44 +25,75 @@ type provider struct {
 func NewProvider() (*provider, error) {
 	ctx := context.Background()
 	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-	conn, err := http.NewConnection(http.ConnectionConfig{
+	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+	dbCACertificate := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert
+	httpConfig := http.ConnectionConfig{
 		Endpoints: []string{dbURL},
-	})
+	}
+	// If ca certificate if present, create tls config
+	if dbCACertificate != "" {
+		caCert, err := base64.StdEncoding.DecodeString(dbCACertificate)
+		if err != nil {
+			return nil, err
+		}
+		// Prepare TLS Config
+		tlsConfig := &tls.Config{}
+		certPool := x509.NewCertPool()
+		if success := certPool.AppendCertsFromPEM(caCert); !success {
+			return nil, fmt.Errorf("invalid certificate")
+		}
+		tlsConfig.RootCAs = certPool
+		httpConfig.TLSConfig = tlsConfig
+	}
+	// Create new http connection
+	conn, err := http.NewConnection(httpConfig)
 	if err != nil {
 		return nil, err
 	}
-
-	arangoClient, err := arangoDriver.NewClient(arangoDriver.ClientConfig{
+	clientConfig := arangoDriver.ClientConfig{
 		Connection: conn,
-	})
+	}
+	if dbUsername != "" && dbPassword != "" {
+		clientConfig.Authentication = arangoDriver.BasicAuthentication(dbUsername, dbPassword)
+	}
+	arangoClient, err := arangoDriver.NewClient(clientConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	var arangodb driver.Database
+	var arangodb arangoDriver.Database
 	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
-	arangodb_exists, err := arangoClient.DatabaseExists(nil, dbName)
-
+	arangodb_exists, err := arangoClient.DatabaseExists(ctx, dbName)
+	if err != nil {
+		return nil, err
+	}
 	if arangodb_exists {
-		arangodb, err = arangoClient.Database(nil, dbName)
+		arangodb, err = arangoClient.Database(ctx, dbName)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		arangodb, err = arangoClient.CreateDatabase(nil, dbName, nil)
+		arangodb, err = arangoClient.CreateDatabase(ctx, dbName, nil)
 		if err != nil {
 			return nil, err
 		}
 	}
 
 	userCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
 	if !userCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.User, nil)
 		if err != nil {
 			return nil, err
 		}
 	}
-	userCollection, _ := arangodb.Collection(nil, models.Collections.User)
+	userCollection, err := arangodb.Collection(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
 	userCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
@@ -70,6 +104,9 @@ func NewProvider() (*provider, error) {
 	})
 
 	verificationRequestCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
 	if !verificationRequestCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.VerificationRequest, nil)
 		if err != nil {
@@ -77,7 +114,10 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	verificationRequestCollection, _ := arangodb.Collection(nil, models.Collections.VerificationRequest)
+	verificationRequestCollection, err := arangodb.Collection(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
 	verificationRequestCollection.EnsureHashIndex(ctx, []string{"email", "identifier"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
@@ -87,6 +127,9 @@ func NewProvider() (*provider, error) {
 	})
 
 	sessionCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Session)
+	if err != nil {
+		return nil, err
+	}
 	if !sessionCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Session, nil)
 		if err != nil {
@@ -94,13 +137,19 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	sessionCollection, _ := arangodb.Collection(nil, models.Collections.Session)
+	sessionCollection, err := arangodb.Collection(ctx, models.Collections.Session)
+	if err != nil {
+		return nil, err
+	}
 	sessionCollection.EnsureHashIndex(ctx, []string{"user_id"}, &arangoDriver.EnsureHashIndexOptions{
 		Sparse: true,
 	})
 
-	configCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Env)
-	if !configCollectionExists {
+	envCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Env)
+	if err != nil {
+		return nil, err
+	}
+	if !envCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Env, nil)
 		if err != nil {
 			return nil, err
@@ -108,6 +157,9 @@ func NewProvider() (*provider, error) {
 	}
 
 	webhookCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
 	if !webhookCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Webhook, nil)
 		if err != nil {
@@ -115,13 +167,19 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	webhookCollection, _ := arangodb.Collection(nil, models.Collections.Webhook)
+	webhookCollection, err := arangodb.Collection(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
 	webhookCollection.EnsureHashIndex(ctx, []string{"event_name"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
 	})
 
 	webhookLogCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
 	if !webhookLogCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.WebhookLog, nil)
 		if err != nil {
@@ -129,12 +187,18 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	webhookLogCollection, _ := arangodb.Collection(nil, models.Collections.WebhookLog)
+	webhookLogCollection, err := arangodb.Collection(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
 	webhookLogCollection.EnsureHashIndex(ctx, []string{"webhook_id"}, &arangoDriver.EnsureHashIndexOptions{
 		Sparse: true,
 	})
 
 	emailTemplateCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
 	if !emailTemplateCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.EmailTemplate, nil)
 		if err != nil {
@@ -142,13 +206,19 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	emailTemplateCollection, _ := arangodb.Collection(nil, models.Collections.EmailTemplate)
+	emailTemplateCollection, err := arangodb.Collection(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
 	emailTemplateCollection.EnsureHashIndex(ctx, []string{"event_name"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
 	})
 
 	otpCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.OTP)
+	if err != nil {
+		return nil, err
+	}
 	if !otpCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.OTP, nil)
 		if err != nil {
@@ -156,7 +226,10 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	otpCollection, _ := arangodb.Collection(nil, models.Collections.OTP)
+	otpCollection, err := arangodb.Collection(ctx, models.Collections.OTP)
+	if err != nil {
+		return nil, err
+	}
 	otpCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,

server/db/providers/arangodb/user.go

@@ -7,7 +7,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/google/uuid"
 
@@ -15,6 +14,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 )
 
 // AddUser to save user information in database
@@ -32,6 +32,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil && u.ID != user.ID {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 	userCollection, _ := p.db.Collection(ctx, models.Collections.User)
@@ -48,6 +54,7 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 // UpdateUser to update user information in database
 func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
 	user.UpdatedAt = time.Now().Unix()
+
 	collection, _ := p.db.Collection(ctx, models.Collections.User)
 	meta, err := collection.UpdateDocument(ctx, user.Key, user)
 	if err != nil {
@@ -83,7 +90,7 @@ func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
 // ListUsers to get list of users from database
 func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
 	var users []*model.User
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.User, pagination.Offset, pagination.Limit)
 
@@ -191,7 +198,7 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 
 	query := ""
-	if ids != nil && len(ids) > 0 {
+	if len(ids) > 0 {
 		keysArray := ""
 		for _, id := range ids {
 			keysArray += fmt.Sprintf("'%s', ", id)
@@ -204,10 +211,40 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 
 	_, err = p.db.Query(ctx, query, nil)
-
 	if err != nil {
 		return err
 	}
 
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user models.User
+
+	query := fmt.Sprintf("FOR d in %s FILTER d.phone_number == @phone_number RETURN d", models.Collections.User)
+	bindVars := map[string]interface{}{
+		"phone_number": phoneNumber,
+	}
+
+	cursor, err := p.db.Query(ctx, query, bindVars)
+	if err != nil {
+		return nil, err
+	}
+	defer cursor.Close()
+
+	for {
+		if !cursor.HasMore() {
+			if user.Key == "" {
+				return nil, fmt.Errorf("user not found")
+			}
+			break
+		}
+		_, err := cursor.ReadDocument(ctx, &user)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &user, nil
+}

server/db/providers/arangodb/verification_requests.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
+	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/google/uuid"
@@ -96,7 +96,7 @@ func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email stri
 // ListVerificationRequests to get list of verification requests from database
 func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
 	var verificationRequests []*model.VerificationRequest
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.VerificationRequest, pagination.Offset, pagination.Limit)
 
 	cursor, err := p.db.Query(sctx, query, nil)
@@ -112,7 +112,7 @@ func (p *provider) ListVerificationRequests(ctx context.Context, pagination mode
 		var verificationRequest models.VerificationRequest
 		meta, err := cursor.ReadDocument(ctx, &verificationRequest)
 
-		if driver.IsNoMoreDocuments(err) {
+		if arangoDriver.IsNoMoreDocuments(err) {
 			break
 		} else if err != nil {
 			return nil, err
@@ -132,8 +132,8 @@ func (p *provider) ListVerificationRequests(ctx context.Context, pagination mode
 
 // DeleteVerificationRequest to delete verification request from database
 func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
-	collection, _ := p.db.Collection(nil, models.Collections.VerificationRequest)
-	_, err := collection.RemoveDocument(nil, verificationRequest.Key)
+	collection, _ := p.db.Collection(ctx, models.Collections.VerificationRequest)
+	_, err := collection.RemoveDocument(ctx, verificationRequest.Key)
 	if err != nil {
 		return err
 	}

server/db/providers/arangodb/webhook.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -50,7 +49,7 @@ func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination)
 
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.Webhook, pagination.Offset, pagination.Limit)
 
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, nil)
 	if err != nil {
 		return nil, err

server/db/providers/arangodb/webhook_log.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -44,7 +43,7 @@ func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Paginat
 		}
 	}
 
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, bindVariables)
 	if err != nil {
 		return nil, err

server/db/providers/cassandradb/provider.go

@@ -161,6 +161,12 @@ func NewProvider() (*provider, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	userPhoneNumberIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_user_phone_number ON %s.%s (phone_number)", KeySpace, models.Collections.User)
+	err = session.Query(userPhoneNumberIndexQuery).Exec()
+	if err != nil {
+		return nil, err
+	}
 	// add is_multi_factor_auth_enabled on users table
 	userTableAlterQuery := fmt.Sprintf(`ALTER TABLE %s.%s ADD is_multi_factor_auth_enabled boolean`, KeySpace, models.Collections.User)
 	err = session.Query(userTableAlterQuery).Exec()

server/db/providers/cassandradb/user.go

@@ -12,6 +12,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/gocql/gocql"
 	"github.com/google/uuid"
 )
@@ -30,6 +31,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil && u.ID != user.ID {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 
@@ -299,3 +306,14 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user models.User
+	query := fmt.Sprintf("SELECT id, email, email_verified_at, password, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s WHERE phone_number = '%s' LIMIT 1 ALLOW FILTERING", KeySpace+"."+models.Collections.User, phoneNumber)
+	err := p.db.Query(query).Consistency(gocql.One).Scan(&user.ID, &user.Email, &user.EmailVerifiedAt, &user.Password, &user.SignupMethods, &user.GivenName, &user.FamilyName, &user.MiddleName, &user.Nickname, &user.Birthdate, &user.PhoneNumber, &user.PhoneNumberVerifiedAt, &user.Picture, &user.Roles, &user.RevokedTimestamp, &user.IsMultiFactorAuthEnabled, &user.CreatedAt, &user.UpdatedAt)
+	if err != nil {
+		return nil, err
+	}
+	return &user, nil
+}

server/db/providers/couchbase/email_template.go

@@ -0,0 +1,166 @@
+package couchbase
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddEmailTemplate to add EmailTemplate
+func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+
+	if emailTemplate.ID == "" {
+		emailTemplate.ID = uuid.New().String()
+	}
+
+	emailTemplate.Key = emailTemplate.ID
+	emailTemplate.CreatedAt = time.Now().Unix()
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+
+	_, err := p.db.Collection(models.Collections.EmailTemplate).Insert(emailTemplate.ID, emailTemplate, &insertOpt)
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// UpdateEmailTemplate to update EmailTemplate
+func (p *provider) UpdateEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	bytes, err := json.Marshal(emailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	// use decoder instead of json.Unmarshall, because it converts int64 -> float64 after unmarshalling
+	decoder := json.NewDecoder(strings.NewReader(string(bytes)))
+	decoder.UseNumber()
+	emailTemplateMap := map[string]interface{}{}
+	err = decoder.Decode(&emailTemplateMap)
+	if err != nil {
+		return nil, err
+	}
+
+	updateFields, params := GetSetFields(emailTemplateMap)
+	params["emailId"] = emailTemplate.ID
+
+	query := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id = $emailId", p.scopeName, models.Collections.EmailTemplate, updateFields)
+
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// ListEmailTemplates to list EmailTemplate
+func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagination) (*model.EmailTemplates, error) {
+	emailTemplates := []*model.EmailTemplate{}
+	paginationClone := pagination
+	total, err := p.GetTotalDocs(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	userQuery := fmt.Sprintf("SELECT _id, event_name, subject, design, template, created_at, updated_at FROM %s.%s ORDER BY _id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.EmailTemplate)
+
+	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	for queryResult.Next() {
+		emailTemplate := models.EmailTemplate{}
+		err := queryResult.Row(&emailTemplate)
+		if err != nil {
+			log.Fatal(err)
+		}
+		emailTemplates = append(emailTemplates, emailTemplate.AsAPIEmailTemplate())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+
+	return &model.EmailTemplates{
+		Pagination:     &paginationClone,
+		EmailTemplates: emailTemplates,
+	}, nil
+}
+
+// GetEmailTemplateByID to get EmailTemplate by id
+func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
+	emailTemplate := models.EmailTemplate{}
+
+	query := fmt.Sprintf(`SELECT  _id, event_name, subject, design, template, created_at, updated_at  FROM %s.%s WHERE _id = $1 LIMIT 1`, p.scopeName, models.Collections.EmailTemplate)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{emailTemplateID},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&emailTemplate)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// GetEmailTemplateByEventName to get EmailTemplate by event_name
+func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
+	emailTemplate := models.EmailTemplate{}
+
+	query := fmt.Sprintf("SELECT  _id, event_name, subject, design, template, created_at, updated_at  FROM %s.%s WHERE event_name=$1 LIMIT 1", p.scopeName, models.Collections.EmailTemplate)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{eventName},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&emailTemplate)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// DeleteEmailTemplate to delete EmailTemplate
+func (p *provider) DeleteEmailTemplate(ctx context.Context, emailTemplate *model.EmailTemplate) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.EmailTemplate).Remove(emailTemplate.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}

server/db/providers/couchbase/env.go

@@ -0,0 +1,70 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddEnv to save environment information in database
+func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	if env.ID == "" {
+		env.ID = uuid.New().String()
+	}
+	env.CreatedAt = time.Now().Unix()
+	env.UpdatedAt = time.Now().Unix()
+	env.Key = env.ID
+	env.EncryptionKey = env.Hash
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Env).Insert(env.ID, env, &insertOpt)
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// UpdateEnv to update environment information in database
+func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	env.UpdatedAt = time.Now().Unix()
+	env.EncryptionKey = env.Hash
+
+	updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env)
+	_, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{env.EnvData, env.UpdatedAt, env.UpdatedAt, env.ID},
+	})
+
+	if err != nil {
+		return env, err
+	}
+
+	return env, nil
+}
+
+// GetEnv to get environment information from database
+func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
+	var env models.Env
+
+	query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+	})
+	if err != nil {
+		return env, err
+	}
+	err = q.One(&env)
+
+	if err != nil {
+		return env, err
+	}
+	env.Hash = env.EncryptionKey
+	return env, nil
+}

server/db/providers/couchbase/otp.go

@@ -0,0 +1,84 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// UpsertOTP to add or update otp
+func (p *provider) UpsertOTP(ctx context.Context, otpParam *models.OTP) (*models.OTP, error) {
+	otp, _ := p.GetOTPByEmail(ctx, otpParam.Email)
+
+	shouldCreate := false
+	if otp == nil {
+		shouldCreate = true
+		otp = &models.OTP{
+			ID:        uuid.NewString(),
+			Otp:       otpParam.Otp,
+			Email:     otpParam.Email,
+			ExpiresAt: otpParam.ExpiresAt,
+			CreatedAt: time.Now().Unix(),
+			UpdatedAt: time.Now().Unix(),
+		}
+	} else {
+		otp.Otp = otpParam.Otp
+		otp.ExpiresAt = otpParam.ExpiresAt
+	}
+
+	otp.UpdatedAt = time.Now().Unix()
+	if shouldCreate {
+		insertOpt := gocb.InsertOptions{
+			Context: ctx,
+		}
+		_, err := p.db.Collection(models.Collections.OTP).Insert(otp.ID, otp, &insertOpt)
+		if err != nil {
+			return otp, err
+		}
+	} else {
+		query := fmt.Sprintf(`UPDATE %s.%s SET otp=$1, expires_at=$2, updated_at=$3 WHERE _id=$4`, p.scopeName, models.Collections.OTP)
+		_, err := p.db.Query(query, &gocb.QueryOptions{
+			PositionalParameters: []interface{}{otp.Otp, otp.ExpiresAt, otp.UpdatedAt, otp.ID},
+		})
+		if err != nil {
+			return otp, err
+		}
+	}
+	return otp, nil
+}
+
+// GetOTPByEmail to get otp for a given email address
+func (p *provider) GetOTPByEmail(ctx context.Context, emailAddress string) (*models.OTP, error) {
+	otp := models.OTP{}
+	query := fmt.Sprintf(`SELECT _id, email, otp, expires_at, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1`, p.scopeName, models.Collections.OTP)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{emailAddress},
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&otp)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &otp, nil
+}
+
+// DeleteOTP to delete otp
+func (p *provider) DeleteOTP(ctx context.Context, otp *models.OTP) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.OTP).Remove(otp.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}

