fix: tests + version

- Update code as per go 1.19.3
- Fix tests for unused vars

.env.test

@@ -6,4 +6,5 @@ SMTP_HOST=smtp.mailtrap.io
 SMTP_PORT=2525
 SMTP_USERNAME=test
 SMTP_PASSWORD=test
-SENDER_EMAIL="info@authorizer.dev"
+SENDER_EMAIL="info@authorizer.dev"
+AWS_REGION=ap-south-1

.github/workflows/release.yaml

@@ -2,36 +2,44 @@ on:
   workflow_dispatch:
     inputs:
       logLevel:
-        description: 'Log level'     
+        description: 'Log level'
         required: true
-        default: 'warning' 
+        default: 'warning'
         type: choice
         options:
-        - info
-        - warning
-        - debug 
+          - info
+          - warning
+          - debug
       tags:
         description: 'Tags'
-        required: false 
+        required: false
         type: boolean
   release:
     types: [created]
 
 jobs:
   releases:
-    name: Release Authorizer Binary
+    name: Release Authorizer
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v2
         with:
           node-version: '16'
+      - # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: linux/amd64,linux/arm64
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.17.3'
+          go-version: '^1.19.1'
       - name: Install dependencies
         run: |
-          sudo apt-get install build-essential wget zip gcc-mingw-w64 && \
+          sudo apt-get install build-essential wget zip  libc6-dev-arm64-cross && \
           echo "/usr/bin/x86_64-w64-mingw32-gcc" >> GITHUB_PATH && \
           wget --no-check-certificate --progress=dot:mega https://github.com/wangyoucao577/assets-uploader/releases/download/v0.3.0/github-assets-uploader-v0.3.0-linux-amd64.tar.gz -O github-assets-uploader.tar.gz && \
           tar -zxf github-assets-uploader.tar.gz && \
@@ -44,25 +52,26 @@ jobs:
         run: whereis go
       - name: Print Go Version
         run: go version
+      - name: Install gox
+        run: go install github.com/mitchellh/gox@latest
       - name: Set VERSION env
         run: echo VERSION=$(basename ${GITHUB_REF}) >> ${GITHUB_ENV}
       - name: Copy .env file
         run: mv .env.sample .env
-      - name: Package files for windows
+      - name: Build package
         run: |
           make clean && \
-          CGO_ENABLED=1 GOOS=windows CC=/usr/bin/x86_64-w64-mingw32-gcc make && \
-          mv build/server build/server.exe && \
-          zip -vr authorizer-${VERSION}-windows-amd64.zip .env app/build build templates dashboard/build
-      - name: Package files for linux
-        run: |
-          make clean && \
-          CGO_ENABLED=1 make && \
-          tar cvfz authorizer-${VERSION}-linux-amd64.tar.gz .env app/build build templates dashboard/build
+          make build && \
+          mkdir -p authorizer-${VERSION}-darwin-amd64/build authorizer-${VERSION}-darwin-amd64/app authorizer-${VERSION}-darwin-amd64/dashboard && cp build/darwin/amd64/server authorizer-${VERSION}-darwin-amd64/build/ && cp .env authorizer-${VERSION}-darwin-amd64/.env && cp -rf app/build authorizer-${VERSION}-darwin-amd64/app/build && cp -rf templates authorizer-${VERSION}-darwin-amd64/ && cp -rf dashboard/build authorizer-${VERSION}-darwin-amd64/dashboard/build && tar cvfz authorizer-${VERSION}-darwin-amd64.tar.gz authorizer-${VERSION}-darwin-amd64 && \
+          mkdir -p authorizer-${VERSION}-linux-amd64/build authorizer-${VERSION}-linux-amd64/app authorizer-${VERSION}-linux-amd64/dashboard && cp build/linux/amd64/server authorizer-${VERSION}-linux-amd64/build/ && cp .env authorizer-${VERSION}-linux-amd64/.env && cp -rf app/build authorizer-${VERSION}-linux-amd64/app/build && cp -rf templates authorizer-${VERSION}-linux-amd64/ && cp -rf dashboard/build authorizer-${VERSION}-linux-amd64/dashboard/build && tar cvfz authorizer-${VERSION}-linux-amd64.tar.gz authorizer-${VERSION}-linux-amd64 && \
+          mkdir -p authorizer-${VERSION}-linux-arm64/build authorizer-${VERSION}-linux-arm64/app authorizer-${VERSION}-linux-arm64/dashboard && cp build/linux/arm64/server authorizer-${VERSION}-linux-arm64/build/ && cp .env authorizer-${VERSION}-linux-arm64/.env && cp -rf app/build authorizer-${VERSION}-linux-arm64/app/build && cp -rf templates authorizer-${VERSION}-linux-arm64/ && cp -rf dashboard/build authorizer-${VERSION}-linux-arm64/dashboard/build && tar cvfz authorizer-${VERSION}-linux-arm64.tar.gz authorizer-${VERSION}-linux-arm64 && \
+          mkdir -p authorizer-${VERSION}-windows-amd64/build authorizer-${VERSION}-windows-amd64/app authorizer-${VERSION}-windows-amd64/dashboard && cp build/windows/amd64/server.exe authorizer-${VERSION}-windows-amd64/build/ && cp .env authorizer-${VERSION}-windows-amd64/.env && cp -rf app/build authorizer-${VERSION}-windows-amd64/app/build && cp -rf templates authorizer-${VERSION}-windows-amd64/ && cp -rf dashboard/build authorizer-${VERSION}-windows-amd64/dashboard/build && zip -vr authorizer-${VERSION}-windows-amd64.zip authorizer-${VERSION}-windows-amd64
       - name: Upload assets
         run: |
-          github-assets-uploader -f authorizer-${VERSION}-windows-amd64.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION} && \
+          github-assets-uploader -f authorizer-${VERSION}-darwin-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
           github-assets-uploader -f authorizer-${VERSION}-linux-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
+          github-assets-uploader -f authorizer-${VERSION}-linux-arm64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
+          github-assets-uploader -f authorizer-${VERSION}-windows-amd64.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
         with:
@@ -74,6 +83,11 @@ jobs:
         uses: docker/metadata-action@v3
         with:
           images: lakhansamani/authorizer
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v2
@@ -82,5 +96,6 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
           build-args: |
             VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}

