[server] Add COUCHBASE_BUCKET_RAM_QUOTA

Resolves #317

Makefile

@@ -33,16 +33,24 @@ test-dynamodb:
 	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
 	cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
 	docker rm -vf dynamodb-local-test
+test-couchbase:
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
+	cd server && go clean --testcache && TEST_DBS="couchbase" go test -p 1 -v ./test
+	docker rm -vf couchbase-local-test
 test-all-db:
 	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal
 	docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
 	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
-	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
 	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb
 	docker rm -vf dynamodb-local-test
+	# docker rm -vf couchbase-local-test
 generate:
 	cd server && go run github.com/99designs/gqlgen generate && go mod tidy

app/package-lock.json

@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "^1.1.3-beta.1",
+				"@authorizerdev/authorizer-react": "^1.1.7",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -27,9 +27,9 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "1.1.2-beta.1",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.2-beta.1.tgz",
-			"integrity": "sha512-u+O2iB3tqF1HtdJ6LfBXL9iMycqlCCL3othBQkqitGP1ldhASWLJ2pcXZAcHgyoeczKdj2XKZKdIcWB3GYR0IQ==",
+			"version": "1.1.2",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.2.tgz",
+			"integrity": "sha512-22qoqBaCNMn3QRWdJXmwAZeb5X9lwhZF3y23loY0eO3xUUzBaJiltENjHynbLGCg8LGgn7UaJEKDqGfL6Rzwvg==",
 			"dependencies": {
 				"cross-fetch": "^3.1.5"
 			},
@@ -38,14 +38,11 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "1.1.3-beta.1",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.3-beta.1.tgz",
-			"integrity": "sha512-+ZsOBp6XjZVnDyeJCXgaqZ8xzFO7ygpHB6v2cblCKIA3wX5pg/Dsg1oumHGrSHIEK8No/GOtCjSx4Rv6/CweBQ==",
+			"version": "1.1.7",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.7.tgz",
+			"integrity": "sha512-JYwwOjlKjKx8RX0RLcXIhWacugBE241BDmKq4z20B2hq8xTy3cPbKC+UY3lkp+IiMtrIvHZJ9es26UR9NTUlXA==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^1.1.2-beta.1",
-				"final-form": "^4.20.2",
-				"react-final-form": "^6.5.3",
-				"styled-components": "^5.3.0"
+				"@authorizerdev/authorizer-js": "^1.1.2"
 			},
 			"engines": {
 				"node": ">=10"
@@ -469,18 +466,6 @@
 				"node": ">=0.8.0"
 			}
 		},
-		"node_modules/final-form": {
-			"version": "4.20.4",
-			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.4.tgz",
-			"integrity": "sha512-hyoOVVilPLpkTvgi+FSJkFZrh0Yhy4BhE6lk/NiBwrF4aRV8/ykKEyXYvQH/pfUbRkOosvpESYouFb+FscsLrw==",
-			"dependencies": {
-				"@babel/runtime": "^7.10.0"
-			},
-			"funding": {
-				"type": "opencollective",
-				"url": "https://opencollective.com/final-form"
-			}
-		},
 		"node_modules/globals": {
 			"version": "11.12.0",
 			"resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
@@ -673,33 +658,6 @@
 				"react": "17.0.2"
 			}
 		},
-		"node_modules/react-final-form": {
-			"version": "6.5.7",
-			"resolved": "https://registry.npmjs.org/react-final-form/-/react-final-form-6.5.7.tgz",
-			"integrity": "sha512-o7tvJXB+McGiXOILqIC8lnOcX4aLhIBiF/Xi9Qet35b7XOS8R7KL8HLRKTfnZWQJm6MCE15v1U0SFive0NcxyA==",
-			"dependencies": {
-				"@babel/runtime": "^7.15.4"
-			},
-			"funding": {
-				"type": "opencollective",
-				"url": "https://opencollective.com/final-form"
-			},
-			"peerDependencies": {
-				"final-form": "4.20.4",
-				"react": "^16.8.0 || ^17.0.0"
-			}
-		},
-		"node_modules/react-final-form/node_modules/@babel/runtime": {
-			"version": "7.16.7",
-			"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.7.tgz",
-			"integrity": "sha512-9E9FJowqAsytyOY6LG+1KuueckRL+aQW+mKvXRXnuFGyRAyepJPmEo9vgMfXUA6O9u3IeEdv9MAkppFcaQwogQ==",
-			"dependencies": {
-				"regenerator-runtime": "^0.13.4"
-			},
-			"engines": {
-				"node": ">=6.9.0"
-			}
-		},
 		"node_modules/react-is": {
 			"version": "17.0.2",
 			"resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
@@ -876,22 +834,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "1.1.2-beta.1",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.2-beta.1.tgz",
-			"integrity": "sha512-u+O2iB3tqF1HtdJ6LfBXL9iMycqlCCL3othBQkqitGP1ldhASWLJ2pcXZAcHgyoeczKdj2XKZKdIcWB3GYR0IQ==",
+			"version": "1.1.2",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.2.tgz",
+			"integrity": "sha512-22qoqBaCNMn3QRWdJXmwAZeb5X9lwhZF3y23loY0eO3xUUzBaJiltENjHynbLGCg8LGgn7UaJEKDqGfL6Rzwvg==",
 			"requires": {
 				"cross-fetch": "^3.1.5"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "1.1.3-beta.1",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.3-beta.1.tgz",
-			"integrity": "sha512-+ZsOBp6XjZVnDyeJCXgaqZ8xzFO7ygpHB6v2cblCKIA3wX5pg/Dsg1oumHGrSHIEK8No/GOtCjSx4Rv6/CweBQ==",
+			"version": "1.1.7",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.7.tgz",
+			"integrity": "sha512-JYwwOjlKjKx8RX0RLcXIhWacugBE241BDmKq4z20B2hq8xTy3cPbKC+UY3lkp+IiMtrIvHZJ9es26UR9NTUlXA==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^1.1.2-beta.1",
-				"final-form": "^4.20.2",
-				"react-final-form": "^6.5.3",
-				"styled-components": "^5.3.0"
+				"@authorizerdev/authorizer-js": "^1.1.2"
 			}
 		},
 		"@babel/code-frame": {
@@ -1231,14 +1186,6 @@
 			"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
 			"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
 		},
-		"final-form": {
-			"version": "4.20.4",
-			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.4.tgz",
-			"integrity": "sha512-hyoOVVilPLpkTvgi+FSJkFZrh0Yhy4BhE6lk/NiBwrF4aRV8/ykKEyXYvQH/pfUbRkOosvpESYouFb+FscsLrw==",
-			"requires": {
-				"@babel/runtime": "^7.10.0"
-			}
-		},
 		"globals": {
 			"version": "11.12.0",
 			"resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
@@ -1387,24 +1334,6 @@
 				"scheduler": "^0.20.2"
 			}
 		},
-		"react-final-form": {
-			"version": "6.5.7",
-			"resolved": "https://registry.npmjs.org/react-final-form/-/react-final-form-6.5.7.tgz",
-			"integrity": "sha512-o7tvJXB+McGiXOILqIC8lnOcX4aLhIBiF/Xi9Qet35b7XOS8R7KL8HLRKTfnZWQJm6MCE15v1U0SFive0NcxyA==",
-			"requires": {
-				"@babel/runtime": "^7.15.4"
-			},
-			"dependencies": {
-				"@babel/runtime": {
-					"version": "7.16.7",
-					"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.7.tgz",
-					"integrity": "sha512-9E9FJowqAsytyOY6LG+1KuueckRL+aQW+mKvXRXnuFGyRAyepJPmEo9vgMfXUA6O9u3IeEdv9MAkppFcaQwogQ==",
-					"requires": {
-						"regenerator-runtime": "^0.13.4"
-					}
-				}
-			}
-		},
 		"react-is": {
 			"version": "17.0.2",
 			"resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",

app/package.json

@@ -12,7 +12,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^1.1.3",
+		"@authorizerdev/authorizer-react": "^1.1.7",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",

dashboard/src/components/DeleteEmailTemplateModal.tsx

@@ -44,7 +44,7 @@ const DeleteEmailTemplateModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -53,7 +53,7 @@ const DeleteEmailTemplateModal = ({
 				title: capitalizeFirstLetter(res.data?._delete_email_template.message),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/DeleteUserModal.tsx

@@ -51,7 +51,7 @@ const DeleteUserModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -60,7 +60,7 @@ const DeleteUserModal = ({
 				title: capitalizeFirstLetter(res.data?._delete_user.message),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/DeleteWebhookModal.tsx

@@ -44,7 +44,7 @@ const DeleteWebhookModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -53,7 +53,7 @@ const DeleteWebhookModal = ({
 				title: capitalizeFirstLetter(res.data?._delete_webhook.message),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/EditUserModal.tsx

@@ -104,14 +104,14 @@ const EditUserModal = ({
 				title: 'User data update failed',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (res.data?._update_user?.id) {
 			toast({
 				title: 'User data update successful',
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		onClose();

dashboard/src/components/EnvComponents/JWTConfiguration.tsx

@@ -43,7 +43,7 @@ const JSTConfigurations = ({
 				title: `JWT config copied successfully`,
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} catch (err) {
 			console.error({
@@ -54,7 +54,7 @@ const JSTConfigurations = ({
 				title: `Failed to copy JWT config`,
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 	};

dashboard/src/components/GenerateKeysModal.tsx

@@ -73,7 +73,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 					title: 'Error occurred generating jwt keys',
 					isClosable: true,
 					status: 'error',
-					position: 'bottom-right',
+					position: 'top-right',
 				});
 				closeHandler();
 			} else {
@@ -107,7 +107,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 				title: 'Error occurred setting jwt keys',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 
 			return;
@@ -116,7 +116,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 			title: 'JWT keys updated successfully',
 			isClosable: true,
 			status: 'success',
-			position: 'bottom-right',
+			position: 'top-right',
 		});
 		closeHandler();
 	};

dashboard/src/components/InviteMembersModal.tsx

@@ -105,7 +105,7 @@ const InviteMembersModal = ({
 					title: 'Invites sent successfully!',
 					isClosable: true,
 					status: 'success',
-					position: 'bottom-right',
+					position: 'top-right',
 				});
 				setLoading(false);
 				updateUserList();
@@ -117,7 +117,7 @@ const InviteMembersModal = ({
 				title: error?.message || 'Error occurred, try again!',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			setLoading(false);
 		}

dashboard/src/components/UpdateEmailTemplateModal.tsx

@@ -173,7 +173,7 @@ const UpdateEmailTemplate = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (
 			res.data?._add_email_template ||
@@ -186,7 +186,7 @@ const UpdateEmailTemplate = ({
 				),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			setTemplateData({
 				...initTemplateData,

dashboard/src/components/UpdateWebhookModal.tsx

@@ -290,7 +290,7 @@ const UpdateWebhookModal = ({
 				title: capitalizeFirstLetter(res.error.message),
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (res.data?._add_webhook || res.data?._update_webhook) {
 			toast({
@@ -299,7 +299,7 @@ const UpdateWebhookModal = ({
 				),
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			setWebhook({
 				...initWebhookData,

dashboard/src/pages/Auth.tsx

@@ -57,7 +57,7 @@ export default function Auth() {
 					title: capitalizeFirstLetter(error.message),
 					isClosable: true,
 					status: 'error',
-					position: 'bottom-right',
+					position: 'top-right',
 				});
 			});
 		}

dashboard/src/pages/Environment.tsx

@@ -203,7 +203,7 @@ const Environment = () => {
 			} variables`,
 			isClosable: true,
 			status: 'success',
-			position: 'bottom-right',
+			position: 'top-right',
 		});
 	};
 

dashboard/src/pages/Users.tsx

@@ -180,14 +180,14 @@ export default function Users() {
 				title: 'User verification failed',
 				isClosable: true,
 				status: 'error',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		} else if (res.data?._update_user?.id) {
 			toast({
 				title: 'User verification successful',
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 		}
 		updateUserList();
@@ -211,14 +211,14 @@ export default function Users() {
 						title: 'User access enable failed',
 						isClosable: true,
 						status: 'error',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				} else {
 					toast({
 						title: 'User access enabled successfully',
 						isClosable: true,
 						status: 'success',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				}
 				updateUserList();
@@ -236,14 +236,14 @@ export default function Users() {
 						title: 'User access revoke failed',
 						isClosable: true,
 						status: 'error',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				} else {
 					toast({
 						title: 'User access revoked successfully',
 						isClosable: true,
 						status: 'success',
-						position: 'bottom-right',
+						position: 'top-right',
 					});
 				}
 				updateUserList();
@@ -268,7 +268,7 @@ export default function Users() {
 				} for user`,
 				isClosable: true,
 				status: 'success',
-				position: 'bottom-right',
+				position: 'top-right',
 			});
 			updateUserList();
 			return;
@@ -277,7 +277,7 @@ export default function Users() {
 			title: 'Multi factor authentication update failed for user',
 			isClosable: true,
 			status: 'error',
-			position: 'bottom-right',
+			position: 'top-right',
 		});
 	};
 

scripts/couchbase-test.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -x
+set -m
+
+sleep 15
+
+# Setup index and memory quota
+# curl -v -X POST http://127.0.0.1:8091/pools/default -d memoryQuota=300 -d indexMemoryQuota=300
+
+# Setup services
+curl -v http://127.0.0.1:8091/node/controller/setupServices -d services=kv%2Cn1ql%2Cindex
+
+# Setup credentials
+curl -v http://127.0.0.1:8091/settings/web -d port=8091 -d username=Administrator -d password=password
+
+# Setup Memory Optimized Indexes
+curl -i -u Administrator:password -X POST http://127.0.0.1:8091/settings/indexes -d 'storageMode=memory_optimized'
+
+# Load travel-sample bucket
+#curl -v -u Administrator:password -X POST http://127.0.0.1:8091/sampleBuckets/install -d '["travel-sample"]'
+
+echo "Type: $TYPE"
+
+if [ "$TYPE" = "WORKER" ]; then
+  echo "Sleeping ..."
+  sleep 15
+
+  #IP=`hostname -s`
+  IP=`hostname -I | cut -d ' ' -f1`
+  echo "IP: " $IP
+
+  echo "Auto Rebalance: $AUTO_REBALANCE"
+  if [ "$AUTO_REBALANCE" = "true" ]; then
+    couchbase-cli rebalance --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
+  else
+    couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
+  fi;
+fi;

server/constants/auth_methods.go

@@ -3,6 +3,8 @@ package constants
 const (
 	// AuthRecipeMethodBasicAuth is the basic_auth auth method
 	AuthRecipeMethodBasicAuth = "basic_auth"
+	// AuthRecipeMethodMobileBasicAuth is the mobile basic_auth method, where user can signup using mobile number and password
+	AuthRecipeMethodMobileBasicAuth = "mobile_basic_auth"
 	// AuthRecipeMethodMagicLinkLogin is the magic_link_login auth method
 	AuthRecipeMethodMagicLinkLogin = "magic_link_login"
 	// AuthRecipeMethodGoogle is the google auth method

server/constants/db_types.go

@@ -27,4 +27,6 @@ const (
 	DbTypePlanetScaleDB = "planetscale"
 	// DbTypeDynamoDB is the Dynamo database type
 	DbTypeDynamoDB = "dynamodb"
+	// DbTypeCouchbaseDB is the Couchbase database type
+	DbTypeCouchbaseDB = "couchbase"
 )

server/constants/env.go

@@ -43,6 +43,13 @@ const (
 	EnvKeyDatabaseCertKey = "DATABASE_CERT_KEY"
 	// EnvKeyDatabaseCACert key for env variable DATABASE_CA_CERT
 	EnvKeyDatabaseCACert = "DATABASE_CA_CERT"
+	// EnvCouchbaseBucket key for env variable COUCHBASE_BUCKET
+	EnvCouchbaseBucket = "COUCHBASE_BUCKET"
+	// EnvCouchbaseBucketRAMQuotaMB key for env variable COUCHBASE_BUCKET_RAM_QUOTA
+	// This value should be parsed as number
+	EnvCouchbaseBucketRAMQuotaMB = "COUCHBASE_BUCKET_RAM_QUOTA"
+	// EnvCouchbaseBucket key for env variable COUCHBASE_SCOPE
+	EnvCouchbaseScope = "COUCHBASE_SCOPE"
 	// EnvKeySmtpHost key for env variable SMTP_HOST
 	EnvKeySmtpHost = "SMTP_HOST"
 	// EnvKeySmtpPort key for env variable SMTP_PORT
@@ -125,6 +132,8 @@ const (
 	EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION"
 	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH
 	EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION"
+	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_MOBILE_BASIC_AUTH
+	EnvKeyDisableMobileBasicAuthentication = "DISABLE_MOBILE_BASIC_AUTHENTICATION"
 	// EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN
 	EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN"
 	// EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE

server/db/db.go

@@ -7,6 +7,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/providers"
 	"github.com/authorizerdev/authorizer/server/db/providers/arangodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/cassandradb"
+	"github.com/authorizerdev/authorizer/server/db/providers/couchbase"
 	"github.com/authorizerdev/authorizer/server/db/providers/dynamodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/mongodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/sql"
@@ -21,11 +22,12 @@ func InitDB() error {
 
 	envs := memorystore.RequiredEnvStoreObj.GetRequiredEnv()
 