server/db/providers/couchbase/provider.go

@@ -0,0 +1,170 @@
+package couchbase
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/couchbase/gocb/v2"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+)
+
+const (
+	defaultBucketName = "authorizer"
+	defaultScope      = "_default"
+)
+
+type provider struct {
+	db        *gocb.Scope
+	scopeName string
+}
+
+// NewProvider returns a new Couchbase provider
+func NewProvider() (*provider, error) {
+	bucketName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseBucket
+	scopeName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseScope
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	userName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	password := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+	opts := gocb.ClusterOptions{
+		Username: userName,
+		Password: password,
+	}
+	if bucketName == "" {
+		bucketName = defaultBucketName
+	}
+	if scopeName == "" {
+		scopeName = defaultScope
+	}
+	cluster, err := gocb.Connect(dbURL, opts)
+	if err != nil {
+		return nil, err
+	}
+	// To create the bucket and scope if not exist
+	bucket, err := CreateBucketAndScope(cluster, bucketName, scopeName)
+	if err != nil {
+		return nil, err
+	}
+	scope := bucket.Scope(scopeName)
+	scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName)
+	v := reflect.ValueOf(models.Collections)
+	for i := 0; i < v.NumField(); i++ {
+		collectionName := v.Field(i)
+		user := gocb.CollectionSpec{
+			Name:      collectionName.String(),
+			ScopeName: scopeName,
+		}
+		collectionOpts := gocb.CreateCollectionOptions{
+			Context: context.TODO(),
+		}
+		err = bucket.Collections().CreateCollection(user, &collectionOpts)
+		if err != nil && !errors.Is(err, gocb.ErrCollectionExists) {
+			return nil, err
+		}
+		// TODO: find how to fix this sleep time.
+		// Add wait time for successful collection creation
+		time.Sleep(5 * time.Second)
+		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String())
+		_, err = scope.Query(indexQuery, nil)
+		if err != nil && !strings.Contains(err.Error(), "The index #primary already exists") {
+			return nil, err
+		}
+	}
+
+	indices := GetIndex(scopeIdentifier)
+	for i := 0; i < v.NumField(); i++ {
+		field := v.Field(i)
+		for _, indexQuery := range indices[field.String()] {
+			scope.Query(indexQuery, nil)
+		}
+	}
+	return &provider{
+		db:        scope,
+		scopeName: scopeIdentifier,
+	}, nil
+}
+
+func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName string) (*gocb.Bucket, error) {
+	bucketRAMQuotaMB := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseBucketRAMQuotaMB
+	if bucketRAMQuotaMB == "" {
+		bucketRAMQuotaMB = "1000"
+	}
+	bucketRAMQuota, err := strconv.ParseInt(bucketRAMQuotaMB, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	settings := gocb.BucketSettings{
+		Name:            bucketName,
+		RAMQuotaMB:      uint64(bucketRAMQuota),
+		BucketType:      gocb.CouchbaseBucketType,
+		EvictionPolicy:  gocb.EvictionPolicyTypeValueOnly,
+		FlushEnabled:    true,
+		CompressionMode: gocb.CompressionModeActive,
+	}
+	shouldCreateBucket := false
+	// check if bucket exists
+	_, err = cluster.Buckets().GetBucket(bucketName, nil)
+	if err != nil {
+		// bucket not found
+		shouldCreateBucket = true
+	}
+	if shouldCreateBucket {
+		err = cluster.Buckets().CreateBucket(gocb.CreateBucketSettings{
+			BucketSettings:         settings,
+			ConflictResolutionType: gocb.ConflictResolutionTypeSequenceNumber,
+		}, nil)
+		if err != nil {
+			return nil, err
+		}
+	}
+	bucket := cluster.Bucket(bucketName)
+	if scopeName != defaultScope {
+		err = bucket.Collections().CreateScope(scopeName, nil)
+		if err != nil && !errors.Is(err, gocb.ErrScopeExists) {
+			return bucket, err
+		}
+	}
+	return bucket, nil
+}
+
+func GetIndex(scopeName string) map[string][]string {
+	indices := make(map[string][]string)
+
+	// User Index
+	userIndex1 := fmt.Sprintf("CREATE INDEX userEmailIndex ON %s.%s(email)", scopeName, models.Collections.User)
+	userIndex2 := fmt.Sprintf("CREATE INDEX userPhoneIndex ON %s.%s(phone_number)", scopeName, models.Collections.User)
+	indices[models.Collections.User] = []string{userIndex1, userIndex2}
+
+	// VerificationRequest
+	verificationIndex1 := fmt.Sprintf("CREATE INDEX verificationRequestTokenIndex ON %s.%s(token)", scopeName, models.Collections.VerificationRequest)
+	verificationIndex2 := fmt.Sprintf("CREATE INDEX verificationRequestEmailAndIdentifierIndex ON %s.%s(email,identifier)", scopeName, models.Collections.VerificationRequest)
+	indices[models.Collections.VerificationRequest] = []string{verificationIndex1, verificationIndex2}
+
+	// Session index
+	sessionIndex1 := fmt.Sprintf("CREATE INDEX SessionUserIdIndex ON %s.%s(user_id)", scopeName, models.Collections.Session)
+	indices[models.Collections.Session] = []string{sessionIndex1}
+
+	// Webhook index
+	webhookIndex1 := fmt.Sprintf("CREATE INDEX webhookEventNameIndex ON %s.%s(event_name)", scopeName, models.Collections.Webhook)
+	indices[models.Collections.Webhook] = []string{webhookIndex1}
+
+	// WebhookLog index
+	webhookLogIndex1 := fmt.Sprintf("CREATE INDEX webhookLogIdIndex ON %s.%s(webhook_id)", scopeName, models.Collections.WebhookLog)
+	indices[models.Collections.Webhook] = []string{webhookLogIndex1}
+
+	// WebhookLog index
+	emailTempIndex1 := fmt.Sprintf("CREATE INDEX EmailTemplateEventNameIndex ON %s.%s(event_name)", scopeName, models.Collections.EmailTemplate)
+	indices[models.Collections.EmailTemplate] = []string{emailTempIndex1}
+
+	// OTP index
+	otpIndex1 := fmt.Sprintf("CREATE INDEX OTPEmailIndex ON %s.%s(email)", scopeName, models.Collections.OTP)
+	indices[models.Collections.OTP] = []string{otpIndex1}
+
+	return indices
+}

server/db/providers/couchbase/session.go

@@ -0,0 +1,34 @@
+package couchbase
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddSession to save session information in database
+func (p *provider) AddSession(ctx context.Context, session models.Session) error {
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	session.CreatedAt = time.Now().Unix()
+	session.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Session).Insert(session.ID, session, &insertOpt)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteSession to delete session information from database
+func (p *provider) DeleteSession(ctx context.Context, userId string) error {
+	return nil
+}

server/db/providers/couchbase/shared.go

@@ -0,0 +1,65 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/couchbase/gocb/v2"
+)
+
+func GetSetFields(webhookMap map[string]interface{}) (string, map[string]interface{}) {
+	params := make(map[string]interface{}, 1)
+
+	updateFields := ""
+
+	for key, value := range webhookMap {
+		if key == "_id" {
+			continue
+		}
+
+		if key == "_key" {
+			continue
+		}
+
+		if value == nil {
+			updateFields += fmt.Sprintf("%s=$%s,", key, key)
+			params[key] = "null"
+			continue
+		}
+
+		valueType := reflect.TypeOf(value)
+		if valueType.Name() == "string" {
+			updateFields += fmt.Sprintf("%s = $%s, ", key, key)
+			params[key] = value.(string)
+
+		} else {
+			updateFields += fmt.Sprintf("%s = $%s, ", key, key)
+			params[key] = value
+		}
+	}
+	updateFields = strings.Trim(updateFields, " ")
+	updateFields = strings.TrimSuffix(updateFields, ",")
+	return updateFields, params
+}
+
+func (p *provider) GetTotalDocs(ctx context.Context, collection string) (int64, error) {
+	totalDocs := TotalDocs{}
+
+	countQuery := fmt.Sprintf("SELECT COUNT(*) as Total FROM %s.%s", p.scopeName, collection)
+	queryRes, err := p.db.Query(countQuery, &gocb.QueryOptions{
+		Context: ctx,
+	})
+
+	queryRes.One(&totalDocs)
+
+	if err != nil {
+		return totalDocs.Total, err
+	}
+	return totalDocs.Total, nil
+}
+
+type TotalDocs struct {
+	Total int64
+}

server/db/providers/couchbase/user.go

@@ -0,0 +1,199 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddUser to save user information in database
+func (p *provider) AddUser(ctx context.Context, user models.User) (models.User, error) {
+	if user.ID == "" {
+		user.ID = uuid.New().String()
+	}
+
+	if user.Roles == "" {
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
+	}
+
+	user.CreatedAt = time.Now().Unix()
+	user.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Insert(user.ID, user, &insertOpt)
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// UpdateUser to update user information in database
+func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
+	user.UpdatedAt = time.Now().Unix()
+	unsertOpt := gocb.UpsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Upsert(user.ID, user, &unsertOpt)
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// DeleteUser to delete user information from database
+func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Remove(user.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// ListUsers to get list of users from database
+func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
+	users := []*model.User{}
+	paginationClone := pagination
+
+	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
+
+	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+	if err != nil {
+		return nil, err
+	}
+	total, err := p.GetTotalDocs(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	for queryResult.Next() {
+		var user models.User
+		err := queryResult.Row(&user)
+		if err != nil {
+			log.Fatal(err)
+		}
+		users = append(users, user.AsAPIUser())
+	}
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+	}
+	return &model.Users{
+		Pagination: &paginationClone,
+		Users:      users,
+	}, nil
+}
+
+// GetUserByEmail to get user information from database using email address
+func (p *provider) GetUserByEmail(ctx context.Context, email string) (models.User, error) {
+	user := models.User{}
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{email},
+	})
+
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
+
+// GetUserByID to get user information from database using user ID
+func (p *provider) GetUserByID(ctx context.Context, id string) (models.User, error) {
+	user := models.User{}
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{id},
+	})
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
+
+// UpdateUsers to update multiple users, with parameters of user IDs slice
+// If ids set to nil / empty all the users will be updated
+func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{}, ids []string) error {
+	// set updated_at time for all users
+	data["updated_at"] = time.Now().Unix()
+	updateFields, params := GetSetFields(data)
+	if len(ids) > 0 {
+		for _, id := range ids {
+			params["id"] = id
+			userQuery := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id = $id", p.scopeName, models.Collections.User, updateFields)
+
+			_, err := p.db.Query(userQuery, &gocb.QueryOptions{
+				ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+				Context:         ctx,
+				NamedParameters: params,
+			})
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		userQuery := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id IS NOT NULL", p.scopeName, models.Collections.User, updateFields)
+		_, err := p.db.Query(userQuery, &gocb.QueryOptions{
+			ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+			Context:         ctx,
+			NamedParameters: params,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{phoneNumber},
+	})
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}

server/db/providers/couchbase/verification_requests.go

@@ -0,0 +1,128 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddVerification to save verification request in database
+func (p *provider) AddVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) (models.VerificationRequest, error) {
+	if verificationRequest.ID == "" {
+		verificationRequest.ID = uuid.New().String()
+	}
+
+	verificationRequest.Key = verificationRequest.ID
+	verificationRequest.CreatedAt = time.Now().Unix()
+	verificationRequest.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.VerificationRequest).Insert(verificationRequest.ID, verificationRequest, &insertOpt)
+	if err != nil {
+		return verificationRequest, err
+	}
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByToken to get verification request from database using token
+func (p *provider) GetVerificationRequestByToken(ctx context.Context, token string) (models.VerificationRequest, error) {
+	verificationRequest := models.VerificationRequest{}
+	params := make(map[string]interface{}, 1)
+	params["token"] = token
+	query := fmt.Sprintf("SELECT _id, token, identifier, expires_at, email, nonce, redirect_uri, created_at, updated_at FROM %s.%s WHERE token=$1 LIMIT 1", p.scopeName, models.Collections.VerificationRequest)
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{token},
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+	})
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	err = queryResult.One(&verificationRequest)
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByEmail to get verification request by email from database
+func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email string, identifier string) (models.VerificationRequest, error) {
+
+	query := fmt.Sprintf("SELECT _id, identifier, token, expires_at, email, nonce, redirect_uri, created_at, updated_at FROM %s.%s WHERE email=$1 AND identifier=$2 LIMIT 1", p.scopeName, models.Collections.VerificationRequest)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{email, identifier},
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+	})
+	verificationRequest := models.VerificationRequest{}
+
+	if err != nil {
+		return verificationRequest, err
+	}
+
+	err = queryResult.One(&verificationRequest)
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// ListVerificationRequests to get list of verification requests from database
+func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
+	var verificationRequests []*model.VerificationRequest
+	paginationClone := pagination
+	total, err := p.GetTotalDocs(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s OFFSET $1 LIMIT $2", p.scopeName, models.Collections.VerificationRequest)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var verificationRequest models.VerificationRequest
+		err := queryResult.Row(&verificationRequest)
+		if err != nil {
+			log.Fatal(err)
+		}
+		verificationRequests = append(verificationRequests, verificationRequest.AsAPIVerificationRequest())
+	}
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.VerificationRequests{
+		VerificationRequests: verificationRequests,
+		Pagination:           &paginationClone,
+	}, nil
+}
+
+// DeleteVerificationRequest to delete verification request from database
+func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.VerificationRequest).Remove(verificationRequest.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}

server/db/providers/couchbase/webhook.go

@@ -0,0 +1,185 @@
+package couchbase
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddWebhook to add webhook
+func (p *provider) AddWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	if webhook.ID == "" {
+		webhook.ID = uuid.New().String()
+	}
+
+	webhook.Key = webhook.ID
+	webhook.CreatedAt = time.Now().Unix()
+	webhook.UpdatedAt = time.Now().Unix()
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Webhook).Insert(webhook.ID, webhook, &insertOpt)
+	if err != nil {
+		return webhook.AsAPIWebhook(), err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// UpdateWebhook to update webhook
+func (p *provider) UpdateWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	webhook.UpdatedAt = time.Now().Unix()
+
+	bytes, err := json.Marshal(webhook)
+	if err != nil {
+		return nil, err
+	}
+	// use decoder instead of json.Unmarshall, because it converts int64 -> float64 after unmarshalling
+	decoder := json.NewDecoder(strings.NewReader(string(bytes)))
+	decoder.UseNumber()
+	webhookMap := map[string]interface{}{}
+	err = decoder.Decode(&webhookMap)
+	if err != nil {
+		return nil, err
+	}
+
+	updateFields, params := GetSetFields(webhookMap)
+
+	query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id='%s'`, p.scopeName, models.Collections.Webhook, updateFields, webhook.ID)
+
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// ListWebhooks to list webhook
+func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination) (*model.Webhooks, error) {
+	webhooks := []*model.Webhook{}
+	paginationClone := pagination
+
+	params := make(map[string]interface{}, 1)
+	params["offset"] = paginationClone.Offset
+	params["limit"] = paginationClone.Limit
+	total, err := p.GetTotalDocs(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s OFFSET $offset LIMIT $limit", p.scopeName, models.Collections.Webhook)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var webhook models.Webhook
+		err := queryResult.Row(&webhook)
+		if err != nil {
+			log.Fatal(err)
+		}
+		webhooks = append(webhooks, webhook.AsAPIWebhook())
+	}
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+	}
+	return &model.Webhooks{
+		Pagination: &paginationClone,
+		Webhooks:   webhooks,
+	}, nil
+}
+
+// GetWebhookByID to get webhook by id
+func (p *provider) GetWebhookByID(ctx context.Context, webhookID string) (*model.Webhook, error) {
+	var webhook models.Webhook
+
+	params := make(map[string]interface{}, 1)
+	params["_id"] = webhookID
+
+	query := fmt.Sprintf(`SELECT _id, event_name, endpoint, headers, enabled, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, models.Collections.Webhook)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// GetWebhookByEventName to get webhook by event_name
+func (p *provider) GetWebhookByEventName(ctx context.Context, eventName string) (*model.Webhook, error) {
+	var webhook models.Webhook
+	params := make(map[string]interface{}, 1)
+	params["event_name"] = eventName
+
+	query := fmt.Sprintf(`SELECT _id, event_name, endpoint, headers, enabled, created_at, updated_at FROM %s.%s WHERE event_name=$event_name LIMIT 1`, p.scopeName, models.Collections.Webhook)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// DeleteWebhook to delete webhook
+func (p *provider) DeleteWebhook(ctx context.Context, webhook *model.Webhook) error {
+
+	params := make(map[string]interface{}, 1)
+	params["webhook_id"] = webhook.ID
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Webhook).Remove(webhook.ID, &removeOpt)
+
+	if err != nil {
+		return err
+	}
+
+	query := fmt.Sprintf(`DELETE FROM %s.%s WHERE webhook_id=$webhook_id`, p.scopeName, models.Collections.WebhookLog)
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

server/db/providers/couchbase/webhook_log.go

@@ -0,0 +1,85 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddWebhookLog to add webhook log
+func (p *provider) AddWebhookLog(ctx context.Context, webhookLog models.WebhookLog) (*model.WebhookLog, error) {
+	if webhookLog.ID == "" {
+		webhookLog.ID = uuid.New().String()
+	}
+
+	webhookLog.Key = webhookLog.ID
+	webhookLog.CreatedAt = time.Now().Unix()
+	webhookLog.UpdatedAt = time.Now().Unix()
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.WebhookLog).Insert(webhookLog.ID, webhookLog, &insertOpt)
+	if err != nil {
+		return webhookLog.AsAPIWebhookLog(), err
+	}
+
+	return webhookLog.AsAPIWebhookLog(), nil
+}
+
+// ListWebhookLogs to list webhook logs
+func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Pagination, webhookID string) (*model.WebhookLogs, error) {
+	var query string
+	var err error
+
+	webhookLogs := []*model.WebhookLog{}
+	params := make(map[string]interface{}, 1)
+	paginationClone := pagination
+
+	params["webhookID"] = webhookID
+	params["offset"] = paginationClone.Offset
+	params["limit"] = paginationClone.Limit
+	total, err := p.GetTotalDocs(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	if webhookID != "" {
+		query = fmt.Sprintf(`SELECT _id, http_status, response, request, webhook_id, created_at, updated_at FROM %s.%s WHERE webhook_id=$webhookID`, p.scopeName, models.Collections.WebhookLog)
+	} else {
+		query = fmt.Sprintf("SELECT _id, http_status, response, request, webhook_id, created_at, updated_at FROM %s.%s OFFSET $offset LIMIT $limit", p.scopeName, models.Collections.WebhookLog)
+	}
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var webhookLog models.WebhookLog
+		err := queryResult.Row(&webhookLog)
+		if err != nil {
+			log.Fatal(err)
+		}
+		webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.WebhookLogs{
+		Pagination:  &paginationClone,
+		WebhookLogs: webhookLogs,
+	}, nil
+}

server/db/providers/dynamodb/env.go

@@ -34,7 +34,6 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
 
 // UpdateEnv to update environment information in database
 func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
-
 	collection := p.db.Table(models.Collections.Env)
 	env.UpdatedAt = time.Now().Unix()
 

server/db/providers/dynamodb/user.go

@@ -3,12 +3,15 @@ package dynamodb
 import (
 	"context"
 	"errors"
+	"fmt"
+	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/google/uuid"
 	"github.com/guregu/dynamo"
 	log "github.com/sirupsen/logrus"
@@ -30,6 +33,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 
@@ -193,3 +202,23 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var users []models.User
+	var user models.User
+
+	collection := p.db.Table(models.Collections.User)
+	err := collection.Scan().Filter("'phone_number' = ?", phoneNumber).AllWithContext(ctx, &users)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(users) > 0 {
+		user = users[0]
+		return &user, nil
+	} else {
+		return nil, errors.New("no record found")
+	}
+}

server/db/providers/mongodb/user.go

@@ -155,3 +155,16 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user models.User
+
+	userCollection := p.db.Collection(models.Collections.User, options.Collection())
+	err := userCollection.FindOne(ctx, bson.M{"phone_number": phoneNumber}).Decode(&user)
+	if err != nil {
+		return nil, err
+	}
+
+	return &user, nil
+}

server/db/providers/provider_template/user.go

@@ -69,3 +69,10 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+
+	return user, nil
+}

server/db/providers/providers.go

@@ -18,6 +18,8 @@ type Provider interface {
 	ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error)
 	// GetUserByEmail to get user information from database using email address
 	GetUserByEmail(ctx context.Context, email string) (models.User, error)
+	// GetUserByPhoneNumber to get user information from database using phone number
+	GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error)
 	// GetUserByID to get user information from database using user ID
 	GetUserByID(ctx context.Context, id string) (models.User, error)
 	// UpdateUsers to update multiple users, with parameters of user IDs slice

server/db/providers/sql/provider.go

@@ -1,17 +1,15 @@
 package sql
 
 import (
-	"fmt"
-	"log"
-	"os"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/glebarez/sqlite"
+	"github.com/sirupsen/logrus"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/postgres"
-	"gorm.io/driver/sqlite"
 	"gorm.io/driver/sqlserver"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
@@ -37,12 +35,12 @@ func NewProvider() (*provider, error) {
 	var sqlDB *gorm.DB
 	var err error
 	customLogger := logger.New(
-		log.New(os.Stdout, "\r\n", log.LstdFlags), // io writer
+		logrus.StandardLogger(),
 		logger.Config{
-			SlowThreshold:             time.Second,   // Slow SQL threshold
-			LogLevel:                  logger.Silent, // Log level
-			IgnoreRecordNotFoundError: true,          // Ignore ErrRecordNotFound error for logger
-			Colorful:                  false,         // Disable color
+			SlowThreshold:             time.Second,  // Slow SQL threshold
+			LogLevel:                  logger.Error, // Log level
+			IgnoreRecordNotFoundError: true,         // Ignore ErrRecordNotFound error for logger
+			Colorful:                  false,        // Disable color
 		},
 	)
 