.gitignore

@@ -15,4 +15,6 @@ test.db
 .vscode/
 .yalc
 yalc.lock
-certs/
+certs/
+*-shm
+*-wal

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.17-alpine as go-builder
+FROM golang:1.19.1-alpine as go-builder
 WORKDIR /authorizer
 COPY server server
 COPY Makefile .

Makefile

@@ -3,6 +3,12 @@ VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 
 cmd:
 	cd server && go build -ldflags "-w -X main.VERSION=$(VERSION)" -o '../build/server'
+build:
+	cd server && gox \
+		-osarch="linux/amd64 linux/arm64 darwin/amd64 windows/amd64" \
+		-ldflags "-w -X main.VERSION=$(VERSION)" \
+		-output="../build/{{.OS}}/{{.Arch}}/server" \
+		./...
 build-app:
 	cd app && npm i && npm run build
 build-dashboard:
@@ -10,7 +16,7 @@ build-dashboard:
 clean:
 	rm -rf build
 test:
-	rm -rf server/test/test.db && rm -rf test.db && cd server && go clean --testcache && TEST_DBS="sqlite" go test -p 1 -v ./test
+	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal && cd server && go clean --testcache && TEST_DBS="sqlite" go test -p 1 -v ./test
 test-mongodb:
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
 	cd server && go clean --testcache && TEST_DBS="mongodb" go test -p 1 -v ./test
@@ -23,15 +29,20 @@ test-arangodb:
 	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
 	cd server && go clean --testcache && TEST_DBS="arangodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_arangodb
+test-dynamodb:
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
+	docker rm -vf dynamodb-local-test
 test-all-db:
-	rm -rf server/test/test.db && rm -rf test.db
+	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal
 	docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
 	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
-	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb" go test -p 1 -v ./test
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb
+	docker rm -vf dynamodb-local-test
 generate:
-	cd server && go get github.com/99designs/gqlgen/cmd@v0.14.0 && go run github.com/99designs/gqlgen generate
-	
+	cd server && go run github.com/99designs/gqlgen generate && go mod tidy

README.md

@@ -9,13 +9,11 @@
 
 **Authorizer** is an open-source authentication and authorization solution for your applications. Bring your database and have complete control over the user information. You can self-host authorizer instances and connect to any database (Currently supports 11+ databases including [Postgres](https://www.postgresql.org/), [MySQL](https://www.mysql.com/), [SQLite](https://www.sqlite.org/index.html), [SQLServer](https://www.microsoft.com/en-us/sql-server/), [YugaByte](https://www.yugabyte.com/),  [MariaDB](https://mariadb.org/), [PlanetScale](https://planetscale.com/), [CassandraDB](https://cassandra.apache.org/_/index.html), [ScyllaDB](https://www.scylladb.com/), [MongoDB](https://mongodb.com/), [ArangoDB](https://www.arangodb.com/)).
 