-	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB
+	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB && envs.DatabaseType != constants.DbTypeCouchbaseDB
 	isArangoDB := envs.DatabaseType == constants.DbTypeArangodb
 	isMongoDB := envs.DatabaseType == constants.DbTypeMongodb
 	isCassandra := envs.DatabaseType == constants.DbTypeCassandraDB || envs.DatabaseType == constants.DbTypeScyllaDB
 	isDynamoDB := envs.DatabaseType == constants.DbTypeDynamoDB
+	isCouchbaseDB := envs.DatabaseType == constants.DbTypeCouchbaseDB
 
 	if isSQL {
 		log.Info("Initializing SQL Driver for: ", envs.DatabaseType)
@@ -72,5 +74,14 @@ func InitDB() error {
 		}
 	}
 
+	if isCouchbaseDB {
+		log.Info("Initializing CouchbaseDB Driver for: ", envs.DatabaseType)
+		Provider, err = couchbase.NewProvider()
+		if err != nil {
+			log.Fatal("Failed to initialize Couchbase driver: ", err)
+			return err
+		}
+	}
+
 	return nil
 }

server/db/models/env.go

@@ -4,10 +4,11 @@ package models
 
 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
-	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
-	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	Key           string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID            string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData       string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash          string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs.
+	UpdatedAt     int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt     int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }

server/db/providers/arangodb/user.go

@@ -15,6 +15,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 )
 
 // AddUser to save user information in database
@@ -32,6 +33,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil && u.ID != user.ID {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 	userCollection, _ := p.db.Collection(ctx, models.Collections.User)
@@ -48,6 +55,7 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 // UpdateUser to update user information in database
 func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
 	user.UpdatedAt = time.Now().Unix()
+
 	collection, _ := p.db.Collection(ctx, models.Collections.User)
 	meta, err := collection.UpdateDocument(ctx, user.Key, user)
 	if err != nil {
@@ -211,3 +219,34 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user models.User
+
+	query := fmt.Sprintf("FOR d in %s FILTER d.phone_number == @phone_number RETURN d", models.Collections.User)
+	bindVars := map[string]interface{}{
+		"phone_number": phoneNumber,
+	}
+
+	cursor, err := p.db.Query(ctx, query, bindVars)
+	if err != nil {
+		return nil, err
+	}
+	defer cursor.Close()
+
+	for {
+		if !cursor.HasMore() {
+			if user.Key == "" {
+				return nil, fmt.Errorf("user not found")
+			}
+			break
+		}
+		_, err := cursor.ReadDocument(ctx, &user)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &user, nil
+}

server/db/providers/cassandradb/provider.go

@@ -161,6 +161,12 @@ func NewProvider() (*provider, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	userPhoneNumberIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_user_phone_number ON %s.%s (phone_number)", KeySpace, models.Collections.User)
+	err = session.Query(userPhoneNumberIndexQuery).Exec()
+	if err != nil {
+		return nil, err
+	}
 	// add is_multi_factor_auth_enabled on users table
 	userTableAlterQuery := fmt.Sprintf(`ALTER TABLE %s.%s ADD is_multi_factor_auth_enabled boolean`, KeySpace, models.Collections.User)
 	err = session.Query(userTableAlterQuery).Exec()

server/db/providers/cassandradb/user.go

@@ -12,6 +12,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/gocql/gocql"
 	"github.com/google/uuid"
 )
@@ -30,6 +31,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil && u.ID != user.ID {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 
@@ -299,3 +306,14 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user models.User
+	query := fmt.Sprintf("SELECT id, email, email_verified_at, password, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s WHERE phone_number = '%s' LIMIT 1 ALLOW FILTERING", KeySpace+"."+models.Collections.User, phoneNumber)
+	err := p.db.Query(query).Consistency(gocql.One).Scan(&user.ID, &user.Email, &user.EmailVerifiedAt, &user.Password, &user.SignupMethods, &user.GivenName, &user.FamilyName, &user.MiddleName, &user.Nickname, &user.Birthdate, &user.PhoneNumber, &user.PhoneNumberVerifiedAt, &user.Picture, &user.Roles, &user.RevokedTimestamp, &user.IsMultiFactorAuthEnabled, &user.CreatedAt, &user.UpdatedAt)
+	if err != nil {
+		return nil, err
+	}
+	return &user, nil
+}

server/db/providers/couchbase/email_template.go

@@ -0,0 +1,164 @@
+package couchbase
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddEmailTemplate to add EmailTemplate
+func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+
+	if emailTemplate.ID == "" {
+		emailTemplate.ID = uuid.New().String()
+	}
+
+	emailTemplate.Key = emailTemplate.ID
+	emailTemplate.CreatedAt = time.Now().Unix()
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+
+	_, err := p.db.Collection(models.Collections.EmailTemplate).Insert(emailTemplate.ID, emailTemplate, &insertOpt)
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// UpdateEmailTemplate to update EmailTemplate
+func (p *provider) UpdateEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	bytes, err := json.Marshal(emailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	// use decoder instead of json.Unmarshall, because it converts int64 -> float64 after unmarshalling
+	decoder := json.NewDecoder(strings.NewReader(string(bytes)))
+	decoder.UseNumber()
+	emailTemplateMap := map[string]interface{}{}
+	err = decoder.Decode(&emailTemplateMap)
+	if err != nil {
+		return nil, err
+	}
+
+	updateFields, params := GetSetFields(emailTemplateMap)
+	params["emailId"] = emailTemplate.ID
+
+	query := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id = $emailId", p.scopeName, models.Collections.EmailTemplate, updateFields)
+
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// ListEmailTemplates to list EmailTemplate
+func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagination) (*model.EmailTemplates, error) {
+	emailTemplates := []*model.EmailTemplate{}
+	paginationClone := pagination
+
+	_, paginationClone.Total = p.GetTotalDocs(ctx, models.Collections.EmailTemplate)
+
+	userQuery := fmt.Sprintf("SELECT _id, event_name, subject, design, template, created_at, updated_at FROM %s.%s ORDER BY _id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.EmailTemplate)
+
+	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	for queryResult.Next() {
+		emailTemplate := models.EmailTemplate{}
+		err := queryResult.Row(&emailTemplate)
+		if err != nil {
+			log.Fatal(err)
+		}
+		emailTemplates = append(emailTemplates, emailTemplate.AsAPIEmailTemplate())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+
+	return &model.EmailTemplates{
+		Pagination:     &paginationClone,
+		EmailTemplates: emailTemplates,
+	}, nil
+}
+
+// GetEmailTemplateByID to get EmailTemplate by id
+func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
+	emailTemplate := models.EmailTemplate{}
+
+	query := fmt.Sprintf(`SELECT  _id, event_name, subject, design, template, created_at, updated_at  FROM %s.%s WHERE _id = $1 LIMIT 1`, p.scopeName, models.Collections.EmailTemplate)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{emailTemplateID},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&emailTemplate)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// GetEmailTemplateByEventName to get EmailTemplate by event_name
+func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
+	emailTemplate := models.EmailTemplate{}
+
+	query := fmt.Sprintf("SELECT  _id, event_name, subject, design, template, created_at, updated_at  FROM %s.%s WHERE event_name=$1 LIMIT 1", p.scopeName, models.Collections.EmailTemplate)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{eventName},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&emailTemplate)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// DeleteEmailTemplate to delete EmailTemplate
+func (p *provider) DeleteEmailTemplate(ctx context.Context, emailTemplate *model.EmailTemplate) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.EmailTemplate).Remove(emailTemplate.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}

server/db/providers/couchbase/env.go

@@ -0,0 +1,70 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddEnv to save environment information in database
+func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	if env.ID == "" {
+		env.ID = uuid.New().String()
+	}
+	env.CreatedAt = time.Now().Unix()
+	env.UpdatedAt = time.Now().Unix()
+	env.Key = env.ID
+	env.EncryptionKey = env.Hash
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Env).Insert(env.ID, env, &insertOpt)
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// UpdateEnv to update environment information in database
+func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	env.UpdatedAt = time.Now().Unix()
+	env.EncryptionKey = env.Hash
+
+	updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env)
+	_, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{env.EnvData, env.UpdatedAt, env.UpdatedAt, env.ID},
+	})
+
+	if err != nil {
+		return env, err
+	}
+
+	return env, nil
+}
+
+// GetEnv to get environment information from database
+func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
+	var env models.Env
+
+	query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+	})
+	if err != nil {
+		return env, err
+	}
+	err = q.One(&env)
+
+	if err != nil {
+		return env, err
+	}
+	env.Hash = env.EncryptionKey
+	return env, nil
+}

server/db/providers/couchbase/otp.go

@@ -0,0 +1,84 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// UpsertOTP to add or update otp
+func (p *provider) UpsertOTP(ctx context.Context, otpParam *models.OTP) (*models.OTP, error) {
+	otp, _ := p.GetOTPByEmail(ctx, otpParam.Email)
+
+	shouldCreate := false
+	if otp == nil {
+		shouldCreate = true
+		otp = &models.OTP{
+			ID:        uuid.NewString(),
+			Otp:       otpParam.Otp,
+			Email:     otpParam.Email,
+			ExpiresAt: otpParam.ExpiresAt,
+			CreatedAt: time.Now().Unix(),
+			UpdatedAt: time.Now().Unix(),
+		}
+	} else {
+		otp.Otp = otpParam.Otp
+		otp.ExpiresAt = otpParam.ExpiresAt
+	}
+
+	otp.UpdatedAt = time.Now().Unix()
+	if shouldCreate {
+		insertOpt := gocb.InsertOptions{
+			Context: ctx,
+		}
+		_, err := p.db.Collection(models.Collections.OTP).Insert(otp.ID, otp, &insertOpt)
+		if err != nil {
+			return otp, err
+		}
+	} else {
+		query := fmt.Sprintf(`UPDATE %s.%s SET otp=$1, expires_at=$2, updated_at=$3 WHERE _id=$4`, p.scopeName, models.Collections.OTP)
+		_, err := p.db.Query(query, &gocb.QueryOptions{
+			PositionalParameters: []interface{}{otp.Otp, otp.ExpiresAt, otp.UpdatedAt, otp.ID},
+		})
+		if err != nil {
+			return otp, err
+		}
+	}
+	return otp, nil
+}
+
+// GetOTPByEmail to get otp for a given email address
+func (p *provider) GetOTPByEmail(ctx context.Context, emailAddress string) (*models.OTP, error) {
+	otp := models.OTP{}
+	query := fmt.Sprintf(`SELECT _id, email, otp, expires_at, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1`, p.scopeName, models.Collections.OTP)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{emailAddress},
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&otp)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &otp, nil
+}
+
+// DeleteOTP to delete otp
+func (p *provider) DeleteOTP(ctx context.Context, otp *models.OTP) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.OTP).Remove(otp.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}