@@ -61,7 +59,7 @@ func NewProvider() (*provider, error) {
 	case constants.DbTypePostgres, constants.DbTypeYugabyte, constants.DbTypeCockroachDB:
 		sqlDB, err = gorm.Open(postgres.Open(dbURL), ormConfig)
 	case constants.DbTypeSqlite:
-		sqlDB, err = gorm.Open(sqlite.Open(dbURL), ormConfig)
+		sqlDB, err = gorm.Open(sqlite.Open(dbURL+"?_pragma=busy_timeout(5000)&_pragma=journal_mode(WAL)"), ormConfig)
 	case constants.DbTypeMysql, constants.DbTypeMariaDB, constants.DbTypePlanetScaleDB:
 		sqlDB, err = gorm.Open(mysql.Open(dbURL), ormConfig)
 	case constants.DbTypeSqlserver:
@@ -72,35 +70,43 @@ func NewProvider() (*provider, error) {
 		return nil, err
 	}
 
+	// For sqlserver, handle uniqueness of phone_number manually via extra db call
+	// during create and update mutation.
+	if sqlDB.Migrator().HasConstraint(&models.User{}, "authorizer_users_phone_number_key") {
+		err = sqlDB.Migrator().DropConstraint(&models.User{}, "authorizer_users_phone_number_key")
+		logrus.Debug("Failed to drop phone number constraint:", err)
+	}
+
 	err = sqlDB.AutoMigrate(&models.User{}, &models.VerificationRequest{}, &models.Session{}, &models.Env{}, &models.Webhook{}, models.WebhookLog{}, models.EmailTemplate{}, &models.OTP{})
 	if err != nil {
 		return nil, err
 	}
 
+	// IMPACT: Request user to manually delete: UQ_phone_number constraint
 	// unique constraint on phone number does not work with multiple null values for sqlserver
 	// for more information check https://stackoverflow.com/a/767702
-	if dbType == constants.DbTypeSqlserver {
-		var indexInfos []indexInfo
-		// remove index on phone number if present with different name
-		res := sqlDB.Raw("SELECT i.name AS index_name, i.type_desc AS index_algorithm, CASE i.is_unique WHEN 1 THEN 'TRUE' ELSE 'FALSE' END AS is_unique, ac.Name AS column_name FROM sys.tables AS t INNER JOIN sys.indexes AS i ON t.object_id = i.object_id INNER JOIN sys.index_columns AS ic ON ic.object_id = i.object_id AND ic.index_id = i.index_id INNER JOIN sys.all_columns AS ac ON ic.object_id = ac.object_id AND ic.column_id = ac.column_id WHERE t.name = 'authorizer_users' AND SCHEMA_NAME(t.schema_id) = 'dbo';").Scan(&indexInfos)
-		if res.Error != nil {
-			return nil, res.Error
-		}
+	// if dbType == constants.DbTypeSqlserver {
+	// 	var indexInfos []indexInfo
+	// 	// remove index on phone number if present with different name
+	// 	res := sqlDB.Raw("SELECT i.name AS index_name, i.type_desc AS index_algorithm, CASE i.is_unique WHEN 1 THEN 'TRUE' ELSE 'FALSE' END AS is_unique, ac.Name AS column_name FROM sys.tables AS t INNER JOIN sys.indexes AS i ON t.object_id = i.object_id INNER JOIN sys.index_columns AS ic ON ic.object_id = i.object_id AND ic.index_id = i.index_id INNER JOIN sys.all_columns AS ac ON ic.object_id = ac.object_id AND ic.column_id = ac.column_id WHERE t.name = 'authorizer_users' AND SCHEMA_NAME(t.schema_id) = 'dbo';").Scan(&indexInfos)
+	// 	if res.Error != nil {
+	// 		return nil, res.Error
+	// 	}
 
-		for _, val := range indexInfos {
-			if val.ColumnName == phoneNumberColumnName && val.IndexName != phoneNumberIndexName {
-				// drop index & create new
-				if res := sqlDB.Exec(fmt.Sprintf(`ALTER TABLE authorizer_users DROP CONSTRAINT "%s";`, val.IndexName)); res.Error != nil {
-					return nil, res.Error
-				}
+	// 	for _, val := range indexInfos {
+	// 		if val.ColumnName == phoneNumberColumnName && val.IndexName != phoneNumberIndexName {
+	// 			// drop index & create new
+	// 			if res := sqlDB.Exec(fmt.Sprintf(`ALTER TABLE authorizer_users DROP CONSTRAINT "%s";`, val.IndexName)); res.Error != nil {
+	// 				return nil, res.Error
+	// 			}
 
-				// create index
-				if res := sqlDB.Exec(fmt.Sprintf("CREATE UNIQUE NONCLUSTERED INDEX %s ON authorizer_users(phone_number) WHERE phone_number IS NOT NULL;", phoneNumberIndexName)); res.Error != nil {
-					return nil, res.Error
-				}
-			}
-		}
-	}
+	// 			// create index
+	// 			if res := sqlDB.Exec(fmt.Sprintf("CREATE UNIQUE NONCLUSTERED INDEX %s ON authorizer_users(phone_number) WHERE phone_number IS NOT NULL;", phoneNumberIndexName)); res.Error != nil {
+	// 				return nil, res.Error
+	// 			}
+	// 		}
+	// 	}
+	// }
 
 	return &provider{
 		db: sqlDB,

server/db/providers/sql/user.go

@@ -2,12 +2,15 @@ package sql
 
 import (
 	"context"
+	"fmt"
+	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/google/uuid"
 	"gorm.io/gorm"
 	"gorm.io/gorm/clause"
@@ -27,6 +30,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 	user.Key = user.ID
@@ -58,13 +67,12 @@ func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.Use
 
 // DeleteUser to delete user information from database
 func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
-	result := p.db.Delete(&user)
-
+	result := p.db.Where("user_id = ?", user.ID).Delete(&models.Session{})
 	if result.Error != nil {
 		return result.Error
 	}
 
-	result = p.db.Where("user_id = ?", user.ID).Delete(&models.Session{})
+	result = p.db.Delete(&user)
 	if result.Error != nil {
 		return result.Error
 	}
@@ -141,3 +149,15 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+	result := p.db.Where("phone_number = ?", phoneNumber).First(&user)
+
+	if result.Error != nil {
+		return nil, result.Error
+	}
+
+	return user, nil
+}

server/env/env.go

@@ -75,17 +75,24 @@ func InitAllEnv() error {
 	osAppleClientSecret := os.Getenv(constants.EnvKeyAppleClientSecret)
 	osTwitterClientID := os.Getenv(constants.EnvKeyTwitterClientID)
 	osTwitterClientSecret := os.Getenv(constants.EnvKeyTwitterClientSecret)
+	osMicrosoftClientID := os.Getenv(constants.EnvKeyMicrosoftClientID)
+	osMicrosoftClientSecret := os.Getenv(constants.EnvKeyMicrosoftClientSecret)
+	osMicrosoftActiveDirectoryTenantID := os.Getenv(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
 	osResetPasswordURL := os.Getenv(constants.EnvKeyResetPasswordURL)
 	osOrganizationName := os.Getenv(constants.EnvKeyOrganizationName)
 	osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo)
 	osAwsRegion := os.Getenv(constants.EnvAwsRegion)
 	osAwsAccessKey := os.Getenv(constants.EnvAwsAccessKeyID)
 	osAwsSecretKey := os.Getenv(constants.EnvAwsSecretAccessKey)
+	osCouchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
+	osCouchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
+	osCouchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)
 
 	// os bool vars
 	osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
 	osAdminCookieSecure := os.Getenv(constants.EnvKeyAdminCookieSecure)
 	osDisableBasicAuthentication := os.Getenv(constants.EnvKeyDisableBasicAuthentication)
+	osDisableMobileBasicAuthentication := os.Getenv(constants.AuthRecipeMethodMobileBasicAuth)
 	osDisableEmailVerification := os.Getenv(constants.EnvKeyDisableEmailVerification)
 	osDisableMagicLinkLogin := os.Getenv(constants.EnvKeyDisableMagicLinkLogin)
 	osDisableLoginPage := os.Getenv(constants.EnvKeyDisableLoginPage)
@@ -133,17 +140,38 @@ func InitAllEnv() error {
 	if val, ok := envData[constants.EnvAwsAccessKeyID]; !ok || val == "" {
 		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
 	}
-	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsRegion {
+	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsAccessKey {
 		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
 	}
 
 	if val, ok := envData[constants.EnvAwsSecretAccessKey]; !ok || val == "" {
 		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
 	}
-	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsRegion {
+	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsSecretKey {
 		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
 	}
 
+	if val, ok := envData[constants.EnvCouchbaseBucket]; !ok || val == "" {
+		envData[constants.EnvCouchbaseBucket] = osCouchbaseBucket
+	}
+	if osCouchbaseBucket != "" && envData[constants.EnvCouchbaseBucket] != osCouchbaseBucket {
+		envData[constants.EnvCouchbaseBucket] = osCouchbaseBucket
+	}
+
+	if val, ok := envData[constants.EnvCouchbaseBucketRAMQuotaMB]; !ok || val == "" {
+		envData[constants.EnvCouchbaseBucketRAMQuotaMB] = osCouchbaseBucketRAMQuotaMB
+	}
+	if osCouchbaseBucketRAMQuotaMB != "" && envData[constants.EnvCouchbaseBucketRAMQuotaMB] != osCouchbaseBucketRAMQuotaMB {
+		envData[constants.EnvCouchbaseBucketRAMQuotaMB] = osCouchbaseBucketRAMQuotaMB
+	}
+
+	if val, ok := envData[constants.EnvCouchbaseScope]; !ok || val == "" {
+		envData[constants.EnvCouchbaseScope] = osCouchbaseScope
+	}
+	if osCouchbaseScope != "" && envData[constants.EnvCouchbaseScope] != osCouchbaseScope {
+		envData[constants.EnvCouchbaseScope] = osCouchbaseScope
+	}
+
 	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
 		envData[constants.EnvKeyAppURL] = osAppURL
 	}
@@ -332,7 +360,7 @@ func InitAllEnv() error {
 		envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim
 
 		if envData[constants.EnvKeyJwtRoleClaim] == "" {
-			envData[constants.EnvKeyJwtRoleClaim] = "role"
+			envData[constants.EnvKeyJwtRoleClaim] = "roles"
 		}
 	}
 	if osJwtRoleClaim != "" && envData[constants.EnvKeyJwtRoleClaim] != osJwtRoleClaim {
@@ -430,6 +458,27 @@ func InitAllEnv() error {
 		envData[constants.EnvKeyTwitterClientSecret] = osTwitterClientSecret
 	}
 
+	if val, ok := envData[constants.EnvKeyMicrosoftClientID]; !ok || val == "" {
+		envData[constants.EnvKeyMicrosoftClientID] = osMicrosoftClientID
+	}
+	if osMicrosoftClientID != "" && envData[constants.EnvKeyMicrosoftClientID] != osMicrosoftClientID {
+		envData[constants.EnvKeyMicrosoftClientID] = osMicrosoftClientID
+	}
+
+	if val, ok := envData[constants.EnvKeyMicrosoftClientSecret]; !ok || val == "" {
+		envData[constants.EnvKeyMicrosoftClientSecret] = osMicrosoftClientSecret
+	}
+	if osMicrosoftClientSecret != "" && envData[constants.EnvKeyMicrosoftClientSecret] != osMicrosoftClientSecret {
+		envData[constants.EnvKeyMicrosoftClientSecret] = osMicrosoftClientSecret
+	}
+
+	if val, ok := envData[constants.EnvKeyMicrosoftActiveDirectoryTenantID]; !ok || val == "" {
+		envData[constants.EnvKeyMicrosoftActiveDirectoryTenantID] = osMicrosoftActiveDirectoryTenantID
+	}
+	if osMicrosoftActiveDirectoryTenantID != "" && envData[constants.EnvKeyMicrosoftActiveDirectoryTenantID] != osMicrosoftActiveDirectoryTenantID {
+		envData[constants.EnvKeyMicrosoftActiveDirectoryTenantID] = osMicrosoftActiveDirectoryTenantID
+	}
+
 	if val, ok := envData[constants.EnvKeyResetPasswordURL]; !ok || val == "" {
 		envData[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(osResetPasswordURL, "/")
 	}
@@ -498,6 +547,19 @@ func InitAllEnv() error {
 		}
 	}
 
+	if _, ok := envData[constants.EnvKeyDisableMobileBasicAuthentication]; !ok {
+		envData[constants.EnvKeyDisableMobileBasicAuthentication] = osDisableBasicAuthentication == "true"
+	}
+	if osDisableMobileBasicAuthentication != "" {
+		boolValue, err := strconv.ParseBool(osDisableMobileBasicAuthentication)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableMobileBasicAuthentication].(bool) {
+			envData[constants.EnvKeyDisableMobileBasicAuthentication] = boolValue
+		}
+	}
+
 	if _, ok := envData[constants.EnvKeyDisableEmailVerification]; !ok {
 		envData[constants.EnvKeyDisableEmailVerification] = osDisableEmailVerification == "true"
 	}

server/env/persist_env.go

@@ -75,7 +75,6 @@ func GetEnvData() (map[string]interface{}, error) {
 	}
 
 	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
-
 	b64DecryptedConfig, err := crypto.DecryptB64(env.EnvData)
 	if err != nil {
 		log.Debug("Error while decrypting env data from B64: ", err)
@@ -201,7 +200,7 @@ func PersistEnv() error {
 				envValue := strings.TrimSpace(os.Getenv(key))
 				if envValue != "" {
 					switch key {
-					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure:
+					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableMobileBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure:
 						if envValueBool, err := strconv.ParseBool(envValue); err == nil {
 							if value.(bool) != envValueBool {
 								storeData[key] = envValueBool

server/go.mod

@@ -7,7 +7,9 @@ require (
 	github.com/arangodb/go-driver v1.2.1
 	github.com/aws/aws-sdk-go v1.44.109
 	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/couchbase/gocb/v2 v2.6.0
 	github.com/gin-gonic/gin v1.8.1
+	github.com/glebarez/sqlite v1.5.0
 	github.com/go-playground/validator/v10 v10.11.1 // indirect
 	github.com/go-redis/redis/v8 v8.11.0
 	github.com/goccy/go-json v0.9.11 // indirect
@@ -24,18 +26,15 @@ require (
 	github.com/stretchr/testify v1.8.0
 	github.com/vektah/gqlparser/v2 v2.5.1
 	go.mongodb.org/mongo-driver v1.8.1
-	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
-	golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b // indirect
+	golang.org/x/crypto v0.4.0
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
-	golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/square/go-jose.v2 v2.6.0
-	gorm.io/driver/mysql v1.2.1
-	gorm.io/driver/postgres v1.2.3
-	gorm.io/driver/sqlite v1.2.6
-	gorm.io/driver/sqlserver v1.2.1
-	gorm.io/gorm v1.22.4
+	gorm.io/driver/mysql v1.4.3
+	gorm.io/driver/postgres v1.4.7
+	gorm.io/driver/sqlserver v1.4.1
+	gorm.io/gorm v1.24.2
 )