-## Table of contents
+For more information check:
 
-- [Introduction](#introduction)
-- [Getting Started](#getting-started)
-- [Contributing](https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md)
 - [Docs](http://docs.authorizer.dev/)
-- [Join Community](https://discord.gg/Zv2D5h6kkK)
+- [Discord Community](https://discord.gg/Zv2D5h6kkK)
+- [Contributing Guide](https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md)
 
 # Introduction
 
@@ -38,13 +36,13 @@
 
 ## Roadmap
 
-- VueJS SDK
-- Svelte SDK
+- [VueJS SDK](https://github.com/authorizerdev/authorizer-vue)
+- [Svelte SDK](https://github.com/authorizerdev/authorizer-svelte)
+- [Golang SDK](https://github.com/authorizerdev/authorizer-go)
 - React Native SDK
 - Flutter SDK
 - Android Native SDK
 - iOS native SDK
-- Golang SDK
 - Python SDK
 - PHP SDK
 - WordPress plugin

app/.prettierrc.json

@@ -0,0 +1,6 @@
+{
+	"tabWidth": 2,
+	"singleQuote": true,
+	"trailingComma": "all",
+	"useTabs": true
+}

app/package-lock.json

@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "^1.1.0",
+				"@authorizerdev/authorizer-react": "^1.1.3-beta.1",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -22,13 +22,14 @@
 			},
 			"devDependencies": {
 				"@types/react-router-dom": "^5.1.8",
-				"@types/styled-components": "^5.1.11"
+				"@types/styled-components": "^5.1.11",
+				"prettier": "2.7.1"
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.0.tgz",
-			"integrity": "sha512-MdEw1SjhIm7pXq20AscHSbnAta2PC3w7GNBY52/OzmlBXUGH3ooUQX/aszbYOse3FlhapcrGrRvg4sNM7faGAg==",
+			"version": "1.1.2-beta.1",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.2-beta.1.tgz",
+			"integrity": "sha512-u+O2iB3tqF1HtdJ6LfBXL9iMycqlCCL3othBQkqitGP1ldhASWLJ2pcXZAcHgyoeczKdj2XKZKdIcWB3GYR0IQ==",
 			"dependencies": {
 				"cross-fetch": "^3.1.5"
 			},
@@ -37,11 +38,11 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.0.tgz",
-			"integrity": "sha512-8ooyBREFI6ohHApVOPQitFr7T0w0SlpEVZruvU9oqa8OQ77UBxLQh+PCRKKPw7FeQRdCdh/VQyl17W7Xphp1NA==",
+			"version": "1.1.3-beta.1",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.3-beta.1.tgz",
+			"integrity": "sha512-+ZsOBp6XjZVnDyeJCXgaqZ8xzFO7ygpHB6v2cblCKIA3wX5pg/Dsg1oumHGrSHIEK8No/GOtCjSx4Rv6/CweBQ==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^1.1.0",
+				"@authorizerdev/authorizer-js": "^1.1.2-beta.1",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -469,9 +470,9 @@
 			}
 		},
 		"node_modules/final-form": {
-			"version": "4.20.6",
-			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.6.tgz",
-			"integrity": "sha512-fCdwIj49KOaFfDRlXB57Eo+GghIMZQWrA9TakQI3C9uQxHwaFHXqZSNRlUdfnQmNNeySwGOaGPZCvjy58hyv4w==",
+			"version": "4.20.4",
+			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.4.tgz",
+			"integrity": "sha512-hyoOVVilPLpkTvgi+FSJkFZrh0Yhy4BhE6lk/NiBwrF4aRV8/ykKEyXYvQH/pfUbRkOosvpESYouFb+FscsLrw==",
 			"dependencies": {
 				"@babel/runtime": "^7.10.0"
 			},
@@ -617,6 +618,21 @@
 			"resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
 			"integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
 		},
+		"node_modules/prettier": {
+			"version": "2.7.1",
+			"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
+			"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
+			"dev": true,
+			"bin": {
+				"prettier": "bin-prettier.js"
+			},
+			"engines": {
+				"node": ">=10.13.0"
+			},