server/db/providers/couchbase/provider.go

@@ -0,0 +1,161 @@
+package couchbase
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/couchbase/gocb/v2"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+)
+
+const (
+	defaultBucketName = "authorizer"
+	defaultScope      = "_default"
+)
+
+type provider struct {
+	db        *gocb.Scope
+	scopeName string
+}
+
+// NewProvider returns a new Couchbase provider
+func NewProvider() (*provider, error) {
+	bucketName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseBucket
+	scopeName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseScope
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	userName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	password := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+	opts := gocb.ClusterOptions{
+		Username: userName,
+		Password: password,
+	}
+	if bucketName == "" {
+		bucketName = defaultBucketName
+	}
+	if scopeName == "" {
+		scopeName = defaultScope
+	}
+	cluster, err := gocb.Connect(dbURL, opts)
+	if err != nil {
+		return nil, err
+	}
+	// To create the bucket and scope if not exist
+	bucket, err := CreateBucketAndScope(cluster, bucketName, scopeName)
+	if err != nil {
+		return nil, err
+	}
+	scope := bucket.Scope(scopeName)
+	scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName)
+	v := reflect.ValueOf(models.Collections)
+	for i := 0; i < v.NumField(); i++ {
+		collectionName := v.Field(i)
+		user := gocb.CollectionSpec{
+			Name:      collectionName.String(),
+			ScopeName: scopeName,
+		}
+		collectionOpts := gocb.CreateCollectionOptions{
+			Context: context.TODO(),
+		}
+		err = bucket.Collections().CreateCollection(user, &collectionOpts)
+		if err != nil && !errors.Is(err, gocb.ErrCollectionExists) {
+			return nil, err
+		}
+		// TODO: find how to fix this sleep time.
+		// Add wait time for successful collection creation
+		time.Sleep(5 * time.Second)
+		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String())
+		_, err = scope.Query(indexQuery, nil)
+		if err != nil && !strings.Contains(err.Error(), "The index #primary already exists") {
+			return nil, err
+		}
+	}
+
+	indices := GetIndex(scopeIdentifier)
+	for i := 0; i < v.NumField(); i++ {
+		field := v.Field(i)
+		for _, indexQuery := range indices[field.String()] {
+			scope.Query(indexQuery, nil)
+		}
+	}
+	return &provider{
+		db:        scope,
+		scopeName: scopeIdentifier,
+	}, nil
+}
+
+func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName string) (*gocb.Bucket, error) {
+	bucketRAMQuotaMB := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseBucketRAMQuotaMB
+	if bucketRAMQuotaMB == "" {
+		bucketRAMQuotaMB = "1000"
+	}
+	bucketRAMQuota, err := strconv.ParseInt(bucketRAMQuotaMB, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	settings := gocb.BucketSettings{
+		Name:            bucketName,
+		RAMQuotaMB:      uint64(bucketRAMQuota),
+		BucketType:      gocb.CouchbaseBucketType,
+		EvictionPolicy:  gocb.EvictionPolicyTypeValueOnly,
+		FlushEnabled:    true,
+		CompressionMode: gocb.CompressionModeActive,
+	}
+	err = cluster.Buckets().CreateBucket(gocb.CreateBucketSettings{
+		BucketSettings:         settings,
+		ConflictResolutionType: gocb.ConflictResolutionTypeSequenceNumber,
+	}, nil)
+	bucket := cluster.Bucket(bucketName)
+	if err != nil && !errors.Is(err, gocb.ErrBucketExists) {
+		return bucket, err
+	}
+	if scopeName != defaultScope {
+		err = bucket.Collections().CreateScope(scopeName, nil)
+		if err != nil && !errors.Is(err, gocb.ErrScopeExists) {
+			return bucket, err
+		}
+	}
+	return bucket, nil
+}
+
+func GetIndex(scopeName string) map[string][]string {
+	indices := make(map[string][]string)
+
+	// User Index
+	userIndex1 := fmt.Sprintf("CREATE INDEX userEmailIndex ON %s.%s(email)", scopeName, models.Collections.User)
+	userIndex2 := fmt.Sprintf("CREATE INDEX userPhoneIndex ON %s.%s(phone_number)", scopeName, models.Collections.User)
+	indices[models.Collections.User] = []string{userIndex1, userIndex2}
+
+	// VerificationRequest
+	verificationIndex1 := fmt.Sprintf("CREATE INDEX verificationRequestTokenIndex ON %s.%s(token)", scopeName, models.Collections.VerificationRequest)
+	verificationIndex2 := fmt.Sprintf("CREATE INDEX verificationRequestEmailAndIdentifierIndex ON %s.%s(email,identifier)", scopeName, models.Collections.VerificationRequest)
+	indices[models.Collections.VerificationRequest] = []string{verificationIndex1, verificationIndex2}
+
+	// Session index
+	sessionIndex1 := fmt.Sprintf("CREATE INDEX SessionUserIdIndex ON %s.%s(user_id)", scopeName, models.Collections.Session)
+	indices[models.Collections.Session] = []string{sessionIndex1}
+
+	// Webhook index
+	webhookIndex1 := fmt.Sprintf("CREATE INDEX webhookEventNameIndex ON %s.%s(event_name)", scopeName, models.Collections.Webhook)
+	indices[models.Collections.Webhook] = []string{webhookIndex1}
+
+	// WebhookLog index
+	webhookLogIndex1 := fmt.Sprintf("CREATE INDEX webhookLogIdIndex ON %s.%s(webhook_id)", scopeName, models.Collections.WebhookLog)
+	indices[models.Collections.Webhook] = []string{webhookLogIndex1}
+
+	// WebhookLog index
+	emailTempIndex1 := fmt.Sprintf("CREATE INDEX EmailTemplateEventNameIndex ON %s.%s(event_name)", scopeName, models.Collections.EmailTemplate)
+	indices[models.Collections.EmailTemplate] = []string{emailTempIndex1}
+
+	// OTP index
+	otpIndex1 := fmt.Sprintf("CREATE INDEX OTPEmailIndex ON %s.%s(email)", scopeName, models.Collections.OTP)
+	indices[models.Collections.OTP] = []string{otpIndex1}
+
+	return indices
+}

server/db/providers/couchbase/session.go

@@ -0,0 +1,34 @@
+package couchbase
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddSession to save session information in database
+func (p *provider) AddSession(ctx context.Context, session models.Session) error {
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	session.CreatedAt = time.Now().Unix()
+	session.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Session).Insert(session.ID, session, &insertOpt)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteSession to delete session information from database
+func (p *provider) DeleteSession(ctx context.Context, userId string) error {
+	return nil
+}

server/db/providers/couchbase/shared.go

@@ -0,0 +1,65 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/couchbase/gocb/v2"
+)
+
+func GetSetFields(webhookMap map[string]interface{}) (string, map[string]interface{}) {
+	params := make(map[string]interface{}, 1)
+
+	updateFields := ""
+
+	for key, value := range webhookMap {
+		if key == "_id" {
+			continue
+		}
+
+		if key == "_key" {
+			continue
+		}
+
+		if value == nil {
+			updateFields += fmt.Sprintf("%s=$%s,", key, key)
+			params[key] = "null"
+			continue
+		}
+
+		valueType := reflect.TypeOf(value)
+		if valueType.Name() == "string" {
+			updateFields += fmt.Sprintf("%s = $%s, ", key, key)
+			params[key] = value.(string)
+
+		} else {
+			updateFields += fmt.Sprintf("%s = $%s, ", key, key)
+			params[key] = value
+		}
+	}
+	updateFields = strings.Trim(updateFields, " ")
+	updateFields = strings.TrimSuffix(updateFields, ",")
+	return updateFields, params
+}
+
+func (p *provider) GetTotalDocs(ctx context.Context, collection string) (error, int64) {
+	totalDocs := TotalDocs{}
+
+	countQuery := fmt.Sprintf("SELECT COUNT(*) as Total FROM %s.%s", p.scopeName, collection)
+	queryRes, err := p.db.Query(countQuery, &gocb.QueryOptions{
+		Context: ctx,
+	})
+
+	queryRes.One(&totalDocs)
+
+	if err != nil {
+		return err, totalDocs.Total
+	}
+	return nil, totalDocs.Total
+}
+
+type TotalDocs struct {
+	Total int64
+}

server/db/providers/couchbase/user.go

@@ -0,0 +1,203 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddUser to save user information in database
+func (p *provider) AddUser(ctx context.Context, user models.User) (models.User, error) {
+	if user.ID == "" {
+		user.ID = uuid.New().String()
+	}
+
+	if user.Roles == "" {
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
+	}
+
+	user.CreatedAt = time.Now().Unix()
+	user.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Insert(user.ID, user, &insertOpt)
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// UpdateUser to update user information in database
+func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
+	user.UpdatedAt = time.Now().Unix()
+	unsertOpt := gocb.UpsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Upsert(user.ID, user, &unsertOpt)
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// DeleteUser to delete user information from database
+func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Remove(user.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// ListUsers to get list of users from database
+func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
+	users := []*model.User{}
+	paginationClone := pagination
+
+	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
+
+	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+
+	_, paginationClone.Total = p.GetTotalDocs(ctx, models.Collections.User)
+
+	if err != nil {
+		return nil, err
+	}
+
+	for queryResult.Next() {
+		var user models.User
+		err := queryResult.Row(&user)
+		if err != nil {
+			log.Fatal(err)
+		}
+		users = append(users, user.AsAPIUser())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+
+	return &model.Users{
+		Pagination: &paginationClone,
+		Users:      users,
+	}, nil
+}
+
+// GetUserByEmail to get user information from database using email address
+func (p *provider) GetUserByEmail(ctx context.Context, email string) (models.User, error) {
+	user := models.User{}
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{email},
+	})
+
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
+
+// GetUserByID to get user information from database using user ID
+func (p *provider) GetUserByID(ctx context.Context, id string) (models.User, error) {
+	user := models.User{}
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{id},
+	})
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
+
+// UpdateUsers to update multiple users, with parameters of user IDs slice
+// If ids set to nil / empty all the users will be updated
+func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{}, ids []string) error {
+	// set updated_at time for all users
+	data["updated_at"] = time.Now().Unix()
+
+	updateFields, params := GetSetFields(data)
+
+	if ids != nil && len(ids) > 0 {
+		for _, id := range ids {
+			params["id"] = id
+			userQuery := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id = $id", p.scopeName, models.Collections.User, updateFields)
+
+			_, err := p.db.Query(userQuery, &gocb.QueryOptions{
+				ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+				Context:         ctx,
+				NamedParameters: params,
+			})
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		userQuery := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id IS NOT NULL", p.scopeName, models.Collections.User, updateFields)
+		_, err := p.db.Query(userQuery, &gocb.QueryOptions{
+			ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+			Context:         ctx,
+			NamedParameters: params,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{phoneNumber},
+	})
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}

server/db/providers/couchbase/verification_requests.go

@@ -0,0 +1,128 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddVerification to save verification request in database
+func (p *provider) AddVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) (models.VerificationRequest, error) {
+	if verificationRequest.ID == "" {
+		verificationRequest.ID = uuid.New().String()
+	}
+
+	verificationRequest.Key = verificationRequest.ID
+	verificationRequest.CreatedAt = time.Now().Unix()
+	verificationRequest.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.VerificationRequest).Insert(verificationRequest.ID, verificationRequest, &insertOpt)
+	if err != nil {
+		return verificationRequest, err
+	}
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByToken to get verification request from database using token
+func (p *provider) GetVerificationRequestByToken(ctx context.Context, token string) (models.VerificationRequest, error) {
+	verificationRequest := models.VerificationRequest{}
+	params := make(map[string]interface{}, 1)
+	params["token"] = token
+	query := fmt.Sprintf("SELECT _id, token, identifier, expires_at, email, nonce, redirect_uri, created_at, updated_at FROM %s.%s WHERE token=$1 LIMIT 1", p.scopeName, models.Collections.VerificationRequest)
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{token},
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+	})
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	err = queryResult.One(&verificationRequest)
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByEmail to get verification request by email from database
+func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email string, identifier string) (models.VerificationRequest, error) {
+
+	query := fmt.Sprintf("SELECT _id, identifier, token, expires_at, email, nonce, redirect_uri, created_at, updated_at FROM %s.%s WHERE email=$1 AND identifier=$2 LIMIT 1", p.scopeName, models.Collections.VerificationRequest)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{email, identifier},
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+	})
+	verificationRequest := models.VerificationRequest{}
+
+	if err != nil {
+		return verificationRequest, err
+	}
+
+	err = queryResult.One(&verificationRequest)
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// ListVerificationRequests to get list of verification requests from database
+func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
+	var verificationRequests []*model.VerificationRequest
+	paginationClone := pagination
+
+	_, paginationClone.Total = p.GetTotalDocs(ctx, models.Collections.VerificationRequest)
+
+	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s OFFSET $1 LIMIT $2", p.scopeName, models.Collections.VerificationRequest)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var verificationRequest models.VerificationRequest
+		err := queryResult.Row(&verificationRequest)
+		if err != nil {
+			log.Fatal(err)
+		}
+		verificationRequests = append(verificationRequests, verificationRequest.AsAPIVerificationRequest())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.VerificationRequests{
+		VerificationRequests: verificationRequests,
+		Pagination:           &paginationClone,
+	}, nil
+}
+
+// DeleteVerificationRequest to delete verification request from database
+func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.VerificationRequest).Remove(verificationRequest.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}

server/db/providers/couchbase/webhook.go

@@ -0,0 +1,187 @@
+package couchbase
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddWebhook to add webhook
+func (p *provider) AddWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	if webhook.ID == "" {
+		webhook.ID = uuid.New().String()
+	}
+
+	webhook.Key = webhook.ID
+	webhook.CreatedAt = time.Now().Unix()
+	webhook.UpdatedAt = time.Now().Unix()
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Webhook).Insert(webhook.ID, webhook, &insertOpt)
+	if err != nil {
+		return webhook.AsAPIWebhook(), err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// UpdateWebhook to update webhook
+func (p *provider) UpdateWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	webhook.UpdatedAt = time.Now().Unix()
+
+	bytes, err := json.Marshal(webhook)
+	if err != nil {
+		return nil, err
+	}
+	// use decoder instead of json.Unmarshall, because it converts int64 -> float64 after unmarshalling
+	decoder := json.NewDecoder(strings.NewReader(string(bytes)))
+	decoder.UseNumber()
+	webhookMap := map[string]interface{}{}
+	err = decoder.Decode(&webhookMap)
+	if err != nil {
+		return nil, err
+	}
+
+	updateFields, params := GetSetFields(webhookMap)
+
+	query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id='%s'`, p.scopeName, models.Collections.Webhook, updateFields, webhook.ID)
+
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// ListWebhooks to list webhook
+func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination) (*model.Webhooks, error) {
+	webhooks := []*model.Webhook{}
+	paginationClone := pagination
+
+	params := make(map[string]interface{}, 1)
+	params["offset"] = paginationClone.Offset
+	params["limit"] = paginationClone.Limit
+
+	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s OFFSET $offset LIMIT $limit", p.scopeName, models.Collections.Webhook)
+
+	_, paginationClone.Total = p.GetTotalDocs(ctx, models.Collections.Webhook)
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var webhook models.Webhook
+		err := queryResult.Row(&webhook)
+		if err != nil {
+			log.Fatal(err)
+		}
+		webhooks = append(webhooks, webhook.AsAPIWebhook())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.Webhooks{
+		Pagination: &paginationClone,
+		Webhooks:   webhooks,
+	}, nil
+}
+
+// GetWebhookByID to get webhook by id
+func (p *provider) GetWebhookByID(ctx context.Context, webhookID string) (*model.Webhook, error) {
+	var webhook models.Webhook
+
+	params := make(map[string]interface{}, 1)
+	params["_id"] = webhookID
+
+	query := fmt.Sprintf(`SELECT _id, event_name, endpoint, headers, enabled, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, models.Collections.Webhook)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// GetWebhookByEventName to get webhook by event_name
+func (p *provider) GetWebhookByEventName(ctx context.Context, eventName string) (*model.Webhook, error) {
+	var webhook models.Webhook
+	params := make(map[string]interface{}, 1)
+	params["event_name"] = eventName
+
+	query := fmt.Sprintf(`SELECT _id, event_name, endpoint, headers, enabled, created_at, updated_at FROM %s.%s WHERE event_name=$event_name LIMIT 1`, p.scopeName, models.Collections.Webhook)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// DeleteWebhook to delete webhook
+func (p *provider) DeleteWebhook(ctx context.Context, webhook *model.Webhook) error {
+
+	params := make(map[string]interface{}, 1)
+	params["webhook_id"] = webhook.ID
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Webhook).Remove(webhook.ID, &removeOpt)
+
+	if err != nil {
+		return err
+	}
+
+	query := fmt.Sprintf(`DELETE FROM %s.%s WHERE webhook_id=$webhook_id`, p.scopeName, models.Collections.WebhookLog)
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