server/go.sum

@@ -33,11 +33,13 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/99designs/gqlgen v0.17.20 h1:O7WzccIhKB1dm+7g6dhQcULINftfiLSBg2l/mwbpJMw=
 github.com/99designs/gqlgen v0.17.20/go.mod h1:Mja2HI23kWT1VRH09hvWshFgOzKswpO20o4ScpJIES4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
 github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
 github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
@@ -66,27 +68,30 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
-github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
 github.com/coreos/go-iptables v0.4.3/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw=
 github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/couchbase/gocb/v2 v2.6.0 h1:DhkLNatDcddCcS411D6kNwZspSEAWVeI/N3abzt/HLc=
+github.com/couchbase/gocb/v2 v2.6.0/go.mod h1:5su8b1gBF3V4j07SiGw+CA0bK9a84YWEb6UH7up0MEs=
+github.com/couchbase/gocbcore/v10 v10.2.0 h1:ZoSBLtcmt+lXbxVVT4SAhXDVNR+D48iSOZWNzHucVVk=
+github.com/couchbase/gocbcore/v10 v10.2.0/go.mod h1:qkPnOBziCs0guMEEvd0cRFo+AjOW0yEL99cU3I4n3Ao=
+github.com/couchbaselabs/gocaves/client v0.0.0-20220223122017-22859b310bd2 h1:UlwJ2GWpZQAQCLHyO3xHKcqAjUUcX2w7FKpbxCIUQks=
+github.com/couchbaselabs/gocaves/client v0.0.0-20220223122017-22859b310bd2/go.mod h1:AVekAZwIY2stsJOMWLAS/0uA/+qdp7pjO8EHnl61QkY=
 github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
-github.com/denisenkom/go-mssqldb v0.11.0 h1:9rHa233rhdOyrz2GcP9NM+gi2psgJZ4GWDpL/7ND8HI=
-github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
+github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
+github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -98,11 +103,13 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
 github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/glebarez/go-sqlite v1.19.1 h1:o2XhjyR8CQ2m84+bVz10G0cabmG0tY4sIMiCbrcUTrY=
+github.com/glebarez/go-sqlite v1.19.1/go.mod h1:9AykawGIyIcxoSfpYWiX1SgTNHTNsa/FVc75cDkbp4M=
+github.com/glebarez/sqlite v1.5.0 h1:+8LAEpmywqresSoGlqjjT+I9m4PseIM3NcerIJ/V7mk=
+github.com/glebarez/sqlite v1.5.0/go.mod h1:0wzXzTvfVJIN2GqRhCdMbnYd+m+aH5/QV7B30rM6NgY=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
@@ -123,13 +130,17 @@ github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gocql/gocql v1.2.0 h1:TZhsCd7fRuye4VyHr3WCvWwIQaZUmjsqnSIXK9FcVCE=
 github.com/gocql/gocql v1.2.0/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
-github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0=
 github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA=
+github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A=
+github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -158,8 +169,9 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -170,6 +182,7 @@ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -201,60 +214,19 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0=
-github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
-github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=
-github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
-github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
-github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
-github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
-github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
-github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
-github.com/jackc/pgconn v1.10.1 h1:DzdIHIjG1AxGwoEEqS+mGsURyjt4enSmqzACXvVzOT8=
-github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
-github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=
-github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
-github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
-github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
-github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=
-github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A=
-github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
-github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
-github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
-github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.2.0 h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns=
-github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
-github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
-github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
-github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
-github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
-github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk=
-github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
-github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
-github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
-github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
-github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
-github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc=
-github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8=
-github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.2.0 h1:NdPpngX0Y6z6XDFKqmFQaE+bCtkqzvQIOt1wvBlAqs8=
+github.com/jackc/pgx/v5 v5.2.0/go.mod h1:Ptn7zmohNsWEsdxRawMzk3gaKma2obW+NWTnKa0S4nk=
+github.com/jackc/puddle/v2 v2.1.2/go.mod h1:2lpufsF5mRHO6SuZkm0fNYxM6SWHfvyFj62KwNzgels=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/jinzhu/now v1.1.3 h1:PlHq1bSCSZL9K0wUhbm2pGLoTWs2GwVhsP6emvGV/ZI=
-github.com/jinzhu/now v1.1.3/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -265,41 +237,32 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinmbeaulieu/eq-go v1.0.0/go.mod h1:G3S8ajA56gKBZm4UB9AOyoOS37JO3roToPzKNM8dtdM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8=
-github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc=
 github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk=
-github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-sqlite3 v1.14.9 h1:10HX2Td0ocZpYEjhilsuo6WWtUqttj2Kb0KtD86/KYA=
-github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/microsoft/go-mssqldb v0.17.0 h1:Fto83dMZPnYv1Zwx5vHHxpNraeEaUlQ/hhHLgZiaenE=
+github.com/microsoft/go-mssqldb v0.17.0/go.mod h1:OkoNGhGEs8EZqchVTtochlXruEhEOaO4S0d2sB5aeGQ=
 github.com/mitchellh/mapstructure v1.3.1 h1:cCBH2gTD2K0OtLlv/Y5H01VQCqmlDxz30kS5Y5bqfLA=
 github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -307,7 +270,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -321,6 +286,8 @@ github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
 github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
+github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -328,6 +295,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f h1:a7clxaGmmqtdNTXyvrp/lVO/Gnkzlhc/+dLs5v965GM=
 github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f/go.mod h1:/mK7FZ3mFYEn9zvNPhpngTyatyehSwte5bJZ4ehL5Xw=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -335,24 +304,16 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
-github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
 github.com/rs/zerolog v1.19.0/go.mod h1:IzD0RJ65iWH0w97OQQebJEvTZYvsCUm9WVLWBQrJRjo=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
-github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
-github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -389,7 +350,6 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 go.mongodb.org/mongo-driver v1.8.1 h1:OZE4Wni/SJlrcmSIBRYNzunX5TKxjrTS4jKSnA99oKU=
 go.mongodb.org/mongo-driver v1.8.1/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -397,33 +357,21 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
-golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -470,7 +418,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -487,6 +434,7 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -494,9 +442,10 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b h1:uKO3Js8lXGjpjdc4J3rqs0/Ex5yDKUGfk43tTYWVLas=
-golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -514,23 +463,19 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 h1:ZrnxWX62AgTKOSagEqxvb3ffipvEDX2pl7E1TdqLqIc=
+golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -555,32 +500,36 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220224120231-95c6836cb0e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -591,7 +540,6 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@@ -599,12 +547,9 @@ golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190828213141-aed303cbaa74/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -612,7 +557,6 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -631,12 +575,11 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -731,7 +674,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk=
@@ -744,6 +686,7 @@ gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -754,18 +697,16 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/mysql v1.2.1 h1:h+3f1l9Ng2C072Y2tIiLgPpWN78r1KXL7bHJ0nTjlhU=
-gorm.io/driver/mysql v1.2.1/go.mod h1:qsiz+XcAyMrS6QY+X3M9R6b/lKM1imKmcuK9kac5LTo=
-gorm.io/driver/postgres v1.2.3 h1:f4t0TmNMy9gh3TU2PX+EppoA6YsgFnyq8Ojtddb42To=
-gorm.io/driver/postgres v1.2.3/go.mod h1:pJV6RgYQPG47aM1f0QeOzFH9HxQc8JcmAgjRCgS0wjs=
-gorm.io/driver/sqlite v1.2.6 h1:SStaH/b+280M7C8vXeZLz/zo9cLQmIGwwj3cSj7p6l4=
-gorm.io/driver/sqlite v1.2.6/go.mod h1:gyoX0vHiiwi0g49tv+x2E7l8ksauLK0U/gShcdUsjWY=
-gorm.io/driver/sqlserver v1.2.1 h1:KhGOjvPX7JZ5hPyQICTJfMuTz88zgJ2lk9bWiHVNHd8=
-gorm.io/driver/sqlserver v1.2.1/go.mod h1:nixq0OB3iLXZDiPv6JSOjWuPgpyaRpOIIevYtA4Ulb4=
-gorm.io/gorm v1.22.2/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
-gorm.io/gorm v1.22.3/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
-gorm.io/gorm v1.22.4 h1:8aPcyEJhY0MAt8aY6Dc524Pn+pO29K+ydu+e/cXSpQM=
-gorm.io/gorm v1.22.4/go.mod h1:1aeVC+pe9ZmvKZban/gW4QPra7PRoTEssyc922qCAkk=
+gorm.io/driver/mysql v1.4.3 h1:/JhWJhO2v17d8hjApTltKNADm7K7YI2ogkR7avJUL3k=
+gorm.io/driver/mysql v1.4.3/go.mod h1:sSIebwZAVPiT+27jK9HIwvsqOGKx3YMPmrA3mBJR10c=
+gorm.io/driver/postgres v1.4.7 h1:J06jXZCNq7Pdf7LIPn8tZn9LsWjd81BRSKveKNr0ZfA=
+gorm.io/driver/postgres v1.4.7/go.mod h1:UJChCNLFKeBqQRE+HrkFUbKbq9idPXmTOk2u4Wok8S4=
+gorm.io/driver/sqlserver v1.4.1 h1:t4r4r6Jam5E6ejqP7N82qAJIJAht27EGT41HyPfXRw0=
+gorm.io/driver/sqlserver v1.4.1/go.mod h1:DJ4P+MeZbc5rvY58PnmN1Lnyvb5gw5NPzGshHDnJLig=
+gorm.io/gorm v1.23.8/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
+gorm.io/gorm v1.24.0/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/gorm v1.24.2 h1:9wR6CFD+G8nOusLdvkZelOEhpJVwwHzpQOUM+REd6U0=
+gorm.io/gorm v1.24.2/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -773,6 +714,38 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
+modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI=
+modernc.org/cc/v3 v3.37.0/go.mod h1:vtL+3mdHx/wcj3iEGz84rQa8vEqR6XM84v5Lcvfph20=
+modernc.org/cc/v3 v3.38.1/go.mod h1:vtL+3mdHx/wcj3iEGz84rQa8vEqR6XM84v5Lcvfph20=
+modernc.org/ccgo/v3 v3.0.0-20220904174949-82d86e1b6d56/go.mod h1:YSXjPL62P2AMSxBphRHPn7IkzhVHqkvOnRKAKh+W6ZI=
+modernc.org/ccgo/v3 v3.0.0-20220910160915-348f15de615a/go.mod h1:8p47QxPkdugex9J4n9P2tLZ9bK01yngIVp00g4nomW0=
+modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo=
+modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
+modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
+modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0=
+modernc.org/libc v1.17.4/go.mod h1:WNg2ZH56rDEwdropAJeZPQkXmDwh+JCA1s/htl6r2fA=
+modernc.org/libc v1.18.0/go.mod h1:vj6zehR5bfc98ipowQOM2nIDUZnVew/wNC/2tOGS+q0=
+modernc.org/libc v1.19.0 h1:bXyVhGQg6KIClTr8FMVIDPl7jtbcs7aS5WP7vLDaxPs=
+modernc.org/libc v1.19.0/go.mod h1:ZRfIaEkgrYgZDl6pa4W39HgN5G/yDW+NRmNKZBDFrk0=
+modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
+modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
+modernc.org/memory v1.3.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
+modernc.org/memory v1.4.0 h1:crykUfNSnMAXaOJnnxcSzbUGMqkLWjklJKkBK2nwZwk=
+modernc.org/memory v1.4.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
+modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sqlite v1.19.1 h1:8xmS5oLnZtAK//vnd4aTVj8VOeTAccEFOtUnIzfSw+4=
+modernc.org/sqlite v1.19.1/go.mod h1:UfQ83woKMaPW/ZBruK0T7YaFCrI+IE0LeWVY6pmnVms=
+modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw=
+modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
+modernc.org/tcl v1.14.0/go.mod h1:gQ7c1YPMvryCHCcmf8acB6VPabE59QBeuRQLL7cTUlM=
+modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
+modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
+modernc.org/z v1.6.0/go.mod h1:hVdgNMh8ggTuRG1rGU8x+xGRFfiQUIAw0ZqlPy8+HyQ=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

server/graph/model/models_gen.go

@@ -3,10 +3,10 @@
 package model
 
 type AddEmailTemplateRequest struct {
-	EventName string `json:"event_name"`
-	Subject   string `json:"subject"`
-	Template  string `json:"template"`
-	Design    string `json:"design"`
+	EventName string  `json:"event_name"`
+	Subject   string  `json:"subject"`
+	Template  string  `json:"template"`
+	Design    *string `json:"design"`
 }
 
 type AddWebhookRequest struct {
@@ -109,6 +109,9 @@ type Env struct {
 	AppleClientSecret                *string  `json:"APPLE_CLIENT_SECRET"`
 	TwitterClientID                  *string  `json:"TWITTER_CLIENT_ID"`
 	TwitterClientSecret              *string  `json:"TWITTER_CLIENT_SECRET"`
+	MicrosoftClientID                *string  `json:"MICROSOFT_CLIENT_ID"`
+	MicrosoftClientSecret            *string  `json:"MICROSOFT_CLIENT_SECRET"`
+	MicrosoftActiveDirectoryTenantID *string  `json:"MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID"`
 	OrganizationName                 *string  `json:"ORGANIZATION_NAME"`
 	OrganizationLogo                 *string  `json:"ORGANIZATION_LOGO"`
 	AppCookieSecure                  bool     `json:"APP_COOKIE_SECURE"`
@@ -136,6 +139,10 @@ type GenerateJWTKeysResponse struct {
 	PrivateKey *string `json:"private_key"`
 }
 
+type GetUserRequest struct {
+	ID string `json:"id"`
+}
+
 type InviteMemberInput struct {
 	Emails      []string `json:"emails"`
 	RedirectURI *string  `json:"redirect_uri"`
@@ -151,6 +158,7 @@ type LoginInput struct {
 	Password string   `json:"password"`
 	Roles    []string `json:"roles"`
 	Scope    []string `json:"scope"`
+	State    *string  `json:"state"`
 }
 
 type MagicLinkLoginInput struct {
@@ -170,6 +178,7 @@ type Meta struct {
 	IsLinkedinLoginEnabled       bool   `json:"is_linkedin_login_enabled"`
 	IsAppleLoginEnabled          bool   `json:"is_apple_login_enabled"`
 	IsTwitterLoginEnabled        bool   `json:"is_twitter_login_enabled"`
+	IsMicrosoftLoginEnabled      bool   `json:"is_microsoft_login_enabled"`
 	IsEmailVerificationEnabled   bool   `json:"is_email_verification_enabled"`
 	IsBasicAuthenticationEnabled bool   `json:"is_basic_authentication_enabled"`
 	IsMagicLinkLoginEnabled      bool   `json:"is_magic_link_login_enabled"`
@@ -178,6 +187,33 @@ type Meta struct {
 	IsMultiFactorAuthEnabled     bool   `json:"is_multi_factor_auth_enabled"`
 }
 
+type MobileLoginInput struct {
+	PhoneNumber string   `json:"phone_number"`
+	Password    string   `json:"password"`
+	Roles       []string `json:"roles"`
+	Scope       []string `json:"scope"`
+	State       *string  `json:"state"`
+}
+
+type MobileSignUpInput struct {
+	Email                    *string  `json:"email"`
+	GivenName                *string  `json:"given_name"`
+	FamilyName               *string  `json:"family_name"`
+	MiddleName               *string  `json:"middle_name"`
+	Nickname                 *string  `json:"nickname"`
+	Gender                   *string  `json:"gender"`
+	Birthdate                *string  `json:"birthdate"`
+	PhoneNumber              string   `json:"phone_number"`
+	Picture                  *string  `json:"picture"`
+	Password                 string   `json:"password"`
+	ConfirmPassword          string   `json:"confirm_password"`
+	Roles                    []string `json:"roles"`
+	Scope                    []string `json:"scope"`
+	RedirectURI              *string  `json:"redirect_uri"`
+	IsMultiFactorAuthEnabled *bool    `json:"is_multi_factor_auth_enabled"`
+	State                    *string  `json:"state"`
+}
+
 type OAuthRevokeInput struct {
 	RefreshToken string `json:"refresh_token"`
 }
@@ -199,12 +235,14 @@ type PaginationInput struct {
 }
 
 type ResendOTPRequest struct {
-	Email string `json:"email"`
+	Email string  `json:"email"`
+	State *string `json:"state"`
 }
 
 type ResendVerifyEmailInput struct {
-	Email      string `json:"email"`
-	Identifier string `json:"identifier"`
+	Email      string  `json:"email"`
+	Identifier string  `json:"identifier"`
+	State      *string `json:"state"`
 }
 
 type ResetPasswordInput struct {
@@ -238,6 +276,7 @@ type SignUpInput struct {
 	Scope                    []string `json:"scope"`
 	RedirectURI              *string  `json:"redirect_uri"`
 	IsMultiFactorAuthEnabled *bool    `json:"is_multi_factor_auth_enabled"`
+	State                    *string  `json:"state"`
 }
 
 type TestEndpointRequest struct {
@@ -308,6 +347,9 @@ type UpdateEnvInput struct {
 	AppleClientSecret                *string  `json:"APPLE_CLIENT_SECRET"`
 	TwitterClientID                  *string  `json:"TWITTER_CLIENT_ID"`
 	TwitterClientSecret              *string  `json:"TWITTER_CLIENT_SECRET"`
+	MicrosoftClientID                *string  `json:"MICROSOFT_CLIENT_ID"`
+	MicrosoftClientSecret            *string  `json:"MICROSOFT_CLIENT_SECRET"`
+	MicrosoftActiveDirectoryTenantID *string  `json:"MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID"`
 	OrganizationName                 *string  `json:"ORGANIZATION_NAME"`
 	OrganizationLogo                 *string  `json:"ORGANIZATION_LOGO"`
 }
@@ -408,12 +450,14 @@ type VerificationRequests struct {
 }
 
 type VerifyEmailInput struct {
-	Token string `json:"token"`
+	Token string  `json:"token"`
+	State *string `json:"state"`
 }
 
 type VerifyOTPRequest struct {
-	Email string `json:"email"`
-	Otp   string `json:"otp"`
+	Email string  `json:"email"`
+	Otp   string  `json:"otp"`
+	State *string `json:"state"`
 }
 
 type Webhook struct {

server/graph/schema.graphqls

@@ -21,6 +21,7 @@ type Meta {
   is_linkedin_login_enabled: Boolean!
   is_apple_login_enabled: Boolean!
   is_twitter_login_enabled: Boolean!
+  is_microsoft_login_enabled: Boolean!
   is_email_verification_enabled: Boolean!
   is_basic_authentication_enabled: Boolean!
   is_magic_link_login_enabled: Boolean!
@@ -145,6 +146,9 @@ type Env {
   APPLE_CLIENT_SECRET: String
   TWITTER_CLIENT_ID: String
   TWITTER_CLIENT_SECRET: String
+  MICROSOFT_CLIENT_ID: String
+  MICROSOFT_CLIENT_SECRET: String
+  MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: String
   ORGANIZATION_NAME: String
   ORGANIZATION_LOGO: String
   APP_COOKIE_SECURE: Boolean!
@@ -257,6 +261,9 @@ input UpdateEnvInput {
   APPLE_CLIENT_SECRET: String
   TWITTER_CLIENT_ID: String
   TWITTER_CLIENT_SECRET: String
+  MICROSOFT_CLIENT_ID: String
+  MICROSOFT_CLIENT_SECRET: String
+  MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: String
   ORGANIZATION_NAME: String
   ORGANIZATION_LOGO: String
 }
@@ -269,6 +276,28 @@ input AdminSignupInput {
   admin_secret: String!
 }
 
+input MobileSignUpInput {
+  email: String
+  given_name: String
+  family_name: String
+  middle_name: String
+  nickname: String
+  gender: String
+  birthdate: String
+  phone_number: String!
+  picture: String
+  password: String!
+  confirm_password: String!
+  roles: [String!]
+  scope: [String!]
+  redirect_uri: String
+  is_multi_factor_auth_enabled: Boolean
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
+}
+
 input SignUpInput {
   email: String!
   given_name: String
@@ -285,6 +314,10 @@ input SignUpInput {
   scope: [String!]
   redirect_uri: String
   is_multi_factor_auth_enabled: Boolean
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input LoginInput {
@@ -292,15 +325,38 @@ input LoginInput {
   password: String!
   roles: [String!]
   scope: [String!]
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
+}
+
+input MobileLoginInput {
+  phone_number: String!
+  password: String!
+  roles: [String!]
+  scope: [String!]
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input VerifyEmailInput {
   token: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input ResendVerifyEmailInput {
   email: String!
   identifier: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input UpdateProfileInput {
@@ -430,7 +486,9 @@ input AddEmailTemplateRequest {
   event_name: String!
   subject: String!
   template: String!
-  design: String!
+  # Design value is set when editor is used
+  # If raw HTML is used design value is set to null
+  design: String
 }
 
 input UpdateEmailTemplateRequest {
@@ -438,6 +496,8 @@ input UpdateEmailTemplateRequest {
   event_name: String
   template: String
   subject: String
+  # Design value is set when editor is used
+  # If raw HTML is used design value is set to null
   design: String
 }
 