+			"funding": {
+				"url": "https://github.com/prettier/prettier?sponsor=1"
+			}
+		},
 		"node_modules/prop-types": {
 			"version": "15.7.2",
 			"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz",
@@ -860,19 +876,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.0.tgz",
-			"integrity": "sha512-MdEw1SjhIm7pXq20AscHSbnAta2PC3w7GNBY52/OzmlBXUGH3ooUQX/aszbYOse3FlhapcrGrRvg4sNM7faGAg==",
+			"version": "1.1.2-beta.1",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.1.2-beta.1.tgz",
+			"integrity": "sha512-u+O2iB3tqF1HtdJ6LfBXL9iMycqlCCL3othBQkqitGP1ldhASWLJ2pcXZAcHgyoeczKdj2XKZKdIcWB3GYR0IQ==",
 			"requires": {
 				"cross-fetch": "^3.1.5"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.0.tgz",
-			"integrity": "sha512-8ooyBREFI6ohHApVOPQitFr7T0w0SlpEVZruvU9oqa8OQ77UBxLQh+PCRKKPw7FeQRdCdh/VQyl17W7Xphp1NA==",
+			"version": "1.1.3-beta.1",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.3-beta.1.tgz",
+			"integrity": "sha512-+ZsOBp6XjZVnDyeJCXgaqZ8xzFO7ygpHB6v2cblCKIA3wX5pg/Dsg1oumHGrSHIEK8No/GOtCjSx4Rv6/CweBQ==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^1.1.0",
+				"@authorizerdev/authorizer-js": "^1.1.2-beta.1",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -1216,9 +1232,9 @@
 			"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
 		},
 		"final-form": {
-			"version": "4.20.6",
-			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.6.tgz",
-			"integrity": "sha512-fCdwIj49KOaFfDRlXB57Eo+GghIMZQWrA9TakQI3C9uQxHwaFHXqZSNRlUdfnQmNNeySwGOaGPZCvjy58hyv4w==",
+			"version": "4.20.4",
+			"resolved": "https://registry.npmjs.org/final-form/-/final-form-4.20.4.tgz",
+			"integrity": "sha512-hyoOVVilPLpkTvgi+FSJkFZrh0Yhy4BhE6lk/NiBwrF4aRV8/ykKEyXYvQH/pfUbRkOosvpESYouFb+FscsLrw==",
 			"requires": {
 				"@babel/runtime": "^7.10.0"
 			}
@@ -1329,6 +1345,12 @@
 			"resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
 			"integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
 		},
+		"prettier": {
+			"version": "2.7.1",
+			"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
+			"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
+			"dev": true
+		},
 		"prop-types": {
 			"version": "15.7.2",
 			"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz",

app/package.json

@@ -5,13 +5,14 @@
 	"main": "index.js",
 	"scripts": {
 		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
-		"start": "NODE_ENV=development node ./esbuild.config.js"
+		"start": "NODE_ENV=development node ./esbuild.config.js",
+		"format": "prettier --write 'src/**/*.(ts|tsx|js|jsx)'"
 	},
 	"keywords": [],
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^1.1.0",
+		"@authorizerdev/authorizer-react": "^1.1.3",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
@@ -19,11 +20,12 @@
 		"react-dom": "^17.0.2",
 		"react-is": "^17.0.2",
 		"react-router-dom": "^5.2.0",
-		"typescript": "^4.3.5",
-		"styled-components": "^5.3.0"
+		"styled-components": "^5.3.0",
+		"typescript": "^4.3.5"
 	},
 	"devDependencies": {
 		"@types/react-router-dom": "^5.1.8",
-		"@types/styled-components": "^5.1.11"
+		"@types/styled-components": "^5.1.11",
+		"prettier": "2.7.1"
 	}
 }

app/src/App.tsx

@@ -5,9 +5,9 @@ import Root from './Root';
 import { createRandomString } from './utils/common';
 
 declare global {
-  interface Window {
-    __authorizer__: any;
-  }
+	interface Window {
+		__authorizer__: any;
+	}
 }
 