server/db/providers/couchbase/webhook_log.go

@@ -0,0 +1,83 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddWebhookLog to add webhook log
+func (p *provider) AddWebhookLog(ctx context.Context, webhookLog models.WebhookLog) (*model.WebhookLog, error) {
+	if webhookLog.ID == "" {
+		webhookLog.ID = uuid.New().String()
+	}
+
+	webhookLog.Key = webhookLog.ID
+	webhookLog.CreatedAt = time.Now().Unix()
+	webhookLog.UpdatedAt = time.Now().Unix()
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.WebhookLog).Insert(webhookLog.ID, webhookLog, &insertOpt)
+	if err != nil {
+		return webhookLog.AsAPIWebhookLog(), err
+	}
+
+	return webhookLog.AsAPIWebhookLog(), nil
+}
+
+// ListWebhookLogs to list webhook logs
+func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Pagination, webhookID string) (*model.WebhookLogs, error) {
+	var query string
+	var err error
+
+	webhookLogs := []*model.WebhookLog{}
+	params := make(map[string]interface{}, 1)
+	paginationClone := pagination
+
+	params["webhookID"] = webhookID
+	params["offset"] = paginationClone.Offset
+	params["limit"] = paginationClone.Limit
+
+	_, paginationClone.Total = p.GetTotalDocs(ctx, models.Collections.WebhookLog)
+
+	if webhookID != "" {
+		query = fmt.Sprintf(`SELECT _id, http_status, response, request, webhook_id, created_at, updated_at FROM %s.%s WHERE webhook_id=$webhookID`, p.scopeName, models.Collections.WebhookLog)
+	} else {
+		query = fmt.Sprintf("SELECT _id, http_status, response, request, webhook_id, created_at, updated_at FROM %s.%s OFFSET $offset LIMIT $limit", p.scopeName, models.Collections.WebhookLog)
+	}
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var webhookLog models.WebhookLog
+		err := queryResult.Row(&webhookLog)
+		if err != nil {
+			log.Fatal(err)
+		}
+		webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.WebhookLogs{
+		Pagination:  &paginationClone,
+		WebhookLogs: webhookLogs,
+	}, nil
+}

server/db/providers/dynamodb/env.go

@@ -34,7 +34,6 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
 
 // UpdateEnv to update environment information in database
 func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
-
 	collection := p.db.Table(models.Collections.Env)
 	env.UpdatedAt = time.Now().Unix()
 

server/db/providers/dynamodb/user.go

@@ -3,12 +3,15 @@ package dynamodb
 import (
 	"context"
 	"errors"
+	"fmt"
+	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/google/uuid"
 	"github.com/guregu/dynamo"
 	log "github.com/sirupsen/logrus"
@@ -30,6 +33,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 
@@ -193,3 +202,23 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var users []models.User
+	var user models.User
+
+	collection := p.db.Table(models.Collections.User)
+	err := collection.Scan().Filter("'phone_number' = ?", phoneNumber).AllWithContext(ctx, &users)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(users) > 0 {
+		user = users[0]
+		return &user, nil
+	} else {
+		return nil, errors.New("no record found")
+	}
+}

server/db/providers/mongodb/user.go

@@ -155,3 +155,16 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user models.User
+
+	userCollection := p.db.Collection(models.Collections.User, options.Collection())
+	err := userCollection.FindOne(ctx, bson.M{"phone_number": phoneNumber}).Decode(&user)
+	if err != nil {
+		return nil, err
+	}
+
+	return &user, nil
+}

server/db/providers/provider_template/user.go

@@ -69,3 +69,10 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 
 	return nil
 }
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+
+	return user, nil
+}

server/db/providers/providers.go

@@ -18,6 +18,8 @@ type Provider interface {
 	ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error)
 	// GetUserByEmail to get user information from database using email address
 	GetUserByEmail(ctx context.Context, email string) (models.User, error)
+	// GetUserByPhoneNumber to get user information from database using phone number
+	GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error)
 	// GetUserByID to get user information from database using user ID
 	GetUserByID(ctx context.Context, id string) (models.User, error)
 	// UpdateUsers to update multiple users, with parameters of user IDs slice

server/db/providers/sql/user.go

@@ -31,7 +31,7 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 	}
 
 	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
-		if u, _ := p.GetUserByPhone(ctx, refs.StringValue(user.PhoneNumber)); u != nil {
+		if u, _ := p.GetUserByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber)); u != nil {
 			return user, fmt.Errorf("user with given phone number already exists")
 		}
 	}
@@ -56,12 +56,6 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
 	user.UpdatedAt = time.Now().Unix()
 
-	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
-		if u, _ := p.GetUserByPhone(ctx, refs.StringValue(user.PhoneNumber)); u != nil && u.ID != user.ID {
-			return user, fmt.Errorf("user with given phone number already exists")
-		}
-	}
-
 	result := p.db.Save(&user)
 
 	if result.Error != nil {
@@ -73,13 +67,12 @@ func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.Use
 
 // DeleteUser to delete user information from database
 func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
-	result := p.db.Delete(&user)
-
+	result := p.db.Where("user_id = ?", user.ID).Delete(&models.Session{})
 	if result.Error != nil {
 		return result.Error
 	}
 
-	result = p.db.Where("user_id = ?", user.ID).Delete(&models.Session{})
+	result = p.db.Delete(&user)
 	if result.Error != nil {
 		return result.Error
 	}
@@ -157,12 +150,13 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	return nil
 }
 
-func (p *provider) GetUserByPhone(ctx context.Context, phoneNumber string) (*models.User, error) {
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
 	var user *models.User
 	result := p.db.Where("phone_number = ?", phoneNumber).First(&user)
 
 	if result.Error != nil {
-		return user, result.Error
+		return nil, result.Error
 	}
 
 	return user, nil

server/env/env.go

@@ -81,11 +81,15 @@ func InitAllEnv() error {
 	osAwsRegion := os.Getenv(constants.EnvAwsRegion)
 	osAwsAccessKey := os.Getenv(constants.EnvAwsAccessKeyID)
 	osAwsSecretKey := os.Getenv(constants.EnvAwsSecretAccessKey)
+	osCouchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
+	osCouchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
+	osCouchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)
 
 	// os bool vars
 	osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
 	osAdminCookieSecure := os.Getenv(constants.EnvKeyAdminCookieSecure)
 	osDisableBasicAuthentication := os.Getenv(constants.EnvKeyDisableBasicAuthentication)
+	osDisableMobileBasicAuthentication := os.Getenv(constants.AuthRecipeMethodMobileBasicAuth)
 	osDisableEmailVerification := os.Getenv(constants.EnvKeyDisableEmailVerification)
 	osDisableMagicLinkLogin := os.Getenv(constants.EnvKeyDisableMagicLinkLogin)
 	osDisableLoginPage := os.Getenv(constants.EnvKeyDisableLoginPage)
@@ -133,17 +137,38 @@ func InitAllEnv() error {
 	if val, ok := envData[constants.EnvAwsAccessKeyID]; !ok || val == "" {
 		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
 	}
-	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsRegion {
+	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsAccessKey {
 		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
 	}
 
 	if val, ok := envData[constants.EnvAwsSecretAccessKey]; !ok || val == "" {
 		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
 	}
-	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsRegion {
+	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsSecretKey {
 		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
 	}
 
+	if val, ok := envData[constants.EnvCouchbaseBucket]; !ok || val == "" {
+		envData[constants.EnvCouchbaseBucket] = osCouchbaseBucket
+	}
+	if osCouchbaseBucket != "" && envData[constants.EnvCouchbaseBucket] != osCouchbaseBucket {
+		envData[constants.EnvCouchbaseBucket] = osCouchbaseBucket
+	}
+
+	if val, ok := envData[constants.EnvCouchbaseBucketRAMQuotaMB]; !ok || val == "" {
+		envData[constants.EnvCouchbaseBucketRAMQuotaMB] = osCouchbaseBucketRAMQuotaMB
+	}
+	if osCouchbaseBucketRAMQuotaMB != "" && envData[constants.EnvCouchbaseBucketRAMQuotaMB] != osCouchbaseBucketRAMQuotaMB {
+		envData[constants.EnvCouchbaseBucketRAMQuotaMB] = osCouchbaseBucketRAMQuotaMB
+	}
+
+	if val, ok := envData[constants.EnvCouchbaseScope]; !ok || val == "" {
+		envData[constants.EnvCouchbaseScope] = osCouchbaseScope
+	}
+	if osCouchbaseScope != "" && envData[constants.EnvCouchbaseScope] != osCouchbaseScope {
+		envData[constants.EnvCouchbaseScope] = osCouchbaseScope
+	}
+
 	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
 		envData[constants.EnvKeyAppURL] = osAppURL
 	}
@@ -498,6 +523,19 @@ func InitAllEnv() error {
 		}
 	}
 
+	if _, ok := envData[constants.EnvKeyDisableMobileBasicAuthentication]; !ok {
+		envData[constants.EnvKeyDisableMobileBasicAuthentication] = osDisableBasicAuthentication == "true"
+	}
+	if osDisableMobileBasicAuthentication != "" {
+		boolValue, err := strconv.ParseBool(osDisableMobileBasicAuthentication)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableMobileBasicAuthentication].(bool) {
+			envData[constants.EnvKeyDisableMobileBasicAuthentication] = boolValue
+		}
+	}
+
 	if _, ok := envData[constants.EnvKeyDisableEmailVerification]; !ok {
 		envData[constants.EnvKeyDisableEmailVerification] = osDisableEmailVerification == "true"
 	}

server/env/persist_env.go

@@ -75,7 +75,6 @@ func GetEnvData() (map[string]interface{}, error) {
 	}
 
 	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
-
 	b64DecryptedConfig, err := crypto.DecryptB64(env.EnvData)
 	if err != nil {
 		log.Debug("Error while decrypting env data from B64: ", err)
@@ -201,7 +200,7 @@ func PersistEnv() error {
 				envValue := strings.TrimSpace(os.Getenv(key))
 				if envValue != "" {
 					switch key {
-					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure:
+					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableMobileBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure:
 						if envValueBool, err := strconv.ParseBool(envValue); err == nil {
 							if value.(bool) != envValueBool {
 								storeData[key] = envValueBool

server/go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/arangodb/go-driver v1.2.1
 	github.com/aws/aws-sdk-go v1.44.109
 	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/couchbase/gocb/v2 v2.6.0 // indirect
 	github.com/gin-gonic/gin v1.8.1
 	github.com/glebarez/sqlite v1.5.0
 	github.com/go-playground/validator/v10 v10.11.1 // indirect

server/go.sum

@@ -77,6 +77,11 @@ github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbr
 github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/couchbase/gocb/v2 v2.6.0 h1:DhkLNatDcddCcS411D6kNwZspSEAWVeI/N3abzt/HLc=
+github.com/couchbase/gocb/v2 v2.6.0/go.mod h1:5su8b1gBF3V4j07SiGw+CA0bK9a84YWEb6UH7up0MEs=
+github.com/couchbase/gocbcore/v10 v10.2.0 h1:ZoSBLtcmt+lXbxVVT4SAhXDVNR+D48iSOZWNzHucVVk=
+github.com/couchbase/gocbcore/v10 v10.2.0/go.mod h1:qkPnOBziCs0guMEEvd0cRFo+AjOW0yEL99cU3I4n3Ao=
+github.com/couchbaselabs/gocaves/client v0.0.0-20220223122017-22859b310bd2/go.mod h1:AVekAZwIY2stsJOMWLAS/0uA/+qdp7pjO8EHnl61QkY=
 github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
@@ -174,6 +179,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -377,6 +384,7 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -447,7 +455,6 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b h1:huxqepDufQpLLIRXiVkTvnxrzJlpwmIWAObmcCcUFr0=
 golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
@@ -524,8 +531,6 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b h1:uKO3Js8lXGjpjdc4J3rqs0/Ex5yDKUGfk43tTYWVLas=
-golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -598,16 +603,12 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220224120231-95c6836cb0e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -617,7 +618,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=

server/graph/model/models_gen.go

@@ -136,6 +136,10 @@ type GenerateJWTKeysResponse struct {
 	PrivateKey *string `json:"private_key"`
 }
 
+type GetUserRequest struct {
+	ID string `json:"id"`
+}
+
 type InviteMemberInput struct {
 	Emails      []string `json:"emails"`
 	RedirectURI *string  `json:"redirect_uri"`
@@ -179,6 +183,33 @@ type Meta struct {
 	IsMultiFactorAuthEnabled     bool   `json:"is_multi_factor_auth_enabled"`
 }
 
+type MobileLoginInput struct {
+	PhoneNumber string   `json:"phone_number"`
+	Password    string   `json:"password"`
+	Roles       []string `json:"roles"`
+	Scope       []string `json:"scope"`
+	State       *string  `json:"state"`
+}
+
+type MobileSignUpInput struct {
+	Email                    *string  `json:"email"`
+	GivenName                *string  `json:"given_name"`
+	FamilyName               *string  `json:"family_name"`
+	MiddleName               *string  `json:"middle_name"`
+	Nickname                 *string  `json:"nickname"`
+	Gender                   *string  `json:"gender"`
+	Birthdate                *string  `json:"birthdate"`
+	PhoneNumber              string   `json:"phone_number"`
+	Picture                  *string  `json:"picture"`
+	Password                 string   `json:"password"`
+	ConfirmPassword          string   `json:"confirm_password"`
+	Roles                    []string `json:"roles"`
+	Scope                    []string `json:"scope"`
+	RedirectURI              *string  `json:"redirect_uri"`
+	IsMultiFactorAuthEnabled *bool    `json:"is_multi_factor_auth_enabled"`
+	State                    *string  `json:"state"`
+}
+
 type OAuthRevokeInput struct {
 	RefreshToken string `json:"refresh_token"`
 }

server/graph/schema.graphqls

@@ -6,527 +6,567 @@ scalar Map
 scalar Any
 
 type Pagination {
-	limit: Int64!
-	page: Int64!
-	offset: Int64!
-	total: Int64!
+  limit: Int64!
+  page: Int64!
+  offset: Int64!
+  total: Int64!
 }
 
 type Meta {
-	version: String!
-	client_id: String!
-	is_google_login_enabled: Boolean!
-	is_facebook_login_enabled: Boolean!
-	is_github_login_enabled: Boolean!
-	is_linkedin_login_enabled: Boolean!
-	is_apple_login_enabled: Boolean!
-	is_twitter_login_enabled: Boolean!
-	is_email_verification_enabled: Boolean!
-	is_basic_authentication_enabled: Boolean!
-	is_magic_link_login_enabled: Boolean!
-	is_sign_up_enabled: Boolean!
-	is_strong_password_enabled: Boolean!
-	is_multi_factor_auth_enabled: Boolean!
+  version: String!
+  client_id: String!
+  is_google_login_enabled: Boolean!
+  is_facebook_login_enabled: Boolean!
+  is_github_login_enabled: Boolean!
+  is_linkedin_login_enabled: Boolean!
+  is_apple_login_enabled: Boolean!
+  is_twitter_login_enabled: Boolean!
+  is_email_verification_enabled: Boolean!
+  is_basic_authentication_enabled: Boolean!
+  is_magic_link_login_enabled: Boolean!
+  is_sign_up_enabled: Boolean!
+  is_strong_password_enabled: Boolean!
+  is_multi_factor_auth_enabled: Boolean!
 }
 