@@ -448,15 +508,29 @@ input DeleteEmailTemplateRequest {
 input VerifyOTPRequest {
   email: String!
   otp: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input ResendOTPRequest {
   email: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
+}
+
+input GetUserRequest {
+  id: String!
 }
 
 type Mutation {
   signup(params: SignUpInput!): AuthResponse!
+  mobile_signup(params: MobileSignUpInput): AuthResponse!
   login(params: LoginInput!): AuthResponse!
+  mobile_login(params: MobileLoginInput!): AuthResponse!
   magic_link_login(params: MagicLinkLoginInput!): Response!
   logout: Response!
   update_profile(params: UpdateProfileInput!): Response!
@@ -494,6 +568,7 @@ type Query {
   validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
   # admin only apis
   _users(params: PaginatedInput): Users!
+  _user(params: GetUserRequest!): User!
   _verification_requests(params: PaginatedInput): VerificationRequests!
   _admin_session: Response!
   _env: Env!

server/graph/schema.resolvers.go

@@ -16,11 +16,21 @@ func (r *mutationResolver) Signup(ctx context.Context, params model.SignUpInput)
 	return resolvers.SignupResolver(ctx, params)
 }
 
+// MobileSignup is the resolver for the mobile_signup field.
+func (r *mutationResolver) MobileSignup(ctx context.Context, params *model.MobileSignUpInput) (*model.AuthResponse, error) {
+	return resolvers.MobileSignupResolver(ctx, params)
+}
+
 // Login is the resolver for the login field.
 func (r *mutationResolver) Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, error) {
 	return resolvers.LoginResolver(ctx, params)
 }
 
+// MobileLogin is the resolver for the mobile_login field.
+func (r *mutationResolver) MobileLogin(ctx context.Context, params model.MobileLoginInput) (*model.AuthResponse, error) {
+	return resolvers.MobileLoginResolver(ctx, params)
+}
+
 // MagicLinkLogin is the resolver for the magic_link_login field.
 func (r *mutationResolver) MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*model.Response, error) {
 	return resolvers.MagicLinkLoginResolver(ctx, params)
@@ -181,6 +191,11 @@ func (r *queryResolver) Users(ctx context.Context, params *model.PaginatedInput)
 	return resolvers.UsersResolver(ctx, params)
 }
 
+// User is the resolver for the _user field.
+func (r *queryResolver) User(ctx context.Context, params model.GetUserRequest) (*model.User, error) {
+	return resolvers.UserResolver(ctx, params)
+}
+
 // VerificationRequests is the resolver for the _verification_requests field.
 func (r *queryResolver) VerificationRequests(ctx context.Context, params *model.PaginatedInput) (*model.VerificationRequests, error) {
 	return resolvers.VerificationRequestsResolver(ctx, params)

server/handlers/app.go

@@ -76,7 +76,7 @@ func AppHandler() gin.HandlerFunc {
 			"data": map[string]interface{}{
 				"authorizerURL":    hostname,
 				"redirectURL":      redirectURI,
-				"scope":            scope,
+				"scope":            strings.Join(scope, " "),
 				"state":            state,
 				"organizationName": orgName,
 				"organizationLogo": orgLogo,

server/handlers/authorize.go

@@ -1,10 +1,41 @@
 package handlers
 
+/**
+LOGIC TO REMEMBER THE AUTHORIZE FLOW
+
+
+jargons
+`at_hash` -> access_token_hash
+`c_hash` -> code_hash
+
+
+# ResponseType: Code
+	with /authorize request
+		- set state [state, code@@challenge]
+		- add &code to login redirect url
+	login resolver has optional param state
+		-if state found in store, split with @@
+		- if len > 1 -> response type is code and has code + challenge
+		- set `nonce, code` for createAuthToken request so that `c_hash` can be generated
+		- do not add `nonce` to id_token in code flow, instead set `c_hash` and `at_hash`
+
+
+# ResponseType: token / id_token
+	with /authorize request
+		- set state [state, nonce]
+		- add &nonce to login redirect url
+	login resolver has optional param state
+		- if state found in store, split with @@
+		- if len < 1 -> response type is token / id_token and value is nonce
+		- send received nonce for createAuthToken with empty code value
+		- set `nonce` and `at_hash` in `id_token`
+**/
+
 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -17,6 +48,15 @@ import (
 	"github.com/authorizerdev/authorizer/server/token"
 )
 
+// Check the flow for generating and verifying codes: https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce#:~:text=PKCE%20works%20by%20having%20the,is%20called%20the%20Code%20Challenge.
+
+// Check following docs for understanding request / response params for various types of requests: https://auth0.com/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-auth-code-flow
+
+const (
+	authorizeWebMessageTemplate = "authorize_web_message.tmpl"
+	authorizeFormPostTemplate   = "authorize_form_post.tmpl"
+)
+
 // AuthorizeHandler is the handler for the /authorize route
 // required params
 // ?redirect_uri = redirect url
@@ -24,8 +64,6 @@ import (
 // state[recommended] = to prevent CSRF attack (for authorizer its compulsory)
 // code_challenge = to prevent CSRF attack
 // code_challenge_method = to prevent CSRF attack [only sh256 is supported]
-
-// check the flow for generating and verifying codes: https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce#:~:text=PKCE%20works%20by%20having%20the,is%20called%20the%20Code%20Challenge.
 func AuthorizeHandler() gin.HandlerFunc {
 	return func(gc *gin.Context) {
 		redirectURI := strings.TrimSpace(gc.Query("redirect_uri"))
@@ -34,8 +72,8 @@ func AuthorizeHandler() gin.HandlerFunc {
 		codeChallenge := strings.TrimSpace(gc.Query("code_challenge"))
 		scopeString := strings.TrimSpace(gc.Query("scope"))
 		clientID := strings.TrimSpace(gc.Query("client_id"))
-		template := "authorize.tmpl"
 		responseMode := strings.TrimSpace(gc.Query("response_mode"))
+		nonce := strings.TrimSpace(gc.Query("nonce"))
 
 		var scope []string
 		if scopeString == "" {
@@ -45,176 +83,98 @@ func AuthorizeHandler() gin.HandlerFunc {
 		}
 
 		if responseMode == "" {
-			responseMode = "query"
-		}
-
-		if responseMode != "query" && responseMode != "web_message" {
-			log.Debug("Invalid response_mode: ", responseMode)
-			gc.JSON(400, gin.H{"error": "invalid response mode"})
+			responseMode = constants.ResponseModeQuery
 		}
 
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}
 
-		isQuery := responseMode == "query"
-
-		loginURL := "/app?state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
-
-		if clientID == "" {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Failed to get client_id: ", clientID)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "client_id is required",
-						},
-					},
-				})
-			}
-			return
-		}
-
-		if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Invalid client_id: ", clientID)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "invalid_client_id",
-						},
-					},
-				})
-			}
-			return
-		}
-
-		if state == "" {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Failed to get state: ", state)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "state is required",
-						},
-					},
-				})
-			}
-			return
-		}
-
 		if responseType == "" {
 			responseType = "token"
 		}
 
-		isResponseTypeCode := responseType == "code"
-		isResponseTypeToken := responseType == "token"
-
-		if !isResponseTypeCode && !isResponseTypeToken {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Invalid response_type: ", responseType)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "response_type is invalid",
-						},
-					},
-				})
-			}
+		if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {
+			log.Debug("invalid authorization request: ", err)
+			gc.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 			return
 		}
 
-		if isResponseTypeCode {
-			if codeChallenge == "" {
-				if isQuery {
-					gc.Redirect(http.StatusFound, loginURL)
-				} else {
-					log.Debug("Failed to get code_challenge: ", codeChallenge)
-					gc.HTML(http.StatusBadRequest, template, gin.H{
-						"target_origin": redirectURI,
-						"authorization_response": map[string]interface{}{
-							"type": "authorization_response",
-							"response": map[string]string{
-								"error": "code_challenge is required",
-							},
-						},
-					})
-				}
-				return
+		code := uuid.New().String()
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+
+		log := log.WithFields(log.Fields{
+			"response_mode": responseMode,
+			"response_type": responseType,
+		})
+
+		// TODO add state with timeout
+		// used for response mode query or fragment
+		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
+		if responseType == constants.ResponseTypeCode {
+			loginState += "&code=" + code
+			if err := memorystore.Provider.SetState(state, code+"@@"+codeChallenge); err != nil {
+				log.Debug("Error setting temp code", err)
+			}
+		} else {
+			loginState += "&nonce=" + nonce
+			if err := memorystore.Provider.SetState(state, nonce); err != nil {
+				log.Debug("Error setting temp code", err)
 			}
 		}
 
+		loginURL := "/app?" + loginState
+
+		if responseMode == constants.ResponseModeFragment {
+			loginURL = "/app#" + loginState
+		}
+
+		if responseType == constants.ResponseTypeCode && codeChallenge == "" {
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"error":             "code_challenge_required",
+					"error_description": "code challenge is required",
+				},
+			}, http.StatusOK)
+			return
+		}
+
+		loginError := map[string]interface{}{
+			"type": "authorization_response",
+			"response": map[string]interface{}{
+				"error":             "login_required",
+				"error_description": "Login is required",
+			},
+		}
 		sessionToken, err := cookie.GetSession(gc)
 		if err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error":             "login_required",
-							"error_description": "Login is required",
-						},
-					},
-				})
-			}
+			log.Debug("GetSession failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 			return
 		}
 
 		// get session from cookie
 		claims, err := token.ValidateBrowserSession(gc, sessionToken)
 		if err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error":             "login_required",
-							"error_description": "Login is required",
-						},
-					},
-				})
-			}
+			log.Debug("ValidateBrowserSession failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 			return
 		}
+
 		userID := claims.Subject
 		user, err := db.Provider.GetUserByID(gc, userID)
 		if err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error":             "signup_required",
-							"error_description": "Sign up required",
-						},
-					},
-				})
-			}
+			log.Debug("GetUserByID failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"error":             "signup_required",
+					"error_description": "Sign up required",
+				},
+			}, http.StatusOK)
 			return
 		}
 
@@ -223,89 +183,115 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionKey = claims.LoginMethod + ":" + user.ID
 		}
 
-		// if user is logged in
-		// based on the response type code, generate the response
-		if isResponseTypeCode {
-			// rollover the session for security
-			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
-			nonce := uuid.New().String()
+		// rollover the session for security
+		go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
+		if responseType == constants.ResponseTypeCode {
 			newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
 			if err != nil {
-				if isQuery {
-					gc.Redirect(http.StatusFound, loginURL)
-				} else {
-					gc.HTML(http.StatusOK, template, gin.H{
-						"target_origin": redirectURI,
-						"authorization_response": map[string]interface{}{
-							"type": "authorization_response",
-							"response": map[string]string{
-								"error":             "login_required",
-								"error_description": "Login is required",
-							},
-						},
-					})
-				}
+				log.Debug("CreateSessionToken failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
+			}
+
+			// TODO: add state with timeout
+			// if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
+			// 	log.Debug("SetState failed: ", err)
+			// 	handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+			// 	return
+			// }
+
+			// TODO: add state with timeout
+			if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+newSessionToken); err != nil {
+				log.Debug("SetState failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
+			}
+
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil {
+				log.Debug("SetUserSession failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 				return
 			}
 
-			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken)
 			cookie.SetSession(gc, newSessionToken)
-			code := uuid.New().String()
-			memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken)
-			gc.HTML(http.StatusOK, template, gin.H{
-				"target_origin": redirectURI,
-				"authorization_response": map[string]interface{}{
-					"type": "authorization_response",
-					"response": map[string]string{
-						"code":  code,
-						"state": state,
-					},
+
+			// in case, response type is code and user is already logged in send the code and state
+			// and cookie session will already be rolled over and set
+			// gc.HTML(http.StatusOK, authorizeWebMessageTemplate, gin.H{
+			// 	"target_origin": redirectURI,
+			// 	"authorization_response": map[string]interface{}{
+			// 		"type": "authorization_response",
+			// 		"response": map[string]string{
+			// 			"code":  code,
+			// 			"state": state,
+			// 		},
+			// 	},
+			// })
+
+			params := "code=" + code + "&state=" + state + "&nonce=" + nonce
+			if responseMode == constants.ResponseModeQuery {
+				if strings.Contains(redirectURI, "?") {
+					redirectURI = redirectURI + "&" + params
+				} else {
+					redirectURI = redirectURI + "?" + params
+				}
+			} else if responseMode == constants.ResponseModeFragment {
+				if strings.Contains(redirectURI, "#") {
+					redirectURI = redirectURI + "&" + params
+				} else {
+					redirectURI = redirectURI + "#" + params
+				}
+			}
+
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"code":  code,
+					"state": state,
 				},
-			})
+			}, http.StatusOK)
+
 			return
 		}
 
-		if isResponseTypeToken {
+		if responseType == constants.ResponseTypeToken || responseType == constants.ResponseTypeIDToken {
 			// rollover the session for security
-			authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod)
+			authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod, nonce, "")
 			if err != nil {
-				if isQuery {
-					gc.Redirect(http.StatusFound, loginURL)
-				} else {
-					gc.HTML(http.StatusOK, template, gin.H{
-						"target_origin": redirectURI,
-						"authorization_response": map[string]interface{}{
-							"type": "authorization_response",
-							"response": map[string]string{
-								"error":             "login_required",
-								"error_description": "Login is required",
-							},
-						},
-					})
-				}
+				log.Debug("CreateAuthToken failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 				return
 			}
 
-			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
-			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
-			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
-			cookie.SetSession(gc, authToken.FingerPrintHash)
-
-			expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
-			if expiresIn <= 0 {
-				expiresIn = 1
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+nonce, authToken.FingerPrintHash); err != nil {
+				log.Debug("SetUserSession failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
 			}
 
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+nonce, authToken.AccessToken.Token); err != nil {
+				log.Debug("SetUserSession failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
+			}
+
+			cookie.SetSession(gc, authToken.FingerPrintHash)
+
 			// used of query mode
-			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
+			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(authToken.IDToken.ExpiresAt, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
 
 			res := map[string]interface{}{
 				"access_token": authToken.AccessToken.Token,
 				"id_token":     authToken.IDToken.Token,
 				"state":        state,
-				"scope":        scope,
+				"scope":        strings.Join(scope, " "),
 				"token_type":   "Bearer",
-				"expires_in":   expiresIn,
+				"expires_in":   authToken.AccessToken.ExpiresAt,
+			}
+
+			if nonce != "" {
+				params += "&nonce=" + nonce
+				res["nonce"] = nonce
 			}
 
 			if authToken.RefreshToken != nil {
@@ -314,38 +300,76 @@ func AuthorizeHandler() gin.HandlerFunc {
 				memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 			}
 
-			if isQuery {
+			if responseMode == constants.ResponseModeQuery {
 				if strings.Contains(redirectURI, "?") {
-					gc.Redirect(http.StatusFound, redirectURI+"&"+params)
+					redirectURI = redirectURI + "&" + params
 				} else {
-					gc.Redirect(http.StatusFound, redirectURI+"?"+params)
+					redirectURI = redirectURI + "?" + params
+				}
+			} else if responseMode == constants.ResponseModeFragment {
+				if strings.Contains(redirectURI, "#") {
+					redirectURI = redirectURI + "&" + params
+				} else {
+					redirectURI = redirectURI + "#" + params
 				}
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type":     "authorization_response",
-						"response": res,
-					},
-				})
 			}
+
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type":     "authorization_response",
+				"response": res,
+			}, http.StatusOK)
 			return
 		}
 
-		if isQuery {
-			gc.Redirect(http.StatusFound, loginURL)
-		} else {
-			// by default return with error
-			gc.HTML(http.StatusOK, template, gin.H{
-				"target_origin": redirectURI,
-				"authorization_response": map[string]interface{}{
-					"type": "authorization_response",
-					"response": map[string]string{
-						"error":             "login_required",
-						"error_description": "Login is required",
-					},
-				},
-			})
-		}
+		handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+	}
+}
+
+func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge string) error {
+	if strings.TrimSpace(state) == "" {
+		return fmt.Errorf("invalid state. state is required to prevent csrf attack")
+	}
+	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken && responseType != constants.ResponseTypeIDToken {
+		return fmt.Errorf("invalid response type %s. 'code' & 'token' are valid response_type", responseMode)
+	}
+
+	if responseMode != constants.ResponseModeQuery && responseMode != constants.ResponseModeWebMessage && responseMode != constants.ResponseModeFragment && responseMode != constants.ResponseModeFormPost {
+		return fmt.Errorf("invalid response mode %s. 'query', 'fragment', 'form_post' and 'web_message' are valid response_mode", responseMode)
+	}
+
+	if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
+		return fmt.Errorf("invalid client_id %s", clientID)
+	}
+
+	return nil
+}
+
+func handleResponse(gc *gin.Context, responseMode, loginURI, redirectURI string, data map[string]interface{}, httpStatusCode int) {
+	isAuthenticationRequired := false
+	if _, ok := data["response"].(map[string]interface{})["error"]; ok {
+		isAuthenticationRequired = true
+	}
+
+	if isAuthenticationRequired && responseMode != constants.ResponseModeWebMessage {
+		gc.Redirect(http.StatusFound, loginURI)
+		return
+	}
+
+	switch responseMode {
+	case constants.ResponseModeQuery, constants.ResponseModeFragment:
+		gc.Redirect(http.StatusFound, redirectURI)
+		return
+	case constants.ResponseModeWebMessage:
+		gc.HTML(httpStatusCode, authorizeWebMessageTemplate, gin.H{
+			"target_origin":          redirectURI,
+			"authorization_response": data,
+		})
+		return
+	case constants.ResponseModeFormPost:
+		gc.HTML(httpStatusCode, authorizeFormPostTemplate, gin.H{
+			"target_origin":          redirectURI,
+			"authorization_response": data["response"],
+		})
+		return
 	}
 }

server/handlers/oauth_callback.go

@@ -5,7 +5,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -13,6 +13,7 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"
 
@@ -55,20 +56,22 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		scopes := strings.Split(sessionSplit[3], ",")
 
 		user := models.User{}
-		code := ctx.Request.FormValue("code")
+		oauthCode := ctx.Request.FormValue("code")
 		switch provider {
 		case constants.AuthRecipeMethodGoogle:
-			user, err = processGoogleUserInfo(code)
+			user, err = processGoogleUserInfo(oauthCode)
 		case constants.AuthRecipeMethodGithub:
-			user, err = processGithubUserInfo(code)
+			user, err = processGithubUserInfo(oauthCode)
 		case constants.AuthRecipeMethodFacebook:
-			user, err = processFacebookUserInfo(code)
+			user, err = processFacebookUserInfo(oauthCode)
 		case constants.AuthRecipeMethodLinkedIn:
-			user, err = processLinkedInUserInfo(code)
+			user, err = processLinkedInUserInfo(oauthCode)
 		case constants.AuthRecipeMethodApple:
-			user, err = processAppleUserInfo(code)
+			user, err = processAppleUserInfo(oauthCode)
 		case constants.AuthRecipeMethodTwitter:
-			user, err = processTwitterUserInfo(code, sessionState)
+			user, err = processTwitterUserInfo(oauthCode, sessionState)
+		case constants.AuthRecipeMethodMicrosoft:
+			user, err = processMicrosoftUserInfo(oauthCode)
 		default:
 			log.Info("Invalid oauth provider")
 			err = fmt.Errorf(`invalid oauth provider`)
@@ -196,18 +199,53 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			}
 		}
 