 type User {
-	id: ID!
-	email: String!
-	email_verified: Boolean!
-	signup_methods: String!
-	given_name: String
-	family_name: String
-	middle_name: String
-	nickname: String
-	# defaults to email
-	preferred_username: String
-	gender: String
-	birthdate: String
-	phone_number: String
-	phone_number_verified: Boolean
-	picture: String
-	roles: [String!]!
-	created_at: Int64
-	updated_at: Int64
-	revoked_timestamp: Int64
-	is_multi_factor_auth_enabled: Boolean
+  id: ID!
+  email: String!
+  email_verified: Boolean!
+  signup_methods: String!
+  given_name: String
+  family_name: String
+  middle_name: String
+  nickname: String
+  # defaults to email
+  preferred_username: String
+  gender: String
+  birthdate: String
+  phone_number: String
+  phone_number_verified: Boolean
+  picture: String
+  roles: [String!]!
+  created_at: Int64
+  updated_at: Int64
+  revoked_timestamp: Int64
+  is_multi_factor_auth_enabled: Boolean
 }
 
 type Users {
-	pagination: Pagination!
-	users: [User!]!
+  pagination: Pagination!
+  users: [User!]!
 }
 
 type VerificationRequest {
-	id: ID!
-	identifier: String
-	token: String
-	email: String
-	expires: Int64
-	created_at: Int64
-	updated_at: Int64
-	nonce: String
-	redirect_uri: String
+  id: ID!
+  identifier: String
+  token: String
+  email: String
+  expires: Int64
+  created_at: Int64
+  updated_at: Int64
+  nonce: String
+  redirect_uri: String
 }
 
 type VerificationRequests {
-	pagination: Pagination!
-	verification_requests: [VerificationRequest!]!
+  pagination: Pagination!
+  verification_requests: [VerificationRequest!]!
 }
 
 type Error {
-	message: String!
-	reason: String!
+  message: String!
+  reason: String!
 }
 
 type AuthResponse {
-	message: String!
-	should_show_otp_screen: Boolean
-	access_token: String
-	id_token: String
-	refresh_token: String
-	expires_in: Int64
-	user: User
+  message: String!
+  should_show_otp_screen: Boolean
+  access_token: String
+  id_token: String
+  refresh_token: String
+  expires_in: Int64
+  user: User
 }
 
 type Response {
-	message: String!
+  message: String!
 }
 
 type Env {
-	ACCESS_TOKEN_EXPIRY_TIME: String
-	ADMIN_SECRET: String
-	DATABASE_NAME: String
-	DATABASE_URL: String
-	DATABASE_TYPE: String
-	DATABASE_USERNAME: String
-	DATABASE_PASSWORD: String
-	DATABASE_HOST: String
-	DATABASE_PORT: String
-	CLIENT_ID: String!
-	CLIENT_SECRET: String!
-	CUSTOM_ACCESS_TOKEN_SCRIPT: String
-	SMTP_HOST: String
-	SMTP_PORT: String
-	SMTP_USERNAME: String
-	SMTP_PASSWORD: String
-	SMTP_LOCAL_NAME: String
-	SENDER_EMAIL: String
-	JWT_TYPE: String
-	JWT_SECRET: String
-	JWT_PRIVATE_KEY: String
-	JWT_PUBLIC_KEY: String
-	ALLOWED_ORIGINS: [String!]
-	APP_URL: String
-	REDIS_URL: String
-	RESET_PASSWORD_URL: String
-	DISABLE_EMAIL_VERIFICATION: Boolean!
-	DISABLE_BASIC_AUTHENTICATION: Boolean!
-	DISABLE_MAGIC_LINK_LOGIN: Boolean!
-	DISABLE_LOGIN_PAGE: Boolean!
-	DISABLE_SIGN_UP: Boolean!
-	DISABLE_REDIS_FOR_ENV: Boolean!
-	DISABLE_STRONG_PASSWORD: Boolean!
-	DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean!
-	ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean!
-	ROLES: [String!]
-	PROTECTED_ROLES: [String!]
-	DEFAULT_ROLES: [String!]
-	JWT_ROLE_CLAIM: String
-	GOOGLE_CLIENT_ID: String
-	GOOGLE_CLIENT_SECRET: String
-	GITHUB_CLIENT_ID: String
-	GITHUB_CLIENT_SECRET: String
-	FACEBOOK_CLIENT_ID: String
-	FACEBOOK_CLIENT_SECRET: String
-	LINKEDIN_CLIENT_ID: String
-	LINKEDIN_CLIENT_SECRET: String
-	APPLE_CLIENT_ID: String
-	APPLE_CLIENT_SECRET: String
-	TWITTER_CLIENT_ID: String
-	TWITTER_CLIENT_SECRET: String
-	ORGANIZATION_NAME: String
-	ORGANIZATION_LOGO: String
-	APP_COOKIE_SECURE: Boolean!
-	ADMIN_COOKIE_SECURE: Boolean!
+  ACCESS_TOKEN_EXPIRY_TIME: String
+  ADMIN_SECRET: String
+  DATABASE_NAME: String
+  DATABASE_URL: String
+  DATABASE_TYPE: String
+  DATABASE_USERNAME: String
+  DATABASE_PASSWORD: String
+  DATABASE_HOST: String
+  DATABASE_PORT: String
+  CLIENT_ID: String!
+  CLIENT_SECRET: String!
+  CUSTOM_ACCESS_TOKEN_SCRIPT: String
+  SMTP_HOST: String
+  SMTP_PORT: String
+  SMTP_USERNAME: String
+  SMTP_PASSWORD: String
+  SMTP_LOCAL_NAME: String
+  SENDER_EMAIL: String
+  JWT_TYPE: String
+  JWT_SECRET: String
+  JWT_PRIVATE_KEY: String
+  JWT_PUBLIC_KEY: String
+  ALLOWED_ORIGINS: [String!]
+  APP_URL: String
+  REDIS_URL: String
+  RESET_PASSWORD_URL: String
+  DISABLE_EMAIL_VERIFICATION: Boolean!
+  DISABLE_BASIC_AUTHENTICATION: Boolean!
+  DISABLE_MAGIC_LINK_LOGIN: Boolean!
+  DISABLE_LOGIN_PAGE: Boolean!
+  DISABLE_SIGN_UP: Boolean!
+  DISABLE_REDIS_FOR_ENV: Boolean!
+  DISABLE_STRONG_PASSWORD: Boolean!
+  DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean!
+  ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean!
+  ROLES: [String!]
+  PROTECTED_ROLES: [String!]
+  DEFAULT_ROLES: [String!]
+  JWT_ROLE_CLAIM: String
+  GOOGLE_CLIENT_ID: String
+  GOOGLE_CLIENT_SECRET: String
+  GITHUB_CLIENT_ID: String
+  GITHUB_CLIENT_SECRET: String
+  FACEBOOK_CLIENT_ID: String
+  FACEBOOK_CLIENT_SECRET: String
+  LINKEDIN_CLIENT_ID: String
+  LINKEDIN_CLIENT_SECRET: String
+  APPLE_CLIENT_ID: String
+  APPLE_CLIENT_SECRET: String
+  TWITTER_CLIENT_ID: String
+  TWITTER_CLIENT_SECRET: String
+  ORGANIZATION_NAME: String
+  ORGANIZATION_LOGO: String
+  APP_COOKIE_SECURE: Boolean!
+  ADMIN_COOKIE_SECURE: Boolean!
 }
 
 type ValidateJWTTokenResponse {
-	is_valid: Boolean!
-	claims: Map
+  is_valid: Boolean!
+  claims: Map
 }
 
 type GenerateJWTKeysResponse {
-	secret: String
-	public_key: String
-	private_key: String
+  secret: String
+  public_key: String
+  private_key: String
 }
 
 type Webhook {
-	id: ID!
-	event_name: String
-	endpoint: String
-	enabled: Boolean
-	headers: Map
-	created_at: Int64
-	updated_at: Int64
+  id: ID!
+  event_name: String
+  endpoint: String
+  enabled: Boolean
+  headers: Map
+  created_at: Int64
+  updated_at: Int64
 }
 
 type Webhooks {
-	pagination: Pagination!
-	webhooks: [Webhook!]!
+  pagination: Pagination!
+  webhooks: [Webhook!]!
 }
 
 type WebhookLog {
-	id: ID!
-	http_status: Int64
-	response: String
-	request: String
-	webhook_id: ID
-	created_at: Int64
-	updated_at: Int64
+  id: ID!
+  http_status: Int64
+  response: String
+  request: String
+  webhook_id: ID
+  created_at: Int64
+  updated_at: Int64
 }
 
 type TestEndpointResponse {
-	http_status: Int64
-	response: String
+  http_status: Int64
+  response: String
 }
 
 type WebhookLogs {
-	pagination: Pagination!
-	webhook_logs: [WebhookLog!]!
+  pagination: Pagination!
+  webhook_logs: [WebhookLog!]!
 }
 
 type EmailTemplate {
-	id: ID!
-	event_name: String!
-	template: String!
-	design: String!
-	subject: String!
-	created_at: Int64
-	updated_at: Int64
+  id: ID!
+  event_name: String!
+  template: String!
+  design: String!
+  subject: String!
+  created_at: Int64
+  updated_at: Int64
 }
 
 type EmailTemplates {
-	pagination: Pagination!
-	email_templates: [EmailTemplate!]!
+  pagination: Pagination!
+  email_templates: [EmailTemplate!]!
 }
 
 input UpdateEnvInput {
-	ACCESS_TOKEN_EXPIRY_TIME: String
-	ADMIN_SECRET: String
-	CUSTOM_ACCESS_TOKEN_SCRIPT: String
-	OLD_ADMIN_SECRET: String
-	SMTP_HOST: String
-	SMTP_PORT: String
-	SMTP_USERNAME: String
-	SMTP_PASSWORD: String
-	SMTP_LOCAL_NAME: String
-	SENDER_EMAIL: String
-	JWT_TYPE: String
-	JWT_SECRET: String
-	JWT_PRIVATE_KEY: String
-	JWT_PUBLIC_KEY: String
-	ALLOWED_ORIGINS: [String!]
-	APP_URL: String
-	RESET_PASSWORD_URL: String
-	APP_COOKIE_SECURE: Boolean
-	ADMIN_COOKIE_SECURE: Boolean
-	DISABLE_EMAIL_VERIFICATION: Boolean
-	DISABLE_BASIC_AUTHENTICATION: Boolean
-	DISABLE_MAGIC_LINK_LOGIN: Boolean
-	DISABLE_LOGIN_PAGE: Boolean
-	DISABLE_SIGN_UP: Boolean
-	DISABLE_REDIS_FOR_ENV: Boolean
-	DISABLE_STRONG_PASSWORD: Boolean
-	DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean
-	ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean
-	ROLES: [String!]
-	PROTECTED_ROLES: [String!]
-	DEFAULT_ROLES: [String!]
-	JWT_ROLE_CLAIM: String
-	GOOGLE_CLIENT_ID: String
-	GOOGLE_CLIENT_SECRET: String
-	GITHUB_CLIENT_ID: String
-	GITHUB_CLIENT_SECRET: String
-	FACEBOOK_CLIENT_ID: String
-	FACEBOOK_CLIENT_SECRET: String
-	LINKEDIN_CLIENT_ID: String
-	LINKEDIN_CLIENT_SECRET: String
-	APPLE_CLIENT_ID: String
-	APPLE_CLIENT_SECRET: String
-	TWITTER_CLIENT_ID: String
-	TWITTER_CLIENT_SECRET: String
-	ORGANIZATION_NAME: String
-	ORGANIZATION_LOGO: String
+  ACCESS_TOKEN_EXPIRY_TIME: String
+  ADMIN_SECRET: String
+  CUSTOM_ACCESS_TOKEN_SCRIPT: String
+  OLD_ADMIN_SECRET: String
+  SMTP_HOST: String
+  SMTP_PORT: String
+  SMTP_USERNAME: String
+  SMTP_PASSWORD: String
+  SMTP_LOCAL_NAME: String
+  SENDER_EMAIL: String
+  JWT_TYPE: String
+  JWT_SECRET: String
+  JWT_PRIVATE_KEY: String
+  JWT_PUBLIC_KEY: String
+  ALLOWED_ORIGINS: [String!]
+  APP_URL: String
+  RESET_PASSWORD_URL: String
+  APP_COOKIE_SECURE: Boolean
+  ADMIN_COOKIE_SECURE: Boolean
+  DISABLE_EMAIL_VERIFICATION: Boolean
+  DISABLE_BASIC_AUTHENTICATION: Boolean
+  DISABLE_MAGIC_LINK_LOGIN: Boolean
+  DISABLE_LOGIN_PAGE: Boolean
+  DISABLE_SIGN_UP: Boolean
+  DISABLE_REDIS_FOR_ENV: Boolean
+  DISABLE_STRONG_PASSWORD: Boolean
+  DISABLE_MULTI_FACTOR_AUTHENTICATION: Boolean
+  ENFORCE_MULTI_FACTOR_AUTHENTICATION: Boolean
+  ROLES: [String!]
+  PROTECTED_ROLES: [String!]
+  DEFAULT_ROLES: [String!]
+  JWT_ROLE_CLAIM: String
+  GOOGLE_CLIENT_ID: String
+  GOOGLE_CLIENT_SECRET: String
+  GITHUB_CLIENT_ID: String
+  GITHUB_CLIENT_SECRET: String
+  FACEBOOK_CLIENT_ID: String
+  FACEBOOK_CLIENT_SECRET: String
+  LINKEDIN_CLIENT_ID: String
+  LINKEDIN_CLIENT_SECRET: String
+  APPLE_CLIENT_ID: String
+  APPLE_CLIENT_SECRET: String
+  TWITTER_CLIENT_ID: String
+  TWITTER_CLIENT_SECRET: String
+  ORGANIZATION_NAME: String
+  ORGANIZATION_LOGO: String
 }
 
 input AdminLoginInput {
-	admin_secret: String!
+  admin_secret: String!
 }
 
 input AdminSignupInput {
-	admin_secret: String!
+  admin_secret: String!
+}
+
+input MobileSignUpInput {
+  email: String
+  given_name: String
+  family_name: String
+  middle_name: String
+  nickname: String
+  gender: String
+  birthdate: String
+  phone_number: String!
+  picture: String
+  password: String!
+  confirm_password: String!
+  roles: [String!]
+  scope: [String!]
+  redirect_uri: String
+  is_multi_factor_auth_enabled: Boolean
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input SignUpInput {
-	email: String!
-	given_name: String
-	family_name: String
-	middle_name: String
-	nickname: String
-	gender: String
-	birthdate: String
-	phone_number: String
-	picture: String
-	password: String!
-	confirm_password: String!
-	roles: [String!]
-	scope: [String!]
-	redirect_uri: String
-	is_multi_factor_auth_enabled: Boolean
-	# state is used for authorization code grant flow
-	# it is used to get code for an on-going auth process during login
-	# and use that code for setting `c_hash` in id_token
-	state: String
+  email: String!
+  given_name: String
+  family_name: String
+  middle_name: String
+  nickname: String
+  gender: String
+  birthdate: String
+  phone_number: String
+  picture: String
+  password: String!
+  confirm_password: String!
+  roles: [String!]
+  scope: [String!]
+  redirect_uri: String
+  is_multi_factor_auth_enabled: Boolean
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input LoginInput {
-	email: String!
-	password: String!
-	roles: [String!]
-	scope: [String!]
-	# state is used for authorization code grant flow
-	# it is used to get code for an on-going auth process during login
-	# and use that code for setting `c_hash` in id_token
-	state: String
+  email: String!
+  password: String!
+  roles: [String!]
+  scope: [String!]
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
+}
+
+input MobileLoginInput {
+  phone_number: String!
+  password: String!
+  roles: [String!]
+  scope: [String!]
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input VerifyEmailInput {
-	token: String!
-	# state is used for authorization code grant flow
-	# it is used to get code for an on-going auth process during login
-	# and use that code for setting `c_hash` in id_token
-	state: String
+  token: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input ResendVerifyEmailInput {
-	email: String!
-	identifier: String!
-	# state is used for authorization code grant flow
-	# it is used to get code for an on-going auth process during login
-	# and use that code for setting `c_hash` in id_token
-	state: String
+  email: String!
+  identifier: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input UpdateProfileInput {
-	old_password: String
-	new_password: String
-	confirm_new_password: String
-	email: String
-	given_name: String
-	family_name: String
-	middle_name: String
-	nickname: String
-	gender: String
-	birthdate: String
-	phone_number: String
-	picture: String
-	is_multi_factor_auth_enabled: Boolean
+  old_password: String
+  new_password: String
+  confirm_new_password: String
+  email: String
+  given_name: String
+  family_name: String
+  middle_name: String
+  nickname: String
+  gender: String
+  birthdate: String
+  phone_number: String
+  picture: String
+  is_multi_factor_auth_enabled: Boolean
 }
 