-		authToken, err := token.CreateAuthToken(ctx, user, inputRoles, scopes, provider)
+		// TODO
+		// use stateValue to get code / nonce
+		// add code / nonce to id_token
+		code := ""
+		codeChallenge := ""
+		nonce := ""
+		if stateValue != "" {
+			// Get state from store
+			authorizeState, _ := memorystore.Provider.GetState(stateValue)
+			if authorizeState != "" {
+				authorizeStateSplit := strings.Split(authorizeState, "@@")
+				if len(authorizeStateSplit) > 1 {
+					code = authorizeStateSplit[0]
+					codeChallenge = authorizeStateSplit[1]
+				} else {
+					nonce = authorizeState
+				}
+				go memorystore.Provider.RemoveState(stateValue)
+			}
+		}
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+		authToken, err := token.CreateAuthToken(ctx, user, inputRoles, scopes, provider, nonce, code)
 		if err != nil {
 			log.Debug("Failed to create auth token: ", err)
 			ctx.JSON(500, gin.H{"error": err.Error()})
 		}
 
+		// Code challenge could be optional if PKCE flow is not used
+		if code != "" {
+			if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+				log.Debug("SetState failed: ", err)
+				ctx.JSON(500, gin.H{"error": err.Error()})
+			}
+		}
+
 		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 		if expiresIn <= 0 {
 			expiresIn = 1
 		}
 
-		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token
+		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
+
+		if code != "" {
+			params += "&code=" + code
+		}
 
 		sessionKey := provider + ":" + user.ID
 		cookie.SetSession(ctx, authToken.FingerPrintHash)
@@ -215,7 +253,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 
 		if authToken.RefreshToken != nil {
-			params = params + `&refresh_token=` + authToken.RefreshToken.Token
+			params += `&refresh_token=` + authToken.RefreshToken.Token
 			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 		}
 
@@ -276,7 +314,7 @@ func processGoogleUserInfo(code string) (models.User, error) {
 
 func processGithubUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
@@ -298,7 +336,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read github user info response body: ", err)
 		return user, fmt.Errorf("failed to read github response body: %s", err.Error())
@@ -347,7 +385,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 		}
 
 		defer response.Body.Close()
-		body, err := ioutil.ReadAll(response.Body)
+		body, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Debug("Failed to read github user email response body: ", err)
 			return user, fmt.Errorf("failed to read github response body: %s", err.Error())
@@ -383,7 +421,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 
 func processFacebookUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Invalid facebook exchange code: ", err)
 		return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
@@ -402,7 +440,7 @@ func processFacebookUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read facebook response: ", err)
 		return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
@@ -434,7 +472,7 @@ func processFacebookUserInfo(code string) (models.User, error) {
 
 func processLinkedInUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
@@ -457,7 +495,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read linkedin user info response body: ", err)
 		return user, fmt.Errorf("failed to read linkedin response body: %s", err.Error())
@@ -487,7 +525,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err = ioutil.ReadAll(response.Body)
+	body, err = io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read linkedin email info response body: ", err)
 		return user, fmt.Errorf("failed to read linkedin email response body: %s", err.Error())
@@ -516,7 +554,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
 
 func processAppleUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
@@ -569,7 +607,7 @@ func processAppleUserInfo(code string) (models.User, error) {
 
 func processTwitterUserInfo(code, verifier string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(oauth2.NoContext, code, oauth2.SetAuthURLParam("code_verifier", verifier))
+	oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(context.TODO(), code, oauth2.SetAuthURLParam("code_verifier", verifier))
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid twitter exchange code: %s", err.Error())
@@ -592,7 +630,7 @@ func processTwitterUserInfo(code, verifier string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read Twitter user info response body: ", err)
 		return user, fmt.Errorf("failed to read Twitter response body: %s", err.Error())
@@ -633,3 +671,37 @@ func processTwitterUserInfo(code, verifier string) (models.User, error) {
 
 	return user, nil
 }
+
+// process microsoft user information
+func processMicrosoftUserInfo(code string) (models.User, error) {
+	user := models.User{}
+	ctx := context.Background()
+	oauth2Token, err := oauth.OAuthProviders.MicrosoftConfig.Exchange(ctx, code)
+	if err != nil {
+		log.Debug("Failed to exchange code for token: ", err)
+		return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
+	}
+
+	verifier := oauth.OIDCProviders.MicrosoftOIDC.Verifier(&oidc.Config{ClientID: oauth.OAuthProviders.MicrosoftConfig.ClientID})
+
+	// Extract the ID Token from OAuth2 token.
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+	if !ok {
+		log.Debug("Failed to extract ID Token from OAuth2 token")
+		return user, fmt.Errorf("unable to extract id_token")
+	}
+
+	// Parse and verify ID Token payload.
+	idToken, err := verifier.Verify(ctx, rawIDToken)
+	if err != nil {
+		log.Debug("Failed to verify ID Token: ", err)
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
+	}
+
+	if err := idToken.Claims(&user); err != nil {
+		log.Debug("Failed to parse ID Token claims: ", err)
+		return user, fmt.Errorf("unable to extract claims")
+	}
+
+	return user, nil
+}

server/handlers/oauth_login.go

@@ -209,6 +209,24 @@ func OAuthLoginHandler() gin.HandlerFunc {
 			// check: https://github.com/golang/oauth2/issues/449
 			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post")) + "&scope=name email"
 			c.Redirect(http.StatusTemporaryRedirect, url)
+		case constants.AuthRecipeMethodMicrosoft:
+			if oauth.OAuthProviders.MicrosoftConfig == nil {
+				log.Debug("Microsoft OAuth provider is not configured")
+				isProviderConfigured = false
+				break
+			}
+			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodMicrosoft)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
+			// during the init of OAuthProvider authorizer url might be empty
+			oauth.OAuthProviders.MicrosoftConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodMicrosoft
+			url := oauth.OAuthProviders.MicrosoftConfig.AuthCodeURL(oauthStateString)
+			c.Redirect(http.StatusTemporaryRedirect, url)
 		default:
 			log.Debug("Invalid oauth provider: ", provider)
 			c.JSON(422, gin.H{

server/handlers/token.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -17,12 +18,22 @@ import (
 	"github.com/authorizerdev/authorizer/server/token"
 )
 
+type RequestBody struct {
+	CodeVerifier string `form:"code_verifier" json:"code_verifier"`
+	Code         string `form:"code" json:"code"`
+	ClientID     string `form:"client_id" json:"client_id"`
+	ClientSecret string `form:"client_secret" json:"client_secret"`
+	GrantType    string `form:"grant_type" json:"grant_type"`
+	RefreshToken string `form:"refresh_token" json:"refresh_token"`
+	RedirectURI  string `form:"redirect_uri" json:"redirect_uri"`
+}
+
 // TokenHandler to handle /oauth/token requests
 // grant type required
 func TokenHandler() gin.HandlerFunc {
 	return func(gc *gin.Context) {
-		var reqBody map[string]string
-		if err := gc.BindJSON(&reqBody); err != nil {
+		var reqBody RequestBody
+		if err := gc.Bind(&reqBody); err != nil {
 			log.Debug("Error binding JSON: ", err)
 			gc.JSON(http.StatusBadRequest, gin.H{
 				"error":             "error_binding_json",
@@ -31,11 +42,12 @@ func TokenHandler() gin.HandlerFunc {
 			return
 		}
 
-		codeVerifier := strings.TrimSpace(reqBody["code_verifier"])
-		code := strings.TrimSpace(reqBody["code"])
-		clientID := strings.TrimSpace(reqBody["client_id"])
-		grantType := strings.TrimSpace(reqBody["grant_type"])
-		refreshToken := strings.TrimSpace(reqBody["refresh_token"])
+		codeVerifier := strings.TrimSpace(reqBody.CodeVerifier)
+		code := strings.TrimSpace(reqBody.Code)
+		clientID := strings.TrimSpace(reqBody.ClientID)
+		grantType := strings.TrimSpace(reqBody.GrantType)
+		refreshToken := strings.TrimSpace(reqBody.RefreshToken)
+		clientSecret := strings.TrimSpace(reqBody.ClientSecret)
 
 		if grantType == "" {
 			grantType = "authorization_code"
@@ -52,6 +64,12 @@ func TokenHandler() gin.HandlerFunc {
 			})
 		}
 
+		// check if clientID & clientSecret are present as part of
+		// authorization header with basic auth
+		if clientID == "" && clientSecret == "" {
+			clientID, clientSecret, _ = gc.Request.BasicAuth()
+		}
+
 		if clientID == "" {
 			log.Debug("Client ID is empty")
 			gc.JSON(http.StatusBadRequest, gin.H{
@@ -76,15 +94,6 @@ func TokenHandler() gin.HandlerFunc {
 		sessionKey := ""
 
 		if isAuthorizationCodeGrant {
-			if codeVerifier == "" {
-				log.Debug("Code verifier is empty")
-				gc.JSON(http.StatusBadRequest, gin.H{
-					"error":             "invalid_code_verifier",
-					"error_description": "The code verifier is required",
-				})
-				return
-			}
-
 			if code == "" {
 				log.Debug("Code is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
@@ -94,33 +103,53 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}
 
-			hash := sha256.New()
-			hash.Write([]byte(codeVerifier))
-			encryptedCode := strings.ReplaceAll(base64.URLEncoding.EncodeToString(hash.Sum(nil)), "+", "-")
-			encryptedCode = strings.ReplaceAll(encryptedCode, "/", "_")
-			encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
-			sessionData, err := memorystore.Provider.GetState(encryptedCode)
+			if codeVerifier == "" && clientSecret == "" {
+				gc.JSON(http.StatusBadRequest, gin.H{
+					"error":             "invalid_dat",
+					"error_description": "The code verifier or client secret is required",
+				})
+				return
+			}
+			// Get state
+			sessionData, err := memorystore.Provider.GetState(code)
 			if sessionData == "" || err != nil {
 				log.Debug("Session data is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
-					"error":             "invalid_code_verifier",
-					"error_description": "The code verifier is invalid",
+					"error":             "invalid_code",
+					"error_description": "The code is invalid",
 				})
 				return
 			}
 
-			go memorystore.Provider.RemoveState(encryptedCode)
-			// split session data
-			// it contains code@sessiontoken
-			sessionDataSplit := strings.Split(sessionData, "@")
+			// [0] -> code_challenge
+			// [1] -> session cookie
+			sessionDataSplit := strings.Split(sessionData, "@@")
 
-			if sessionDataSplit[0] != code {
-				log.Debug("Invalid code verifier. Unable to split session data")
-				gc.JSON(http.StatusBadRequest, gin.H{
-					"error":             "invalid_code_verifier",
-					"error_description": "The code verifier is invalid",
-				})
-				return
+			go memorystore.Provider.RemoveState(code)
+
+			if codeVerifier != "" {
+				hash := sha256.New()
+				hash.Write([]byte(codeVerifier))
+				encryptedCode := strings.ReplaceAll(base64.RawURLEncoding.EncodeToString(hash.Sum(nil)), "+", "-")
+				encryptedCode = strings.ReplaceAll(encryptedCode, "/", "_")
+				encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
+				if encryptedCode != sessionDataSplit[0] {
+					gc.JSON(http.StatusBadRequest, gin.H{
+						"error":             "invalid_code_verifier",
+						"error_description": "The code verifier is invalid",
+					})
+					return
+				}
+
+			} else {
+				if clientHash, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientSecret); clientSecret != clientHash || err != nil {
+					log.Debug("Client Secret is invalid: ", clientID)
+					gc.JSON(http.StatusBadRequest, gin.H{
+						"error":             "invalid_client_secret",
+						"error_description": "The client secret is invalid",
+					})
+					return
+				}
 			}
 
 			// validate session
@@ -146,6 +175,7 @@ func TokenHandler() gin.HandlerFunc {
 			}
 
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
+
 		} else {
 			// validate refresh token
 			if refreshToken == "" {
@@ -206,7 +236,8 @@ func TokenHandler() gin.HandlerFunc {
 			return
 		}
 
-		authToken, err := token.CreateAuthToken(gc, user, roles, scope, loginMethod)
+		nonce := uuid.New().String() + "@@" + code
+		authToken, err := token.CreateAuthToken(gc, user, roles, scope, loginMethod, nonce, code)
 		if err != nil {
 			log.Debug("Error creating auth token: ", err)
 			gc.JSON(http.StatusUnauthorized, gin.H{
@@ -228,7 +259,7 @@ func TokenHandler() gin.HandlerFunc {
 		res := map[string]interface{}{
 			"access_token": authToken.AccessToken.Token,
 			"id_token":     authToken.IDToken.Token,
-			"scope":        scope,
+			"scope":        strings.Join(scope, " "),
 			"roles":        roles,
 			"expires_in":   expiresIn,
 		}

server/handlers/verify_email.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -98,7 +99,30 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		if verificationRequest.Identifier == constants.VerificationTypeMagicLinkLogin {
 			loginMethod = constants.AuthRecipeMethodMagicLinkLogin
 		}
-		authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod)
+
+		code := ""
+		// Not required as /oauth/token cannot be resumed from other tab
+		// codeChallenge := ""
+		nonce := ""
+		if state != "" {
+			// Get state from store
+			authorizeState, _ := memorystore.Provider.GetState(state)
+			if authorizeState != "" {
+				authorizeStateSplit := strings.Split(authorizeState, "@@")
+				if len(authorizeStateSplit) > 1 {
+					code = authorizeStateSplit[0]
+					// Not required as /oauth/token cannot be resumed from other tab
+					// codeChallenge = authorizeStateSplit[1]
+				} else {
+					nonce = authorizeState
+				}
+				go memorystore.Provider.RemoveState(state)
+			}
+		}
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+		authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce, code)
 		if err != nil {
 			log.Debug("Error creating auth token: ", err)
 			errorRes["error_description"] = err.Error()
@@ -106,12 +130,27 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			return
 		}
 
+		// Code challenge could be optional if PKCE flow is not used
+		// Not required as /oauth/token cannot be resumed from other tab
+		// if code != "" {
+		// 	if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+		// 		log.Debug("Error setting code state ", err)
+		// 		errorRes["error_description"] = err.Error()
+		// 		c.JSON(500, errorRes)
+		// 		return
+		// 	}
+		// }
+
 		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 		if expiresIn <= 0 {
 			expiresIn = 1
 		}
 
-		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
+		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
+
+		if code != "" {
+			params += "&code=" + code
+		}
 
 		sessionKey := loginMethod + ":" + user.ID
 		cookie.SetSession(c, authToken.FingerPrintHash)

server/logs/logs.go

@@ -0,0 +1,61 @@
+package logs
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
+)
+
+// LogUTCFormatter hels in setting UTC time format for the logs
+type LogUTCFormatter struct {
+	log.Formatter
+}
+
+// Format helps fomratting time to UTC
+func (u LogUTCFormatter) Format(e *log.Entry) ([]byte, error) {
+	e.Time = e.Time.UTC()
+	return u.Formatter.Format(e)
+}
+
+func InitLog(cliLogLevel string) *log.Logger {
+
+	// log instance for gin server
+	log := logrus.New()
+	log.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
+
+	if cliLogLevel == "" {
+		cliLogLevel = os.Getenv("LOG_LEVEL")
+	}
+
+	var logLevel logrus.Level
+	switch cliLogLevel {
+	case "debug":
+		logLevel = logrus.DebugLevel
+	case "info":
+		logLevel = logrus.InfoLevel
+	case "warn":
+		logLevel = logrus.WarnLevel
+	case "error":
+		logLevel = logrus.ErrorLevel
+	case "fatal":
+		logLevel = logrus.FatalLevel
+	case "panic":
+		logLevel = logrus.PanicLevel
+	default:
+		logLevel = logrus.InfoLevel
+	}
+	// set log level globally
+	logrus.SetLevel(logLevel)
+
+	// set log level for go-gin middleware
+	log.SetLevel(logLevel)
+
+	// show file path in log for debug or other log levels.
+	if logLevel != logrus.InfoLevel {
+		logrus.SetReportCaller(true)
+		log.SetReportCaller(true)
+	}
+
+	return log
+}

server/main.go

@@ -3,84 +3,42 @@ package main
 import (
 	"flag"
 
-	"github.com/sirupsen/logrus"
-	log "github.com/sirupsen/logrus"
-
 	"github.com/authorizerdev/authorizer/server/cli"
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/env"
+	"github.com/authorizerdev/authorizer/server/logs"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/routes"
+	"github.com/sirupsen/logrus"
 )
 
 // VERSION is used to define the version of authorizer from build tags
 var VERSION string
 
-// LogUTCFormatter hels in setting UTC time format for the logs
-type LogUTCFormatter struct {
-	log.Formatter
-}
-
-// Format helps fomratting time to UTC
-func (u LogUTCFormatter) Format(e *log.Entry) ([]byte, error) {
-	e.Time = e.Time.UTC()
-	return u.Formatter.Format(e)
-}
-
 func main() {
 	cli.ARG_DB_URL = flag.String("database_url", "", "Database connection string")
 	cli.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
 	cli.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
-	cli.ARG_LOG_LEVEL = flag.String("log_level", "info", "Log level, possible values are debug,info,warn,error,fatal,panic")
+	cli.ARG_LOG_LEVEL = flag.String("log_level", "", "Log level, possible values are debug,info,warn,error,fatal,panic")
 	cli.ARG_REDIS_URL = flag.String("redis_url", "", "Redis connection string")
 	flag.Parse()
 