 input UpdateUserInput {
-	id: ID!
-	email: String
-	email_verified: Boolean
-	given_name: String
-	family_name: String
-	middle_name: String
-	nickname: String
-	gender: String
-	birthdate: String
-	phone_number: String
-	picture: String
-	roles: [String]
-	is_multi_factor_auth_enabled: Boolean
+  id: ID!
+  email: String
+  email_verified: Boolean
+  given_name: String
+  family_name: String
+  middle_name: String
+  nickname: String
+  gender: String
+  birthdate: String
+  phone_number: String
+  picture: String
+  roles: [String]
+  is_multi_factor_auth_enabled: Boolean
 }
 
 input ForgotPasswordInput {
-	email: String!
-	state: String
-	redirect_uri: String
+  email: String!
+  state: String
+  redirect_uri: String
 }
 
 input ResetPasswordInput {
-	token: String!
-	password: String!
-	confirm_password: String!
+  token: String!
+  password: String!
+  confirm_password: String!
 }
 
 input DeleteUserInput {
-	email: String!
+  email: String!
 }
 
 input MagicLinkLoginInput {
-	email: String!
-	roles: [String!]
-	scope: [String!]
-	state: String
-	redirect_uri: String
+  email: String!
+  roles: [String!]
+  scope: [String!]
+  state: String
+  redirect_uri: String
 }
 
 input SessionQueryInput {
-	roles: [String!]
-	scope: [String!]
+  roles: [String!]
+  scope: [String!]
 }
 
 input PaginationInput {
-	limit: Int64
-	page: Int64
+  limit: Int64
+  page: Int64
 }
 
 input PaginatedInput {
-	pagination: PaginationInput
+  pagination: PaginationInput
 }
 
 input OAuthRevokeInput {
-	refresh_token: String!
+  refresh_token: String!
 }
 
 input InviteMemberInput {
-	emails: [String!]!
-	redirect_uri: String
+  emails: [String!]!
+  redirect_uri: String
 }
 
 input UpdateAccessInput {
-	user_id: String!
+  user_id: String!
 }
 
 input ValidateJWTTokenInput {
-	token_type: String!
-	token: String!
-	roles: [String!]
+  token_type: String!
+  token: String!
+  roles: [String!]
 }
 
 input GenerateJWTKeysInput {
-	type: String!
+  type: String!
 }
 
 input ListWebhookLogRequest {
-	pagination: PaginationInput
-	webhook_id: String
+  pagination: PaginationInput
+  webhook_id: String
 }
 
 input AddWebhookRequest {
-	event_name: String!
-	endpoint: String!
-	enabled: Boolean!
-	headers: Map
+  event_name: String!
+  endpoint: String!
+  enabled: Boolean!
+  headers: Map
 }
 
 input UpdateWebhookRequest {
-	id: ID!
-	event_name: String
-	endpoint: String
-	enabled: Boolean
-	headers: Map
+  id: ID!
+  event_name: String
+  endpoint: String
+  enabled: Boolean
+  headers: Map
 }
 
 input WebhookRequest {
-	id: ID!
+  id: ID!
 }
 
 input TestEndpointRequest {
-	endpoint: String!
-	event_name: String!
-	headers: Map
+  endpoint: String!
+  event_name: String!
+  headers: Map
 }
 
 input AddEmailTemplateRequest {
-	event_name: String!
-	subject: String!
-	template: String!
-	# Design value is set when editor is used
-	# If raw HTML is used design value is set to null
-	design: String
+  event_name: String!
+  subject: String!
+  template: String!
+  # Design value is set when editor is used
+  # If raw HTML is used design value is set to null
+  design: String
 }
 
 input UpdateEmailTemplateRequest {
-	id: ID!
-	event_name: String
-	template: String
-	subject: String
-	# Design value is set when editor is used
-	# If raw HTML is used design value is set to null
-	design: String
+  id: ID!
+  event_name: String
+  template: String
+  subject: String
+  # Design value is set when editor is used
+  # If raw HTML is used design value is set to null
+  design: String
 }
 
 input DeleteEmailTemplateRequest {
-	id: ID!
+  id: ID!
 }
 
 input VerifyOTPRequest {
-	email: String!
-	otp: String!
-	# state is used for authorization code grant flow
-	# it is used to get code for an on-going auth process during login
-	# and use that code for setting `c_hash` in id_token
-	state: String
+  email: String!
+  otp: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
 }
 
 input ResendOTPRequest {
-	email: String!
-	# state is used for authorization code grant flow
-	# it is used to get code for an on-going auth process during login
-	# and use that code for setting `c_hash` in id_token
-	state: String
+  email: String!
+  # state is used for authorization code grant flow
+  # it is used to get code for an on-going auth process during login
+  # and use that code for setting `c_hash` in id_token
+  state: String
+}
+
+input GetUserRequest {
+  id: String!
 }
 
 type Mutation {
-	signup(params: SignUpInput!): AuthResponse!
-	login(params: LoginInput!): AuthResponse!
-	magic_link_login(params: MagicLinkLoginInput!): Response!
-	logout: Response!
-	update_profile(params: UpdateProfileInput!): Response!
-	verify_email(params: VerifyEmailInput!): AuthResponse!
-	resend_verify_email(params: ResendVerifyEmailInput!): Response!
-	forgot_password(params: ForgotPasswordInput!): Response!
-	reset_password(params: ResetPasswordInput!): Response!
-	revoke(params: OAuthRevokeInput!): Response!
-	verify_otp(params: VerifyOTPRequest!): AuthResponse!
-	resend_otp(params: ResendOTPRequest!): Response!
-	# admin only apis
-	_delete_user(params: DeleteUserInput!): Response!
-	_update_user(params: UpdateUserInput!): User!
-	_admin_signup(params: AdminSignupInput!): Response!
-	_admin_login(params: AdminLoginInput!): Response!
-	_admin_logout: Response!
-	_update_env(params: UpdateEnvInput!): Response!
-	_invite_members(params: InviteMemberInput!): Response!
-	_revoke_access(param: UpdateAccessInput!): Response!
-	_enable_access(param: UpdateAccessInput!): Response!
-	_generate_jwt_keys(params: GenerateJWTKeysInput!): GenerateJWTKeysResponse!
-	_add_webhook(params: AddWebhookRequest!): Response!
-	_update_webhook(params: UpdateWebhookRequest!): Response!
-	_delete_webhook(params: WebhookRequest!): Response!
-	_test_endpoint(params: TestEndpointRequest!): TestEndpointResponse!
-	_add_email_template(params: AddEmailTemplateRequest!): Response!
-	_update_email_template(params: UpdateEmailTemplateRequest!): Response!
-	_delete_email_template(params: DeleteEmailTemplateRequest!): Response!
+  signup(params: SignUpInput!): AuthResponse!
+  mobile_signup(params: MobileSignUpInput): AuthResponse!
+  login(params: LoginInput!): AuthResponse!
+  mobile_login(params: MobileLoginInput!): AuthResponse!
+  magic_link_login(params: MagicLinkLoginInput!): Response!
+  logout: Response!
+  update_profile(params: UpdateProfileInput!): Response!
+  verify_email(params: VerifyEmailInput!): AuthResponse!
+  resend_verify_email(params: ResendVerifyEmailInput!): Response!
+  forgot_password(params: ForgotPasswordInput!): Response!
+  reset_password(params: ResetPasswordInput!): Response!
+  revoke(params: OAuthRevokeInput!): Response!
+  verify_otp(params: VerifyOTPRequest!): AuthResponse!
+  resend_otp(params: ResendOTPRequest!): Response!
+  # admin only apis
+  _delete_user(params: DeleteUserInput!): Response!
+  _update_user(params: UpdateUserInput!): User!
+  _admin_signup(params: AdminSignupInput!): Response!
+  _admin_login(params: AdminLoginInput!): Response!
+  _admin_logout: Response!
+  _update_env(params: UpdateEnvInput!): Response!
+  _invite_members(params: InviteMemberInput!): Response!
+  _revoke_access(param: UpdateAccessInput!): Response!
+  _enable_access(param: UpdateAccessInput!): Response!
+  _generate_jwt_keys(params: GenerateJWTKeysInput!): GenerateJWTKeysResponse!
+  _add_webhook(params: AddWebhookRequest!): Response!
+  _update_webhook(params: UpdateWebhookRequest!): Response!
+  _delete_webhook(params: WebhookRequest!): Response!
+  _test_endpoint(params: TestEndpointRequest!): TestEndpointResponse!
+  _add_email_template(params: AddEmailTemplateRequest!): Response!
+  _update_email_template(params: UpdateEmailTemplateRequest!): Response!
+  _delete_email_template(params: DeleteEmailTemplateRequest!): Response!
 }
 
 type Query {
-	meta: Meta!
-	session(params: SessionQueryInput): AuthResponse!
-	profile: User!
-	validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
-	# admin only apis
-	_users(params: PaginatedInput): Users!
-	_verification_requests(params: PaginatedInput): VerificationRequests!
-	_admin_session: Response!
-	_env: Env!
-	_webhook(params: WebhookRequest!): Webhook!
-	_webhooks(params: PaginatedInput): Webhooks!
-	_webhook_logs(params: ListWebhookLogRequest): WebhookLogs!
-	_email_templates(params: PaginatedInput): EmailTemplates!
+  meta: Meta!
+  session(params: SessionQueryInput): AuthResponse!
+  profile: User!
+  validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
+  # admin only apis
+  _users(params: PaginatedInput): Users!
+  _user(params: GetUserRequest!): User!
+  _verification_requests(params: PaginatedInput): VerificationRequests!
+  _admin_session: Response!
+  _env: Env!
+  _webhook(params: WebhookRequest!): Webhook!
+  _webhooks(params: PaginatedInput): Webhooks!
+  _webhook_logs(params: ListWebhookLogRequest): WebhookLogs!
+  _email_templates(params: PaginatedInput): EmailTemplates!
 }

server/graph/schema.resolvers.go

@@ -16,11 +16,21 @@ func (r *mutationResolver) Signup(ctx context.Context, params model.SignUpInput)
 	return resolvers.SignupResolver(ctx, params)
 }
 
+// MobileSignup is the resolver for the mobile_signup field.
+func (r *mutationResolver) MobileSignup(ctx context.Context, params *model.MobileSignUpInput) (*model.AuthResponse, error) {
+	return resolvers.MobileSignupResolver(ctx, params)
+}
+
 // Login is the resolver for the login field.
 func (r *mutationResolver) Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, error) {
 	return resolvers.LoginResolver(ctx, params)
 }
 
+// MobileLogin is the resolver for the mobile_login field.
+func (r *mutationResolver) MobileLogin(ctx context.Context, params model.MobileLoginInput) (*model.AuthResponse, error) {
+	return resolvers.MobileLoginResolver(ctx, params)
+}
+
 // MagicLinkLogin is the resolver for the magic_link_login field.
 func (r *mutationResolver) MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*model.Response, error) {
 	return resolvers.MagicLinkLoginResolver(ctx, params)
@@ -181,6 +191,11 @@ func (r *queryResolver) Users(ctx context.Context, params *model.PaginatedInput)
 	return resolvers.UsersResolver(ctx, params)
 }
 
+// User is the resolver for the _user field.
+func (r *queryResolver) User(ctx context.Context, params model.GetUserRequest) (*model.User, error) {
+	return resolvers.UserResolver(ctx, params)
+}
+
 // VerificationRequests is the resolver for the _verification_requests field.
 func (r *queryResolver) VerificationRequests(ctx context.Context, params *model.PaginatedInput) (*model.VerificationRequests, error) {
 	return resolvers.VerificationRequestsResolver(ctx, params)

server/handlers/authorize.go

@@ -139,6 +139,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 					"error_description": "code challenge is required",
 				},
 			}, http.StatusOK)
+			return
 		}
 
 		loginError := map[string]interface{}{
@@ -268,7 +269,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 				return
 			}
 
-			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+nonce, authToken.FingerPrintHash); err != nil {
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+nonce, authToken.AccessToken.Token); err != nil {
 				log.Debug("SetUserSession failed: ", err)
 				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 				return
@@ -326,7 +327,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 
 func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge string) error {
 	if strings.TrimSpace(state) == "" {
-		return fmt.Errorf("invalid state. state is required to prevent csrf attack", responseMode)
+		return fmt.Errorf("invalid state. state is required to prevent csrf attack")
 	}
 	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken && responseType != constants.ResponseTypeIDToken {
 		return fmt.Errorf("invalid response type %s. 'code' & 'token' are valid response_type", responseMode)
@@ -349,14 +350,13 @@ func handleResponse(gc *gin.Context, responseMode, loginURI, redirectURI string,
 		isAuthenticationRequired = true
 	}
 
-	if isAuthenticationRequired {
+	if isAuthenticationRequired && responseMode != constants.ResponseModeWebMessage {
 		gc.Redirect(http.StatusFound, loginURI)
 		return
 	}
 
 	switch responseMode {
 	case constants.ResponseModeQuery, constants.ResponseModeFragment:
-
 		gc.Redirect(http.StatusFound, redirectURI)
 		return
 	case constants.ResponseModeWebMessage:

server/handlers/oauth_callback.go

@@ -5,7 +5,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -312,7 +312,7 @@ func processGoogleUserInfo(code string) (models.User, error) {
 
 func processGithubUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
@@ -334,7 +334,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read github user info response body: ", err)
 		return user, fmt.Errorf("failed to read github response body: %s", err.Error())
@@ -383,7 +383,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 		}
 
 		defer response.Body.Close()
-		body, err := ioutil.ReadAll(response.Body)
+		body, err := io.ReadAll(response.Body)
 		if err != nil {
 			log.Debug("Failed to read github user email response body: ", err)
 			return user, fmt.Errorf("failed to read github response body: %s", err.Error())
@@ -419,7 +419,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 
 func processFacebookUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Invalid facebook exchange code: ", err)
 		return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
@@ -438,7 +438,7 @@ func processFacebookUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read facebook response: ", err)
 		return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
@@ -470,7 +470,7 @@ func processFacebookUserInfo(code string) (models.User, error) {
 
 func processLinkedInUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
@@ -493,7 +493,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read linkedin user info response body: ", err)
 		return user, fmt.Errorf("failed to read linkedin response body: %s", err.Error())
@@ -523,7 +523,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err = ioutil.ReadAll(response.Body)
+	body, err = io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read linkedin email info response body: ", err)
 		return user, fmt.Errorf("failed to read linkedin email response body: %s", err.Error())
@@ -552,7 +552,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
 
 func processAppleUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(context.TODO(), code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
@@ -605,7 +605,7 @@ func processAppleUserInfo(code string) (models.User, error) {
 
 func processTwitterUserInfo(code, verifier string) (models.User, error) {
 	user := models.User{}
-	oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(oauth2.NoContext, code, oauth2.SetAuthURLParam("code_verifier", verifier))
+	oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(context.TODO(), code, oauth2.SetAuthURLParam("code_verifier", verifier))
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid twitter exchange code: %s", err.Error())
@@ -628,7 +628,7 @@ func processTwitterUserInfo(code, verifier string) (models.User, error) {
 	}
 
 	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		log.Debug("Failed to read Twitter user info response body: ", err)
 		return user, fmt.Errorf("failed to read Twitter response body: %s", err.Error())

server/memorystore/memory_store.go

@@ -26,6 +26,7 @@ func InitMemStore() error {
 
 		// boolean envs
 		constants.EnvKeyDisableBasicAuthentication:       false,
+		constants.EnvKeyDisableMobileBasicAuthentication: false,
 		constants.EnvKeyDisableMagicLinkLogin:            false,
 		constants.EnvKeyDisableEmailVerification:         false,
 		constants.EnvKeyDisableLoginPage:                 false,

server/memorystore/providers/redis/store.go

@@ -161,7 +161,7 @@ func (c *provider) GetEnvStore() (map[string]interface{}, error) {
 		return nil, err
 	}
 	for key, value := range data {
-		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure {
+		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableMobileBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure {
 			boolValue, err := strconv.ParseBool(value)
 			if err != nil {
 				return res, err

server/memorystore/required_env_store.go

@@ -32,6 +32,10 @@ type RequiredEnv struct {
 	AwsRegion          string `json:"AWS_REGION"`
 	AwsAccessKeyID     string `json:"AWS_ACCESS_KEY_ID"`
 	AwsSecretAccessKey string `json:"AWS_SECRET_ACCESS_KEY"`
+	// Couchbase related envs
+	CouchbaseBucket           string `json:"COUCHBASE_BUCKET"`
+	CouchbaseScope            string `json:"COUCHBASE_SCOPE"`
+	CouchbaseBucketRAMQuotaMB string `json:"COUCHBASE_BUCKET_RAM_QUOTA"`
 }
 
 // RequiredEnvObj is a simple in-memory store for sessions.
@@ -93,6 +97,9 @@ func InitRequiredEnv() error {
 	awsRegion := os.Getenv(constants.EnvAwsRegion)
 	awsAccessKeyID := os.Getenv(constants.EnvAwsAccessKeyID)
 	awsSecretAccessKey := os.Getenv(constants.EnvAwsSecretAccessKey)
+	couchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
+	couchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
+	couchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)
 
 	if strings.TrimSpace(redisURL) == "" {
 		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
@@ -135,22 +142,25 @@ func InitRequiredEnv() error {
 	}
 
 	requiredEnv := RequiredEnv{
-		EnvPath:            envPath,
-		DatabaseURL:        dbURL,
-		DatabaseType:       dbType,
-		DatabaseName:       dbName,
-		DatabaseHost:       dbHost,
-		DatabasePort:       dbPort,
-		DatabaseUsername:   dbUsername,
-		DatabasePassword:   dbPassword,
-		DatabaseCert:       dbCert,
-		DatabaseCertKey:    dbCertKey,
-		DatabaseCACert:     dbCACert,
-		RedisURL:           redisURL,
-		DisableRedisForEnv: disableRedisForEnv,
-		AwsRegion:          awsRegion,
-		AwsAccessKeyID:     awsAccessKeyID,
-		AwsSecretAccessKey: awsSecretAccessKey,
+		EnvPath:                   envPath,
+		DatabaseURL:               dbURL,
+		DatabaseType:              dbType,
+		DatabaseName:              dbName,
+		DatabaseHost:              dbHost,
+		DatabasePort:              dbPort,
+		DatabaseUsername:          dbUsername,
+		DatabasePassword:          dbPassword,
+		DatabaseCert:              dbCert,
+		DatabaseCertKey:           dbCertKey,
+		DatabaseCACert:            dbCACert,
+		RedisURL:                  redisURL,
+		DisableRedisForEnv:        disableRedisForEnv,
+		AwsRegion:                 awsRegion,
+		AwsAccessKeyID:            awsAccessKeyID,
+		AwsSecretAccessKey:        awsSecretAccessKey,
+		CouchbaseBucket:           couchbaseBucket,
+		CouchbaseScope:            couchbaseScope,
+		CouchbaseBucketRAMQuotaMB: couchbaseBucketRAMQuotaMB,
 	}
 
 	RequiredEnvStoreObj = &RequiredEnvStore{

server/middlewares/cors.go

@@ -9,7 +9,6 @@ import (
 func CORSMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		origin := c.Request.Header.Get("Origin")
-
 		if validators.IsValidOrigin(origin) {
 			c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
 		}

server/resolvers/mobile_login.go

@@ -0,0 +1,216 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/cookie"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
+)
+
+// MobileLoginResolver is a resolver for mobile login mutation
+func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*model.AuthResponse, error) {
+	var res *model.AuthResponse
+
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return res, err
+	}
+
+	isBasiAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting mobile basic auth disabled: ", err)
+		isBasiAuthDisabled = true
+	}
+
+	if isBasiAuthDisabled {
+		log.Debug("Basic authentication is disabled.")
+		return res, fmt.Errorf(`phone number based basic authentication is disabled for this instance`)
+	}
+
+	log := log.WithFields(log.Fields{
+		"phone_number": params.PhoneNumber,
+	})
+
+	user, err := db.Provider.GetUserByPhoneNumber(ctx, params.PhoneNumber)
+	if err != nil {
+		log.Debug("Failed to get user by phone number: ", err)
+		return res, fmt.Errorf(`bad user credentials`)
+	}
+
+	if user.RevokedTimestamp != nil {
+		log.Debug("User access is revoked")
+		return res, fmt.Errorf(`user access has been revoked`)
+	}
+
+	if !strings.Contains(user.SignupMethods, constants.AuthRecipeMethodMobileBasicAuth) {
+		log.Debug("User signup method is not mobile basic auth")
+		return res, fmt.Errorf(`user has not signed up with phone number & password`)
+	}
+
+	if user.PhoneNumberVerifiedAt == nil {
+		log.Debug("User phone number is not verified")
+		return res, fmt.Errorf(`phone number is not verified`)
+	}
+
+	err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password))
+
+	if err != nil {
+		log.Debug("Failed to compare password: ", err)
+		return res, fmt.Errorf(`bad user credentials`)
+	}
+
+	defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+	roles := []string{}
+	if err != nil {
+		log.Debug("Error getting default roles: ", err)
+		defaultRolesString = ""
+	} else {
+		roles = strings.Split(defaultRolesString, ",")
+	}
+
+	currentRoles := strings.Split(user.Roles, ",")
+	if len(params.Roles) > 0 {
+		if !validators.IsValidRoles(params.Roles, currentRoles) {
+			log.Debug("Invalid roles: ", params.Roles)
+			return res, fmt.Errorf(`invalid roles`)
+		}
+
+		roles = params.Roles
+	}
+
+	scope := []string{"openid", "email", "profile"}
+	if params.Scope != nil && len(scope) > 0 {
+		scope = params.Scope
+	}
+
+	/*
+		// TODO use sms authentication for MFA
+		isEmailServiceEnabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsEmailServiceEnabled)
+		if err != nil || !isEmailServiceEnabled {
+			log.Debug("Email service not enabled: ", err)
+		}
+
+		isMFADisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMultiFactorAuthentication)
+		if err != nil || !isEmailServiceEnabled {
+			log.Debug("MFA service not enabled: ", err)
+		}
+
+		// If email service is not enabled continue the process in any way
+		if refs.BoolValue(user.IsMultiFactorAuthEnabled) && isEmailServiceEnabled && !isMFADisabled {
+			otp := utils.GenerateOTP()
+			otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
+				Email:     user.Email,
+				Otp:       otp,
+				ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
+			})
+			if err != nil {
+				log.Debug("Failed to add otp: ", err)
+				return nil, err
+			}
+
+			go func() {
+				// exec it as go routine so that we can reduce the api latency
+				go email.SendEmail([]string{params.PhoneNumber}, constants.VerificationTypeOTP, map[string]interface{}{
+					"user":         user.ToMap(),
+					"organization": utils.GetOrganization(),
+					"otp":          otpData.Otp,
+				})
+				if err != nil {
+					log.Debug("Failed to send otp email: ", err)
+				}
+			}()
+
+			return &model.AuthResponse{
+				Message:             "Please check the OTP in your inbox",
+				ShouldShowOtpScreen: refs.NewBoolRef(true),
+			}, nil
+		}
+	*/
+
+	code := ""
+	codeChallenge := ""
+	nonce := ""
+	if params.State != nil {
+		// Get state from store
+		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+		if authorizeState != "" {
+			authorizeStateSplit := strings.Split(authorizeState, "@@")
+			if len(authorizeStateSplit) > 1 {
+				code = authorizeStateSplit[0]
+				codeChallenge = authorizeStateSplit[1]
+			} else {
+				nonce = authorizeState
+			}
+			go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+		}
+	}
+
+	if nonce == "" {
+		nonce = uuid.New().String()
+	}
+
+	authToken, err := token.CreateAuthToken(gc, *user, roles, scope, constants.AuthRecipeMethodMobileBasicAuth, nonce, code)
+	if err != nil {
+		log.Debug("Failed to create auth token", err)
+		return res, err
+	}
+
+	// TODO add to other login options as well
+	// Code challenge could be optional if PKCE flow is not used
+	if code != "" {
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
+
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
+	res = &model.AuthResponse{
+		Message:     `Logged in successfully`,
+		AccessToken: &authToken.AccessToken.Token,
+		IDToken:     &authToken.IDToken.Token,
+		ExpiresIn:   &expiresIn,
+		User:        user.AsAPIUser(),
+	}
+
+	cookie.SetSession(gc, authToken.FingerPrintHash)
+	sessionStoreKey := constants.AuthRecipeMethodMobileBasicAuth + ":" + user.ID
+	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
+
+	if authToken.RefreshToken != nil {
+		res.RefreshToken = &authToken.RefreshToken.Token
+		memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
+	}
+
+	go func() {
+		utils.RegisterEvent(ctx, constants.UserLoginWebhookEvent, constants.AuthRecipeMethodMobileBasicAuth, *user)
+		db.Provider.AddSession(ctx, models.Session{
+			UserID:    user.ID,
+			UserAgent: utils.GetUserAgent(gc.Request),
+			IP:        utils.GetIP(gc.Request),
+		})
+	}()
+
+	return res, nil
+}

server/resolvers/mobile_signup.go

@@ -0,0 +1,270 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/cookie"
+	"github.com/authorizerdev/authorizer/server/crypto"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
+)
+
+// MobileSignupResolver is a resolver for mobile_basic_auth_signup mutation
+func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput) (*model.AuthResponse, error) {
+	var res *model.AuthResponse
+
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return res, err
+	}
+
+	isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+	if err != nil {
+		log.Debug("Error getting signup disabled: ", err)
+		isSignupDisabled = true
+	}
+	if isSignupDisabled {
+		log.Debug("Signup is disabled")
+		return res, fmt.Errorf(`signup is disabled for this instance`)
+	}
+
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+
+	if isBasicAuthDisabled {
+		log.Debug("Mobile based Basic authentication is disabled")
+		return res, fmt.Errorf(`phone number based basic authentication is disabled for this instance`)
+	}
+
+	if params.ConfirmPassword != params.Password {
+		log.Debug("Passwords do not match")
+		return res, fmt.Errorf(`password and confirm password does not match`)
+	}
+
+	if err := validators.IsValidPassword(params.Password); err != nil {
+		log.Debug("Invalid password")
+		return res, err
+	}
+
+	mobile := strings.TrimSpace(params.PhoneNumber)
+	if mobile == "" || len(mobile) < 10 {
+		log.Debug("Invalid phone number")
+		return res, fmt.Errorf("invalid phone number")
+	}
+
+	emailInput := strings.ToLower(strings.TrimSpace(refs.StringValue(params.Email)))
+
+	// if email is null set random dummy email for db constraint
+
+	if emailInput != "" && !validators.IsValidEmail(emailInput) {
+		log.Debug("Invalid email: ", emailInput)
+		return res, fmt.Errorf(`invalid email address`)
+	}
+
+	if emailInput == "" {
+		emailInput = mobile + "@authorizer.dev"
+	}
+
+	log := log.WithFields(log.Fields{
+		"email":        emailInput,
+		"phone_number": mobile,
+	})
+	// find user with email
+	existingUser, err := db.Provider.GetUserByPhoneNumber(ctx, mobile)
+	if err != nil {
+		log.Debug("Failed to get user by email: ", err)
+	}
+
+	if existingUser != nil {
+		if existingUser.PhoneNumberVerifiedAt != nil {
+			// email is verified
+			log.Debug("Phone number is already verified and signed up.")
+			return res, fmt.Errorf(`%s has already signed up`, mobile)
+		} else if existingUser.ID != "" && existingUser.PhoneNumberVerifiedAt == nil {
+			log.Debug("Phone number is already signed up. Verification pending...")
+			return res, fmt.Errorf("%s has already signed up. please complete the phone number verification process or reset the password", mobile)
+		}
+	}
+
+	inputRoles := []string{}
+
+	if len(params.Roles) > 0 {
+		// check if roles exists
+		rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+		roles := []string{}
+		if err != nil {
+			log.Debug("Error getting roles: ", err)
+			return res, err
+		} else {
+			roles = strings.Split(rolesString, ",")
+		}
+		if !validators.IsValidRoles(params.Roles, roles) {
+			log.Debug("Invalid roles: ", params.Roles)
+			return res, fmt.Errorf(`invalid roles`)
+		} else {
+			inputRoles = params.Roles
+		}
+	} else {
+		inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			log.Debug("Error getting default roles: ", err)
+			return res, err
+		} else {
+			inputRoles = strings.Split(inputRolesString, ",")
+		}
+	}
+
+	now := time.Now().Unix()
+	user := models.User{
+		Email:                 emailInput,
+		PhoneNumber:           &mobile,
+		PhoneNumberVerifiedAt: &now,
+	}
+
+	user.Roles = strings.Join(inputRoles, ",")
+
+	password, _ := crypto.EncryptPassword(params.Password)
+	user.Password = &password
+
+	if params.GivenName != nil {
+		user.GivenName = params.GivenName
+	}
+
+	if params.FamilyName != nil {
+		user.FamilyName = params.FamilyName
+	}
+
+	if params.MiddleName != nil {
+		user.MiddleName = params.MiddleName
+	}
+
+	if params.Nickname != nil {
+		user.Nickname = params.Nickname
+	}
+
+	if params.Gender != nil {
+		user.Gender = params.Gender
+	}
+
+	if params.Birthdate != nil {
+		user.Birthdate = params.Birthdate
+	}
+
+	if params.Picture != nil {
+		user.Picture = params.Picture
+	}
+
+	if params.IsMultiFactorAuthEnabled != nil {
+		user.IsMultiFactorAuthEnabled = params.IsMultiFactorAuthEnabled
+	}
+
+	isMFAEnforced, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyEnforceMultiFactorAuthentication)
+	if err != nil {
+		log.Debug("MFA service not enabled: ", err)
+		isMFAEnforced = false
+	}
+
+	if isMFAEnforced {
+		user.IsMultiFactorAuthEnabled = refs.NewBoolRef(true)
+	}
+
+	user.SignupMethods = constants.AuthRecipeMethodMobileBasicAuth
+	user, err = db.Provider.AddUser(ctx, user)
+	if err != nil {
+		log.Debug("Failed to add user: ", err)
+		return res, err
+	}
+	roles := strings.Split(user.Roles, ",")
+	userToReturn := user.AsAPIUser()
+
+	scope := []string{"openid", "email", "profile"}
+	if params.Scope != nil && len(scope) > 0 {
+		scope = params.Scope
+	}
+
+	code := ""
+	codeChallenge := ""
+	nonce := ""
+	if params.State != nil {
+		// Get state from store
+		authorizeState, _ := memorystore.Provider.GetState(refs.StringValue(params.State))
+		if authorizeState != "" {
+			authorizeStateSplit := strings.Split(authorizeState, "@@")
+			if len(authorizeStateSplit) > 1 {
+				code = authorizeStateSplit[0]
+				codeChallenge = authorizeStateSplit[1]
+			} else {
+				nonce = authorizeState
+			}
+			go memorystore.Provider.RemoveState(refs.StringValue(params.State))
+		}
+	}
+
+	if nonce == "" {
+		nonce = uuid.New().String()
+	}
+
+	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodMobileBasicAuth, nonce, code)
+	if err != nil {
+		log.Debug("Failed to create auth token: ", err)
+		return res, err
+	}
+
+	// Code challenge could be optional if PKCE flow is not used
+	if code != "" {
+		if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+			log.Debug("SetState failed: ", err)
+			return res, err
+		}
+	}
+
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
+	res = &model.AuthResponse{
+		Message:     `Signed up successfully.`,
+		AccessToken: &authToken.AccessToken.Token,
+		ExpiresIn:   &expiresIn,
+		User:        userToReturn,
+	}
+
+	sessionKey := constants.AuthRecipeMethodMobileBasicAuth + ":" + user.ID
+	cookie.SetSession(gc, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
+
+	if authToken.RefreshToken != nil {
+		res.RefreshToken = &authToken.RefreshToken.Token
+		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
+	}
+
+	go func() {
+		utils.RegisterEvent(ctx, constants.UserSignUpWebhookEvent, constants.AuthRecipeMethodMobileBasicAuth, user)
+		db.Provider.AddSession(ctx, models.Session{
+			UserID:    user.ID,
+			UserAgent: utils.GetUserAgent(gc.Request),
+			IP:        utils.GetIP(gc.Request),
+		})
+	}()
+
+	return res, nil
+}