 	// global log level
-	logrus.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
-
-	// log instance for gin server
-	log := logrus.New()
-	log.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
-
-	var logLevel logrus.Level
-	switch *cli.ARG_LOG_LEVEL {
-	case "debug":
-		logLevel = logrus.DebugLevel
-	case "info":
-		logLevel = logrus.InfoLevel
-	case "warn":
-		logLevel = logrus.WarnLevel
-	case "error":
-		logLevel = logrus.ErrorLevel
-	case "fatal":
-		logLevel = logrus.FatalLevel
-	case "panic":
-		logLevel = logrus.PanicLevel
-	default:
-		logLevel = logrus.InfoLevel
-	}
-	// set log level globally
-	logrus.SetLevel(logLevel)
-
-	// set log level for go-gin middleware
-	log.SetLevel(logLevel)
-
-	// show file path in log for debug or other log levels.
-	if logLevel != logrus.InfoLevel {
-		logrus.SetReportCaller(true)
-		log.SetReportCaller(true)
-	}
+	logrus.SetFormatter(logs.LogUTCFormatter{&logrus.JSONFormatter{}})
 
 	constants.VERSION = VERSION
 
 	// initialize required envs (mainly db, env file path and redis)
 	err := memorystore.InitRequiredEnv()
 	if err != nil {
-		log.Fatal("Error while initializing required envs: ", err)
+		logrus.Fatal("Error while initializing required envs: ", err)
 	}
 
+	log := logs.InitLog(refs.StringValue(cli.ARG_LOG_LEVEL))
+
 	// initialize memory store
 	err = memorystore.InitMemStore()
 	if err != nil {

server/memorystore/memory_store.go

@@ -26,6 +26,7 @@ func InitMemStore() error {
 
 		// boolean envs
 		constants.EnvKeyDisableBasicAuthentication:       false,
+		constants.EnvKeyDisableMobileBasicAuthentication: false,
 		constants.EnvKeyDisableMagicLinkLogin:            false,
 		constants.EnvKeyDisableEmailVerification:         false,
 		constants.EnvKeyDisableLoginPage:                 false,

server/memorystore/providers/inmemory/store.go

@@ -35,6 +35,7 @@ func (c *provider) DeleteAllUserSessions(userId string) error {
 		constants.AuthRecipeMethodGoogle,
 		constants.AuthRecipeMethodLinkedIn,
 		constants.AuthRecipeMethodTwitter,
+		constants.AuthRecipeMethodMicrosoft,
 	}
 
 	for _, namespace := range namespaces {

server/memorystore/providers/redis/store.go

@@ -72,6 +72,7 @@ func (c *provider) DeleteAllUserSessions(userID string) error {
 		constants.AuthRecipeMethodGoogle,
 		constants.AuthRecipeMethodLinkedIn,
 		constants.AuthRecipeMethodTwitter,
+		constants.AuthRecipeMethodMicrosoft,
 	}
 	for _, namespace := range namespaces {
 		err := c.store.Del(c.ctx, namespace+":"+userID).Err()
@@ -161,7 +162,7 @@ func (c *provider) GetEnvStore() (map[string]interface{}, error) {
 		return nil, err
 	}
 	for key, value := range data {
-		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure {
+		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableMobileBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure {
 			boolValue, err := strconv.ParseBool(value)
 			if err != nil {
 				return res, err

server/memorystore/required_env_store.go

@@ -32,6 +32,10 @@ type RequiredEnv struct {
 	AwsRegion          string `json:"AWS_REGION"`
 	AwsAccessKeyID     string `json:"AWS_ACCESS_KEY_ID"`
 	AwsSecretAccessKey string `json:"AWS_SECRET_ACCESS_KEY"`
+	// Couchbase related envs
+	CouchbaseBucket           string `json:"COUCHBASE_BUCKET"`
+	CouchbaseScope            string `json:"COUCHBASE_SCOPE"`
+	CouchbaseBucketRAMQuotaMB string `json:"COUCHBASE_BUCKET_RAM_QUOTA"`
 }
 
 // RequiredEnvObj is a simple in-memory store for sessions.
@@ -93,6 +97,9 @@ func InitRequiredEnv() error {
 	awsRegion := os.Getenv(constants.EnvAwsRegion)
 	awsAccessKeyID := os.Getenv(constants.EnvAwsAccessKeyID)
 	awsSecretAccessKey := os.Getenv(constants.EnvAwsSecretAccessKey)
+	couchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
+	couchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
+	couchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)
 
 	if strings.TrimSpace(redisURL) == "" {
 		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
@@ -135,22 +142,25 @@ func InitRequiredEnv() error {
 	}
 
 	requiredEnv := RequiredEnv{
-		EnvPath:            envPath,
-		DatabaseURL:        dbURL,
-		DatabaseType:       dbType,
-		DatabaseName:       dbName,
-		DatabaseHost:       dbHost,
-		DatabasePort:       dbPort,
-		DatabaseUsername:   dbUsername,
-		DatabasePassword:   dbPassword,
-		DatabaseCert:       dbCert,
-		DatabaseCertKey:    dbCertKey,
-		DatabaseCACert:     dbCACert,
-		RedisURL:           redisURL,
-		DisableRedisForEnv: disableRedisForEnv,
-		AwsRegion:          awsRegion,
-		AwsAccessKeyID:     awsAccessKeyID,
-		AwsSecretAccessKey: awsSecretAccessKey,
+		EnvPath:                   envPath,
+		DatabaseURL:               dbURL,
+		DatabaseType:              dbType,
+		DatabaseName:              dbName,
+		DatabaseHost:              dbHost,
+		DatabasePort:              dbPort,
+		DatabaseUsername:          dbUsername,
+		DatabasePassword:          dbPassword,
+		DatabaseCert:              dbCert,
+		DatabaseCertKey:           dbCertKey,
+		DatabaseCACert:            dbCACert,
+		RedisURL:                  redisURL,
+		DisableRedisForEnv:        disableRedisForEnv,
+		AwsRegion:                 awsRegion,
+		AwsAccessKeyID:            awsAccessKeyID,
+		AwsSecretAccessKey:        awsSecretAccessKey,
+		CouchbaseBucket:           couchbaseBucket,
+		CouchbaseScope:            couchbaseScope,
+		CouchbaseBucketRAMQuotaMB: couchbaseBucketRAMQuotaMB,
 	}
 
 	RequiredEnvStoreObj = &RequiredEnvStore{

server/middlewares/cors.go

@@ -9,7 +9,6 @@ import (
 func CORSMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		origin := c.Request.Header.Get("Origin")
-
 		if validators.IsValidOrigin(origin) {
 			c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
 		}

server/oauth/oauth.go

@@ -2,12 +2,14 @@ package oauth
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
 	facebookOAuth2 "golang.org/x/oauth2/facebook"
 	githubOAuth2 "golang.org/x/oauth2/github"
 	linkedInOAuth2 "golang.org/x/oauth2/linkedin"
+	microsoftOAuth2 "golang.org/x/oauth2/microsoft"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/memorystore"
@@ -15,17 +17,19 @@ import (
 
 // OAuthProviders is a struct that contains reference all the OAuth providers
 type OAuthProvider struct {
-	GoogleConfig   *oauth2.Config
-	GithubConfig   *oauth2.Config
-	FacebookConfig *oauth2.Config
-	LinkedInConfig *oauth2.Config
-	AppleConfig    *oauth2.Config
-	TwitterConfig  *oauth2.Config
+	GoogleConfig    *oauth2.Config
+	GithubConfig    *oauth2.Config
+	FacebookConfig  *oauth2.Config
+	LinkedInConfig  *oauth2.Config
+	AppleConfig     *oauth2.Config
+	TwitterConfig   *oauth2.Config
+	MicrosoftConfig *oauth2.Config
 }
 
 // OIDCProviders is a struct that contains reference all the OpenID providers
 type OIDCProvider struct {
-	GoogleOIDC *oidc.Provider
+	GoogleOIDC    *oidc.Provider
+	MicrosoftOIDC *oidc.Provider
 }
 
 var (
@@ -158,5 +162,32 @@ func InitOAuth() error {
 		}
 	}
 
+	microsoftClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientID)
+	if err != nil {
+		microsoftClientID = ""
+	}
+	microsoftClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientSecret)
+	if err != nil {
+		microsoftClientSecret = ""
+	}
+	microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
+	if err != nil {
+		microsoftActiveDirTenantID = ""
+	}
+	if microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "" {
+		p, err := oidc.NewProvider(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))
+		if err != nil {
+			return err
+		}
+		OIDCProviders.MicrosoftOIDC = p
+		OAuthProviders.MicrosoftConfig = &oauth2.Config{
+			ClientID:     microsoftClientID,
+			ClientSecret: microsoftClientSecret,
+			RedirectURL:  "/oauth_callback/microsoft",
+			Endpoint:     microsoftOAuth2.AzureADEndpoint(microsoftActiveDirTenantID),
+			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+		}
+	}
+
 	return nil
 }

server/parsers/url.go

@@ -20,12 +20,12 @@ func GetHost(c *gin.Context) string {
 		authorizerURL = ""
 	}
 	if authorizerURL != "" {
-		return authorizerURL
+		return strings.TrimSuffix(authorizerURL, "/")
 	}
 
 	authorizerURL = c.Request.Header.Get("X-Authorizer-URL")
 	if authorizerURL != "" {
-		return authorizerURL
+		return strings.TrimSuffix(authorizerURL, "/")
 	}
 
 	scheme := c.Request.Header.Get("X-Forwarded-Proto")
@@ -33,7 +33,7 @@ func GetHost(c *gin.Context) string {
 		scheme = "http"
 	}
 	host := c.Request.Host
-	return scheme + "://" + host
+	return strings.TrimSuffix(scheme+"://"+host, "/")
 }
 
 // GetHostName function returns hostname and port
@@ -91,7 +91,7 @@ func GetDomainName(uri string) string {
 	return host
 }
 
-// GetAppURL to get /app/ url if not configured by user
+// GetAppURL to get /app url if not configured by user
 func GetAppURL(gc *gin.Context) string {
 	envAppURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
 	if envAppURL == "" || err != nil {

server/resolvers/add_email_template.go

@@ -8,6 +8,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/authorizerdev/authorizer/server/validators"
@@ -40,15 +41,17 @@ func AddEmailTemplateResolver(ctx context.Context, params model.AddEmailTemplate
 		return nil, fmt.Errorf("empty template not allowed")
 	}
 
-	if strings.TrimSpace(params.Design) == "" {
-		return nil, fmt.Errorf("empty design not allowed")
+	var design string
+
+	if params.Design == nil || strings.TrimSpace(refs.StringValue(params.Design)) == "" {
+		design = ""
 	}
 
 	_, err = db.Provider.AddEmailTemplate(ctx, models.EmailTemplate{
 		EventName: params.EventName,
 		Template:  params.Template,
 		Subject:   params.Subject,
-		Design:    params.Design,
+		Design:    design,
 	})
 	if err != nil {
 		log.Debug("Failed to add email template: ", err)

server/resolvers/env.go

@@ -152,6 +152,15 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	if val, ok := store[constants.EnvKeyTwitterClientSecret]; ok {
 		res.TwitterClientSecret = refs.NewStringRef(val.(string))
 	}
+	if val, ok := store[constants.EnvKeyMicrosoftClientID]; ok {
+		res.MicrosoftClientID = refs.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyMicrosoftClientSecret]; ok {
+		res.MicrosoftClientSecret = refs.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyMicrosoftActiveDirectoryTenantID]; ok {
+		res.MicrosoftActiveDirectoryTenantID = refs.NewStringRef(val.(string))
+	}
 
 	if val, ok := store[constants.EnvKeyOrganizationName]; ok {
 		res.OrganizationName = refs.NewStringRef(val.(string))

server/resolvers/forgot_password.go

@@ -94,7 +94,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		return res, err
 	}
 
-	// exec it as go routine so that we can reduce the api latency
+	// execute it as go routine so that we can reduce the api latency
 	go email.SendEmail([]string{params.Email}, constants.VerificationTypeForgotPassword, map[string]interface{}{
 		"user":             user.ToMap(),
 		"organization":     utils.GetOrganization(),

server/resolvers/invite_members.go

@@ -48,7 +48,15 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	}
 
 	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Failed to get is basic auth disabled")
+		return nil, err
+	}
 	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
+	if err != nil {
+		log.Debug("Failed to get is magic link login disabled")
+		return nil, err
+	}
 	if isBasicAuthDisabled && isMagicLinkLoginDisabled {
 		log.Debug("Basic authentication and Magic link login is disabled.")
 		return nil, errors.New("either basic authentication or magic link login is required")

server/resolvers/login.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/bcrypt"
 
@@ -140,12 +141,43 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		}, nil
 	}
 
-	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth)
+	code := ""
+	codeChallenge := ""
+	nonce := ""
+	if params.State != nil {
+		// Get state from store
+		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+		if authorizeState != "" {
+			authorizeStateSplit := strings.Split(authorizeState, "@@")
+			if len(authorizeStateSplit) > 1 {
+				code = authorizeStateSplit[0]
+				codeChallenge = authorizeStateSplit[1]
+			} else {
+				nonce = authorizeState
+			}
+			go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+		}
+	}
+
+	if nonce == "" {
+		nonce = uuid.New().String()
+	}
+
+	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, code)
 	if err != nil {
 		log.Debug("Failed to create auth token", err)
 		return res, err
 	}
 
+	// TODO add to other login options as well
+	// Code challenge could be optional if PKCE flow is not used
+	if code != "" {
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
+
 	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 	if expiresIn <= 0 {
 		expiresIn = 1

server/resolvers/magic_link_login.go

@@ -15,6 +15,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/parsers"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/authorizerdev/authorizer/server/validators"
@@ -185,7 +186,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		}
 		redirectURLParams := "&roles=" + strings.Join(inputRoles, ",")
 		if params.State != nil {
-			redirectURLParams = redirectURLParams + "&state=" + *params.State
+			redirectURLParams = redirectURLParams + "&state=" + refs.StringValue(params.State)
 		}
 		if params.Scope != nil && len(params.Scope) > 0 {
 			redirectURLParams = redirectURLParams + "&scope=" + strings.Join(params.Scope, " ")

server/resolvers/meta.go

@@ -89,6 +89,24 @@ func MetaResolver(ctx context.Context) (*model.Meta, error) {
 		twitterClientSecret = ""
 	}
 
+	microsoftClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientID)
+	if err != nil {
+		log.Debug("Failed to get Microsoft Client ID from environment variable", err)
+		microsoftClientID = ""
+	}
+
+	microsoftClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientSecret)
+	if err != nil {
+		log.Debug("Failed to get Microsoft Client Secret from environment variable", err)
+		microsoftClientSecret = ""
+	}
+
+	microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
+	if err != nil {
+		log.Debug("Failed to get Microsoft Active Directory Tenant ID from environment variable", err)
+		microsoftActiveDirTenantID = ""
+	}
+
 	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
 	if err != nil {
 		log.Debug("Failed to get Disable Basic Authentication from environment variable", err)
@@ -134,6 +152,7 @@ func MetaResolver(ctx context.Context) (*model.Meta, error) {
 		IsLinkedinLoginEnabled:       linkedClientID != "" && linkedInClientSecret != "",
 		IsAppleLoginEnabled:          appleClientID != "" && appleClientSecret != "",
 		IsTwitterLoginEnabled:        twitterClientID != "" && twitterClientSecret != "",
+		IsMicrosoftLoginEnabled:      microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "",
 		IsBasicAuthenticationEnabled: !isBasicAuthDisabled,
 		IsEmailVerificationEnabled:   !isEmailVerificationDisabled,
 		IsMagicLinkLoginEnabled:      !isMagicLinkLoginDisabled,

server/resolvers/mobile_login.go

@@ -0,0 +1,216 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/cookie"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
+)
+
+// MobileLoginResolver is a resolver for mobile login mutation
+func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*model.AuthResponse, error) {
+	var res *model.AuthResponse
+
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return res, err
+	}
+
+	isBasiAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting mobile basic auth disabled: ", err)
+		isBasiAuthDisabled = true
+	}
+
+	if isBasiAuthDisabled {
+		log.Debug("Basic authentication is disabled.")
+		return res, fmt.Errorf(`phone number based basic authentication is disabled for this instance`)
+	}
+
+	log := log.WithFields(log.Fields{
+		"phone_number": params.PhoneNumber,
+	})
+
+	user, err := db.Provider.GetUserByPhoneNumber(ctx, params.PhoneNumber)
+	if err != nil {
+		log.Debug("Failed to get user by phone number: ", err)
+		return res, fmt.Errorf(`bad user credentials`)
+	}
+
+	if user.RevokedTimestamp != nil {
+		log.Debug("User access is revoked")
+		return res, fmt.Errorf(`user access has been revoked`)
+	}
+
+	if !strings.Contains(user.SignupMethods, constants.AuthRecipeMethodMobileBasicAuth) {
+		log.Debug("User signup method is not mobile basic auth")
+		return res, fmt.Errorf(`user has not signed up with phone number & password`)
+	}
+
+	if user.PhoneNumberVerifiedAt == nil {
+		log.Debug("User phone number is not verified")
+		return res, fmt.Errorf(`phone number is not verified`)
+	}
+
+	err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password))
+
+	if err != nil {
+		log.Debug("Failed to compare password: ", err)
+		return res, fmt.Errorf(`bad user credentials`)
+	}
+
+	defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+	roles := []string{}
+	if err != nil {
+		log.Debug("Error getting default roles: ", err)
+		defaultRolesString = ""
+	} else {
+		roles = strings.Split(defaultRolesString, ",")
+	}
+
+	currentRoles := strings.Split(user.Roles, ",")
+	if len(params.Roles) > 0 {
+		if !validators.IsValidRoles(params.Roles, currentRoles) {
+			log.Debug("Invalid roles: ", params.Roles)
+			return res, fmt.Errorf(`invalid roles`)
+		}
+
+		roles = params.Roles
+	}
+
+	scope := []string{"openid", "email", "profile"}
+	if params.Scope != nil && len(scope) > 0 {
+		scope = params.Scope
+	}
+
+	/*
+		// TODO use sms authentication for MFA
+		isEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
+		if err != nil || !isEmailServiceEnabled {
+			log.Debug("Email service not enabled: ", err)
+		}
+
+		isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
+		if err != nil || !isEmailServiceEnabled {
+			log.Debug("MFA service not enabled: ", err)
+		}
+
+		// If email service is not enabled continue the process in any way
+		if refs.BoolValue(user.IsMultiFactorAuthEnabled) && isEmailServiceEnabled && !isMFADisabled {
+			otp := utils.GenerateOTP()
+			otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
+				Email:     user.Email,
+				Otp:       otp,
+				ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
+			})
+			if err != nil {
+				log.Debug("Failed to add otp: ", err)
+				return nil, err
+			}
+
+			go func() {
+				// exec it as go routine so that we can reduce the api latency
+				go email.SendEmail([]string{params.PhoneNumber}, constants.VerificationTypeOTP, map[string]interface{}{
+					"user":         user.ToMap(),
+					"organization": utils.GetOrganization(),
+					"otp":          otpData.Otp,
+				})
+				if err != nil {
+					log.Debug("Failed to send otp email: ", err)
+				}
+			}()
+
+			return &model.AuthResponse{
+				Message:             "Please check the OTP in your inbox",
+				ShouldShowOtpScreen: refs.NewBoolRef(true),
+			}, nil
+		}
+	*/
+
+	code := ""
+	codeChallenge := ""
+	nonce := ""
+	if params.State != nil {
+		// Get state from store
+		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+		if authorizeState != "" {
+			authorizeStateSplit := strings.Split(authorizeState, "@@")
+			if len(authorizeStateSplit) > 1 {
+				code = authorizeStateSplit[0]
+				codeChallenge = authorizeStateSplit[1]
+			} else {
+				nonce = authorizeState
+			}
+			go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+		}
+	}
+
+	if nonce == "" {
+		nonce = uuid.New().String()
+	}
+
+	authToken, err := token.CreateAuthToken(gc, *user, roles, scope, constants.AuthRecipeMethodMobileBasicAuth, nonce, code)
+	if err != nil {
+		log.Debug("Failed to create auth token", err)
+		return res, err
+	}
+
+	// TODO add to other login options as well
+	// Code challenge could be optional if PKCE flow is not used
+	if code != "" {
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
+
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
+	res = &model.AuthResponse{
+		Message:     `Logged in successfully`,
+		AccessToken: &authToken.AccessToken.Token,
+		IDToken:     &authToken.IDToken.Token,
+		ExpiresIn:   &expiresIn,
+		User:        user.AsAPIUser(),
+	}
+
+	cookie.SetSession(gc, authToken.FingerPrintHash)
+	sessionStoreKey := constants.AuthRecipeMethodMobileBasicAuth + ":" + user.ID
+	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
+
+	if authToken.RefreshToken != nil {
+		res.RefreshToken = &authToken.RefreshToken.Token
+		memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
+	}
+
+	go func() {
+		utils.RegisterEvent(ctx, constants.UserLoginWebhookEvent, constants.AuthRecipeMethodMobileBasicAuth, *user)
+		db.Provider.AddSession(ctx, models.Session{
+			UserID:    user.ID,
+			UserAgent: utils.GetUserAgent(gc.Request),
+			IP:        utils.GetIP(gc.Request),
+		})
+	}()
+
+	return res, nil
+}