server/resolvers/update_env.go

@@ -25,6 +25,7 @@ import (
 // remove the session tokens for those methods
 func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 	isCurrentBasicAuthEnabled := !currentData[constants.EnvKeyDisableBasicAuthentication].(bool)
+	isCurrentMobileBasicAuthEnabled := !currentData[constants.EnvKeyDisableMobileBasicAuthentication].(bool)
 	isCurrentMagicLinkLoginEnabled := !currentData[constants.EnvKeyDisableMagicLinkLogin].(bool)
 	isCurrentAppleLoginEnabled := currentData[constants.EnvKeyAppleClientID] != nil && currentData[constants.EnvKeyAppleClientSecret] != nil && currentData[constants.EnvKeyAppleClientID].(string) != "" && currentData[constants.EnvKeyAppleClientSecret].(string) != ""
 	isCurrentFacebookLoginEnabled := currentData[constants.EnvKeyFacebookClientID] != nil && currentData[constants.EnvKeyFacebookClientSecret] != nil && currentData[constants.EnvKeyFacebookClientID].(string) != "" && currentData[constants.EnvKeyFacebookClientSecret].(string) != ""
@@ -34,6 +35,7 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 	isCurrentTwitterLoginEnabled := currentData[constants.EnvKeyTwitterClientID] != nil && currentData[constants.EnvKeyTwitterClientSecret] != nil && currentData[constants.EnvKeyTwitterClientID].(string) != "" && currentData[constants.EnvKeyTwitterClientSecret].(string) != ""
 
 	isUpdatedBasicAuthEnabled := !updatedData[constants.EnvKeyDisableBasicAuthentication].(bool)
+	isUpdatedMobileBasicAuthEnabled := !updatedData[constants.EnvKeyDisableMobileBasicAuthentication].(bool)
 	isUpdatedMagicLinkLoginEnabled := !updatedData[constants.EnvKeyDisableMagicLinkLogin].(bool)
 	isUpdatedAppleLoginEnabled := updatedData[constants.EnvKeyAppleClientID] != nil && updatedData[constants.EnvKeyAppleClientSecret] != nil && updatedData[constants.EnvKeyAppleClientID].(string) != "" && updatedData[constants.EnvKeyAppleClientSecret].(string) != ""
 	isUpdatedFacebookLoginEnabled := updatedData[constants.EnvKeyFacebookClientID] != nil && updatedData[constants.EnvKeyFacebookClientSecret] != nil && updatedData[constants.EnvKeyFacebookClientID].(string) != "" && updatedData[constants.EnvKeyFacebookClientSecret].(string) != ""
@@ -46,6 +48,10 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
 		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodBasicAuth)
 	}
 
+	if isCurrentMobileBasicAuthEnabled && !isUpdatedMobileBasicAuthEnabled {
+		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodMobileBasicAuth)
+	}
+
 	if isCurrentMagicLinkLoginEnabled && !isUpdatedMagicLinkLoginEnabled {
 		memorystore.Provider.DeleteSessionForNamespace(constants.AuthRecipeMethodMagicLinkLogin)
 	}

server/resolvers/update_profile.go

@@ -88,6 +88,11 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 	}
 
 	if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {
+		// verify if phone number is unique
+		if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {
+			log.Debug("user with given phone number already exists")
+			return nil, errors.New("user with given phone number already exists")
+		}
 		user.PhoneNumber = params.PhoneNumber
 	}
 
@@ -154,8 +159,14 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 		isBasicAuthDisabled = true
 	}
 
+	isMobileBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting mobile basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+
 	if params.NewPassword != nil && params.ConfirmNewPassword != nil {
-		if isBasicAuthDisabled {
+		if isBasicAuthDisabled || isMobileBasicAuthDisabled {
 			log.Debug("Cannot update password as basic authentication is disabled")
 			return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 		}

server/resolvers/update_user.go

@@ -83,6 +83,11 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 	}
 
 	if params.PhoneNumber != nil && refs.StringValue(user.PhoneNumber) != refs.StringValue(params.PhoneNumber) {
+		// verify if phone number is unique
+		if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {
+			log.Debug("user with given phone number already exists")
+			return nil, errors.New("user with given phone number already exists")
+		}
 		user.PhoneNumber = params.PhoneNumber
 	}
 

server/resolvers/user.go

@@ -0,0 +1,36 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+// UserResolver is a resolver for user query
+// This is admin only query
+func UserResolver(ctx context.Context, params model.GetUserRequest) (*model.User, error) {
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return nil, err
+	}
+
+	if !token.IsSuperAdmin(gc) {
+		log.Debug("Not logged in as super admin.")
+		return nil, fmt.Errorf("unauthorized")
+	}
+
+	res, err := db.Provider.GetUserByID(ctx, params.ID)
+	if err != nil {
+		log.Debug("Failed to get users: ", err)
+		return nil, err
+	}
+
+	return res.AsAPIUser(), nil
+}

server/test/admin_signup_test.go

@@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) {
 		_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{
 			AdminSecret: "admin123",
 		})
-
 		assert.Nil(t, err)
 	})
 }

server/test/mobile_login_test.go

@@ -0,0 +1,58 @@
+package test
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func mobileLoginTests(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should login via mobile`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "mobile_login." + s.TestInfo.Email
+		phoneNumber := "2234567890"
+		signUpRes, err := resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			Email:           refs.NewStringRef(email),
+			PhoneNumber:     phoneNumber,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NoError(t, err)
+		assert.NotNil(t, signUpRes)
+		assert.Equal(t, email, signUpRes.User.Email)
+		assert.Equal(t, phoneNumber, refs.StringValue(signUpRes.User.PhoneNumber))
+		assert.True(t, strings.Contains(signUpRes.User.SignupMethods, constants.AuthRecipeMethodMobileBasicAuth))
+		assert.Len(t, strings.Split(signUpRes.User.SignupMethods, ","), 1)
+
+		res, err := resolvers.MobileLoginResolver(ctx, model.MobileLoginInput{
+			PhoneNumber: phoneNumber,
+			Password:    "random_test",
+		})
+		assert.Error(t, err)
+		assert.Nil(t, res)
+
+		// Should fail for email login
+		res, err = resolvers.LoginResolver(ctx, model.LoginInput{
+			Email:    email,
+			Password: s.TestInfo.Password,
+		})
+		assert.Error(t, err)
+		assert.Nil(t, res)
+
+		res, err = resolvers.MobileLoginResolver(ctx, model.MobileLoginInput{
+			PhoneNumber: phoneNumber,
+			Password:    s.TestInfo.Password,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.AccessToken)
+		assert.NotEmpty(t, res.IDToken)
+
+		cleanData(email)
+	})
+}

server/test/mobile_signup_test.go

@@ -0,0 +1,85 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func mobileSingupTest(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should complete the signup with mobile and check duplicates`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "mobile_basic_auth_signup." + s.TestInfo.Email
+		res, err := resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			Email:           refs.NewStringRef(email),
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password + "s",
+		})
+		assert.NotNil(t, err, "invalid password")
+		assert.Nil(t, res)
+
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			Email:           refs.NewStringRef(email),
+			Password:        "test",
+			ConfirmPassword: "test",
+		})
+		assert.NotNil(t, err, "invalid password")
+
+		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableSignUp, true)
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			Email:           refs.NewStringRef(email),
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NotNil(t, err, "singup disabled")
+		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableSignUp, false)
+
+		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication, true)
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			Email:           refs.NewStringRef(email),
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NotNil(t, err, "singup disabled")
+		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDisableMobileBasicAuthentication, false)
+
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			PhoneNumber:     "   ",
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NotNil(t, err, "invalid mobile")
+
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			PhoneNumber:     "test",
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NotNil(t, err, "invalid mobile")
+
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			PhoneNumber:     "1234567890",
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.AccessToken)
+		assert.Equal(t, "1234567890@authorizer.dev", res.User.Email)
+
+		res, err = resolvers.MobileSignupResolver(ctx, &model.MobileSignUpInput{
+			PhoneNumber:     "1234567890",
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.Error(t, err, "user exists")
+
+		cleanData(email)
+		cleanData("1234567890@authorizer.dev")
+	})
+}

server/test/resolvers_test.go

@@ -16,11 +16,12 @@ import (
 
 func TestResolvers(t *testing.T) {
 	databases := map[string]string{
-		constants.DbTypeSqlite:   "../../test.db",
-		constants.DbTypeArangodb: "http://localhost:8529",
-		constants.DbTypeMongodb:  "mongodb://localhost:27017",
-		constants.DbTypeScyllaDB: "127.0.0.1:9042",
-		constants.DbTypeDynamoDB: "http://0.0.0.0:8000",
+		constants.DbTypeSqlite:      "../../test.db",
+		constants.DbTypeArangodb:    "http://localhost:8529",
+		constants.DbTypeMongodb:     "mongodb://localhost:27017",
+		constants.DbTypeScyllaDB:    "127.0.0.1:9042",
+		constants.DbTypeDynamoDB:    "http://0.0.0.0:8000",
+		constants.DbTypeCouchbaseDB: "couchbase://127.0.0.1",
 	}
 
 	testDBs := strings.Split(os.Getenv("TEST_DBS"), ",")
@@ -57,6 +58,12 @@ func TestResolvers(t *testing.T) {
 			memorystore.Provider.UpdateEnvVariable(constants.EnvAwsRegion, "ap-south-1")
 			os.Setenv(constants.EnvAwsRegion, "ap-south-1")
 		}
+		if dbType == constants.DbTypeCouchbaseDB {
+			memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDatabaseUsername, "Administrator")
+			os.Setenv(constants.EnvKeyDatabaseUsername, "Administrator")
+			memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDatabasePassword, "password")
+			os.Setenv(constants.EnvKeyDatabasePassword, "password")
+		}
 
 		memorystore.InitRequiredEnv()
 
@@ -93,6 +100,7 @@ func TestResolvers(t *testing.T) {
 			webhookTest(t, s)
 			webhooksTest(t, s)
 			usersTest(t, s)
+			userTest(t, s)
 			deleteUserTest(t, s)
 			updateUserTest(t, s)
 			adminLoginTests(t, s)
@@ -111,6 +119,8 @@ func TestResolvers(t *testing.T) {
 			// user resolvers tests
 			loginTests(t, s)
 			signupTests(t, s)
+			mobileSingupTest(t, s)
+			mobileLoginTests(t, s)
 			forgotPasswordTest(t, s)
 			resendVerifyEmailTests(t, s)
 			resetPasswordTest(t, s)

server/test/test_endpoint_test.go

@@ -31,7 +31,7 @@ func testEndpointTest(t *testing.T, s TestSetup) {
 		})
 		assert.NoError(t, err)
 		assert.NotNil(t, res)
-		assert.GreaterOrEqual(t, int64(201), *res.HTTPStatus)
+		assert.GreaterOrEqual(t, *res.HTTPStatus, int64(200))
 		assert.NotEmpty(t, res.Response)
 	})
 }

server/test/user_test.go

@@ -0,0 +1,49 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/crypto"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func userTest(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should get users list with admin secret only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "user." + s.TestInfo.Email
+		res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.User)
+
+		userRes, err := resolvers.UserResolver(ctx, model.GetUserRequest{
+			ID: res.User.ID,
+		})
+		assert.Nil(t, userRes)
+		assert.NotNil(t, err, "unauthorized")
+
+		adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+		assert.Nil(t, err)
+		h, err := crypto.EncryptPassword(adminSecret)
+		assert.Nil(t, err)
+		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, h))
+
+		userRes, err = resolvers.UserResolver(ctx, model.GetUserRequest{
+			ID: res.User.ID,
+		})
+		assert.Nil(t, err)
+		assert.Equal(t, res.User.ID, userRes.ID)
+		assert.Equal(t, email, userRes.Email)
+
+		cleanData(email)
+	})
+}