server/resolvers/mobile_signup.go

@@ -0,0 +1,270 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/cookie"
+	"github.com/authorizerdev/authorizer/server/crypto"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
+)
+
+// MobileSignupResolver is a resolver for mobile_basic_auth_signup mutation
+func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput) (*model.AuthResponse, error) {
+	var res *model.AuthResponse
+
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return res, err
+	}
+
+	isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+	if err != nil {
+		log.Debug("Error getting signup disabled: ", err)
+		isSignupDisabled = true
+	}
+	if isSignupDisabled {
+		log.Debug("Signup is disabled")
+		return res, fmt.Errorf(`signup is disabled for this instance`)
+	}
+
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+
+	if isBasicAuthDisabled {
+		log.Debug("Mobile based Basic authentication is disabled")
+		return res, fmt.Errorf(`phone number based basic authentication is disabled for this instance`)
+	}
+
+	if params.ConfirmPassword != params.Password {
+		log.Debug("Passwords do not match")
+		return res, fmt.Errorf(`password and confirm password does not match`)
+	}
+
+	if err := validators.IsValidPassword(params.Password); err != nil {
+		log.Debug("Invalid password")
+		return res, err
+	}
+
+	mobile := strings.TrimSpace(params.PhoneNumber)
+	if mobile == "" || len(mobile) < 10 {
+		log.Debug("Invalid phone number")
+		return res, fmt.Errorf("invalid phone number")
+	}
+
+	emailInput := strings.ToLower(strings.TrimSpace(refs.StringValue(params.Email)))
+
+	// if email is null set random dummy email for db constraint
+
+	if emailInput != "" && !validators.IsValidEmail(emailInput) {
+		log.Debug("Invalid email: ", emailInput)
+		return res, fmt.Errorf(`invalid email address`)
+	}
+
+	if emailInput == "" {
+		emailInput = mobile + "@authorizer.dev"
+	}
+
+	log := log.WithFields(log.Fields{
+		"email":        emailInput,
+		"phone_number": mobile,
+	})
+	// find user with email
+	existingUser, err := db.Provider.GetUserByPhoneNumber(ctx, mobile)
+	if err != nil {
+		log.Debug("Failed to get user by email: ", err)
+	}
+
+	if existingUser != nil {
+		if existingUser.PhoneNumberVerifiedAt != nil {
+			// email is verified
+			log.Debug("Phone number is already verified and signed up.")
+			return res, fmt.Errorf(`%s has already signed up`, mobile)
+		} else if existingUser.ID != "" && existingUser.PhoneNumberVerifiedAt == nil {
+			log.Debug("Phone number is already signed up. Verification pending...")
+			return res, fmt.Errorf("%s has already signed up. please complete the phone number verification process or reset the password", mobile)
+		}
+	}
+
+	inputRoles := []string{}
+
+	if len(params.Roles) > 0 {
+		// check if roles exists
+		rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+		roles := []string{}
+		if err != nil {
+			log.Debug("Error getting roles: ", err)
+			return res, err
+		} else {
+			roles = strings.Split(rolesString, ",")
+		}
+		if !validators.IsValidRoles(params.Roles, roles) {
+			log.Debug("Invalid roles: ", params.Roles)
+			return res, fmt.Errorf(`invalid roles`)
+		} else {
+			inputRoles = params.Roles
+		}
+	} else {
+		inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			log.Debug("Error getting default roles: ", err)
+			return res, err
+		} else {
+			inputRoles = strings.Split(inputRolesString, ",")
+		}
+	}
+
+	now := time.Now().Unix()
+	user := models.User{
+		Email:                 emailInput,
+		PhoneNumber:           &mobile,
+		PhoneNumberVerifiedAt: &now,
+	}
+
+	user.Roles = strings.Join(inputRoles, ",")
+
+	password, _ := crypto.EncryptPassword(params.Password)
+	user.Password = &password
+
+	if params.GivenName != nil {
+		user.GivenName = params.GivenName
+	}
+
+	if params.FamilyName != nil {
+		user.FamilyName = params.FamilyName
+	}
+
+	if params.MiddleName != nil {
+		user.MiddleName = params.MiddleName
+	}
+
+	if params.Nickname != nil {
+		user.Nickname = params.Nickname
+	}
+
+	if params.Gender != nil {
+		user.Gender = params.Gender
+	}
+
+	if params.Birthdate != nil {
+		user.Birthdate = params.Birthdate
+	}
+
+	if params.Picture != nil {
+		user.Picture = params.Picture
+	}
+
+	if params.IsMultiFactorAuthEnabled != nil {
+		user.IsMultiFactorAuthEnabled = params.IsMultiFactorAuthEnabled
+	}
+
+	isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)
+	if err != nil {
+		log.Debug("MFA service not enabled: ", err)
+		isMFAEnforced = false
+	}
+
+	if isMFAEnforced {
+		user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
+	}
+
+	user.SignupMethods = constants.AuthRecipeMethodMobileBasicAuth
+	user, err = db.Provider.AddUser(ctx, user)
+	if err != nil {
+		log.Debug("Failed to add user: ", err)
+		return res, err
+	}
+	roles := strings.Split(user.Roles, ",")
+	userToReturn := user.AsAPIUser()
+
+	scope := []string{"openid", "email", "profile"}
+	if params.Scope != nil && len(scope) > 0 {
+		scope = params.Scope
+	}
+
+	code := ""
+	codeChallenge := ""
+	nonce := ""
+	if params.State != nil {
+		// Get state from store
+		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+		if authorizeState != "" {
+			authorizeStateSplit := strings.Split(authorizeState, "@@")
+			if len(authorizeStateSplit) > 1 {
+				code = authorizeStateSplit[0]
+				codeChallenge = authorizeStateSplit[1]
+			} else {
+				nonce = authorizeState
+			}
+			go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+		}
+	}
+
+	if nonce == "" {
+		nonce = uuid.New().String()
+	}
+
+	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodMobileBasicAuth, nonce, code)
+	if err != nil {
+		log.Debug("Failed to create auth token: ", err)
+		return res, err
+	}
+
+	// Code challenge could be optional if PKCE flow is not used
+	if code != "" {
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
+
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
+	res = &model.AuthResponse{
+		Message:     `Signed up successfully.`,
+		AccessToken: &authToken.AccessToken.Token,
+		ExpiresIn:   &expiresIn,
+		User:        userToReturn,
+	}
+
+	sessionKey := constants.AuthRecipeMethodMobileBasicAuth + ":" + user.ID
+	cookie.SetSession(gc, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
+
+	if authToken.RefreshToken != nil {
+		res.RefreshToken = &authToken.RefreshToken.Token
+		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
+	}
+
+	go func() {
+		utils.RegisterEvent(ctx, constants.UserSignUpWebhookEvent, constants.AuthRecipeMethodMobileBasicAuth, user)
+		db.Provider.AddSession(ctx, models.Session{
+			UserID:    user.ID,
+			UserAgent: utils.GetUserAgent(gc.Request),
+			IP:        utils.GetIP(gc.Request),
+		})
+	}()
+
+	return res, nil
+}

server/resolvers/session.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -70,7 +71,8 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
 		scope = params.Scope
 	}
 
-	authToken, err := token.CreateAuthToken(gc, user, claimRoles, scope, claims.LoginMethod)
+	nonce := uuid.New().String()
+	authToken, err := token.CreateAuthToken(gc, user, claimRoles, scope, claims.LoginMethod, nonce, "")
 	if err != nil {
 		log.Debug("Failed to create auth token: ", err)
 		return res, err

server/resolvers/signup.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -242,12 +243,42 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 			scope = params.Scope
 		}
 
-		authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth)
+		code := ""
+		codeChallenge := ""
+		nonce := ""
+		if params.State != nil {
+			// Get state from store
+			authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+			if authorizeState != "" {
+				authorizeStateSplit := strings.Split(authorizeState, "@@")
+				if len(authorizeStateSplit) > 1 {
+					code = authorizeStateSplit[0]
+					codeChallenge = authorizeStateSplit[1]
+				} else {
+					nonce = authorizeState
+				}
+				go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+			}
+		}
+
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+
+		authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, code)
 		if err != nil {
 			log.Debug("Failed to create auth token: ", err)
 			return res, err
 		}
 
+		// Code challenge could be optional if PKCE flow is not used
+		if code != "" {
+			if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+				log.Debug("SetState failed: ", err)
+				return res, err
+			}
+		}
+
 		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 		if expiresIn <= 0 {
 			expiresIn = 1

server/resolvers/update_env.go

@@ -25,6 +25,7 @@ import (
 // remove the session tokens for those methods
 func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 	isCurrentBasicAuthEnabled := !currentData[constants.EnvKeyDisableBasicAuthentication].(bool)
+	isCurrentMobileBasicAuthEnabled := !currentData[constants.EnvKeyDisableMobileBasicAuthentication].(bool)
 	isCurrentMagicLinkLoginEnabled := !currentData[constants.EnvKeyDisableMagicLinkLogin].(bool)
 	isCurrentAppleLoginEnabled := currentData[constants.EnvKeyAppleClientID] != nil && currentData[constants.EnvKeyAppleClientSecret] != nil && currentData[constants.EnvKeyAppleClientID].(string) != "" && currentData[constants.EnvKeyAppleClientSecret].(string) != ""
 	isCurrentFacebookLoginEnabled := currentData[constants.EnvKeyFacebookClientID] != nil && currentData[constants.EnvKeyFacebookClientSecret] != nil && currentData[constants.EnvKeyFacebookClientID].(string) != "" && currentData[constants.EnvKeyFacebookClientSecret].(string) != ""
@@ -32,8 +33,10 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 	isCurrentGithubLoginEnabled := currentData[constants.EnvKeyGithubClientID] != nil && currentData[constants.EnvKeyGithubClientSecret] != nil && currentData[constants.EnvKeyGithubClientID].(string) != "" && currentData[constants.EnvKeyGithubClientSecret].(string) != ""
 	isCurrentLinkedInLoginEnabled := currentData[constants.EnvKeyLinkedInClientID] != nil && currentData[constants.EnvKeyLinkedInClientSecret] != nil && currentData[constants.EnvKeyLinkedInClientID].(string) != "" && currentData[constants.EnvKeyLinkedInClientSecret].(string) != ""
 	isCurrentTwitterLoginEnabled := currentData[constants.EnvKeyTwitterClientID] != nil && currentData[constants.EnvKeyTwitterClientSecret] != nil && currentData[constants.EnvKeyTwitterClientID].(string) != "" && currentData[constants.EnvKeyTwitterClientSecret].(string) != ""
+	isCurrentMicrosoftLoginEnabled := currentData[constants.EnvKeyMicrosoftClientID] != nil && currentData[constants.EnvKeyMicrosoftClientSecret] != nil && currentData[constants.EnvKeyMicrosoftActiveDirectoryTenantID] != nil && currentData[constants.EnvKeyMicrosoftClientID].(string) != "" && currentData[constants.EnvKeyMicrosoftClientSecret].(string) != "" && currentData[constants.EnvKeyMicrosoftActiveDirectoryTenantID].(string) != ""
 
 	isUpdatedBasicAuthEnabled := !updatedData[constants.EnvKeyDisableBasicAuthentication].(bool)
+	isUpdatedMobileBasicAuthEnabled := !updatedData[constants.EnvKeyDisableMobileBasicAuthentication].(bool)
 	isUpdatedMagicLinkLoginEnabled := !updatedData[constants.EnvKeyDisableMagicLinkLogin].(bool)
 	isUpdatedAppleLoginEnabled := updatedData[constants.EnvKeyAppleClientID] != nil && updatedData[constants.EnvKeyAppleClientSecret] != nil && updatedData[constants.EnvKeyAppleClientID].(string) != "" && updatedData[constants.EnvKeyAppleClientSecret].(string) != ""
 	isUpdatedFacebookLoginEnabled := updatedData[constants.EnvKeyFacebookClientID] != nil && updatedData[constants.EnvKeyFacebookClientSecret] != nil && updatedData[constants.EnvKeyFacebookClientID].(string) != "" && updatedData[constants.EnvKeyFacebookClientSecret].(string) != ""
@@ -41,11 +44,16 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 	isUpdatedGithubLoginEnabled := updatedData[constants.EnvKeyGithubClientID] != nil && updatedData[constants.EnvKeyGithubClientSecret] != nil && updatedData[constants.EnvKeyGithubClientID].(string) != "" && updatedData[constants.EnvKeyGithubClientSecret].(string) != ""
 	isUpdatedLinkedInLoginEnabled := updatedData[constants.EnvKeyLinkedInClientID] != nil && updatedData[constants.EnvKeyLinkedInClientSecret] != nil && updatedData[constants.EnvKeyLinkedInClientID].(string) != "" && updatedData[constants.EnvKeyLinkedInClientSecret].(string) != ""
 	isUpdatedTwitterLoginEnabled := updatedData[constants.EnvKeyTwitterClientID] != nil && updatedData[constants.EnvKeyTwitterClientSecret] != nil && updatedData[constants.EnvKeyTwitterClientID].(string) != "" && updatedData[constants.EnvKeyTwitterClientSecret].(string) != ""
+	isUpdatedMicrosoftLoginEnabled := updatedData[constants.EnvKeyMicrosoftClientID] != nil && updatedData[constants.EnvKeyMicrosoftClientSecret] != nil && updatedData[constants.EnvKeyMicrosoftActiveDirectoryTenantID] != nil && updatedData[constants.EnvKeyMicrosoftClientID].(string) != "" && updatedData[constants.EnvKeyMicrosoftClientSecret].(string) != "" && updatedData[constants.EnvKeyMicrosoftActiveDirectoryTenantID].(string) != ""
 
 	if isCurrentBasicAuthEnabled && !isUpdatedBasicAuthEnabled {
 		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodBasicAuth)
 	}
 
+	if isCurrentMobileBasicAuthEnabled && !isUpdatedMobileBasicAuthEnabled {
+		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodMobileBasicAuth)
+	}
+
 	if isCurrentMagicLinkLoginEnabled && !isUpdatedMagicLinkLoginEnabled {
 		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodMagicLinkLogin)
 	}
@@ -73,6 +81,10 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 	if isCurrentTwitterLoginEnabled && !isUpdatedTwitterLoginEnabled {
 		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodTwitter)
 	}
+
+	if isCurrentMicrosoftLoginEnabled && !isUpdatedMicrosoftLoginEnabled {
+		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodMicrosoft)
+	}
 }
 
 // UpdateEnvResolver is a resolver for update config mutation

server/resolvers/update_profile.go

@@ -88,6 +88,11 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 	}
 
 	if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {
+		// verify if phone number is unique
+		if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {
+			log.Debug("user with given phone number already exists")
+			return nil, errors.New("user with given phone number already exists")
+		}
 		user.PhoneNumber = params.PhoneNumber
 	}
 
@@ -154,8 +159,14 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 		isBasicAuthDisabled = true
 	}
 
+	isMobileBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting mobile basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+
 	if params.NewPassword != nil && params.ConfirmNewPassword != nil {
-		if isBasicAuthDisabled {
+		if isBasicAuthDisabled || isMobileBasicAuthDisabled {
 			log.Debug("Cannot update password as basic authentication is disabled")
 			return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 		}

server/resolvers/update_user.go

@@ -83,6 +83,11 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 	}
 
 	if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {
+		// verify if phone number is unique
+		if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {
+			log.Debug("user with given phone number already exists")
+			return nil, errors.New("user with given phone number already exists")
+		}
 		user.PhoneNumber = params.PhoneNumber
 	}
 
@@ -125,7 +130,6 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 			return res, fmt.Errorf("user with this email address already exists")
 		}
 
-		// TODO figure out how to do this
 		go memorystore.Provider.DeleteAllUserSessions(user.ID)
 
 		hostname := parsers.GetHost(gc)

server/resolvers/user.go

@@ -0,0 +1,36 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+// UserResolver is a resolver for user query
+// This is admin only query
+func UserResolver(ctx context.Context, params model.GetUserRequest) (*model.User, error) {
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return nil, err
+	}
+
+	if !token.IsSuperAdmin(gc) {
+		log.Debug("Not logged in as super admin.")
+		return nil, fmt.Errorf("unauthorized")
+	}
+
+	res, err := db.Provider.GetUserByID(ctx, params.ID)
+	if err != nil {
+		log.Debug("Failed to get users: ", err)
+		return nil, err
+	}
+
+	return res.AsAPIUser(), nil
+}

server/resolvers/validate_jwt_token.go

@@ -77,7 +77,16 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
 		}
 	}
 
-	claimRolesInterface := claims["roles"]
+	claimKey := "roles"
+
+	if tokenType == constants.TokenTypeIdentityToken {
+		claimKey, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtRoleClaim)
+		if err != nil {
+			claimKey = "roles"
+		}
+	}
+
+	claimRolesInterface := claims[claimKey]
 	roleSlice := utils.ConvertInterfaceToSlice(claimRolesInterface)
 	for _, v := range roleSlice {
 		claimRoles = append(claimRoles, v.(string))