 export default function App() {

app/src/Root.tsx

@@ -32,12 +32,14 @@ export default function Root({
 	const { token, loading, config } = useAuthorizer();
 
 	const searchParams = new URLSearchParams(
-		hasWindow() ? window.location.search : ``
+		hasWindow() ? window.location.search : ``,
 	);
 	const state = searchParams.get('state') || createRandomString();
 	const scope = searchParams.get('scope')
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
+	const code = searchParams.get('code') || '';
+	const nonce = searchParams.get('nonce') || '';
 
 	const urlProps: Record<string, any> = {
 		state,
@@ -58,9 +60,19 @@ export default function Root({
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
 			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
+
+			if (code !== '') {
+				params += `&code=${code}`;
+			}
+
+			if (nonce !== '') {
+				params += `&nonce=${nonce}`;
+			}
+
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
+
 			const url = new URL(redirectURL);
 			if (redirectURL.includes('?')) {
 				redirectURL = `${redirectURL}&${params}`;
@@ -74,7 +86,7 @@ export default function Root({
 			}
 		}
 		return () => {};
-	}, [token]);
+	}, [token, config]);
 
 	if (loading) {
 		return <h1>Loading...</h1>;
@@ -100,7 +112,7 @@ export default function Root({
 						<Route path="/app" exact>
 							<Login urlProps={urlProps} />
 						</Route>
-						<Route path="/app/signup" exact>
+						<Route path="/app/signup">
 							<SignUp urlProps={urlProps} />
 						</Route>
 						<Route path="/app/reset-password">

app/src/pages/login.tsx

@@ -60,7 +60,12 @@ export default function Login({ urlProps }: { urlProps: Record<string, any> }) {
 			{view === VIEW_TYPES.FORGOT_PASSWORD && (
 				<Fragment>
 					<h1 style={{ textAlign: 'center' }}>Forgot Password</h1>
-					<AuthorizerForgotPassword urlProps={urlProps} />
+					<AuthorizerForgotPassword
+						urlProps={{
+							...urlProps,
+							redirect_uri: `${window.location.origin}/app/reset-password`,
+						}}
+					/>
 					<Footer>
 						<Link
 							to="#"

app/src/theme.ts

@@ -1,28 +1,28 @@
 // colors: https://tailwindcss.com/docs/customizing-colors
 
 export const theme = {
-  colors: {
-    primary: '#3B82F6',
-    primaryDisabled: '#60A5FA',
-    gray: '#D1D5DB',
-    danger: '#DC2626',
-    success: '#10B981',
-    textColor: '#374151',
-  },
-  fonts: {
-    // typography
-    fontStack: '-apple-system, system-ui, sans-serif',
+	colors: {
+		primary: '#3B82F6',
+		primaryDisabled: '#60A5FA',
+		gray: '#D1D5DB',
+		danger: '#DC2626',
+		success: '#10B981',
+		textColor: '#374151',
+	},
+	fonts: {
+		// typography
+		fontStack: '-apple-system, system-ui, sans-serif',
 
-    // font sizes
-    largeText: '18px',
-    mediumText: '14px',
-    smallText: '12px',
-    tinyText: '10px',
-  },
+		// font sizes
+		largeText: '18px',
+		mediumText: '14px',
+		smallText: '12px',
+		tinyText: '10px',
+	},
 
-  radius: {
-    card: '5px',
-    button: '5px',
-    input: '5px',
-  },
+	radius: {
+		card: '5px',
+		button: '5px',
+		input: '5px',
+	},
 };

app/src/utils/common.ts

@@ -8,7 +8,7 @@ export const createRandomString = () => {
 		'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';
 	let random = '';
 	const randomValues = Array.from(
-		getCrypto().getRandomValues(new Uint8Array(43))
+		getCrypto().getRandomValues(new Uint8Array(43)),
 	);
 	randomValues.forEach((v) => (random += charset[v % charset.length]));
 	return random;

dashboard/.prettierrc.json

@@ -0,0 +1,6 @@
+{
+	"tabWidth": 2,
+	"singleQuote": true,
+	"trailingComma": "all",
+	"useTabs": true
+}

dashboard/package-lock.json

@@ -33,26 +33,27 @@
 				"urql": "^2.0.6"
 			},
 			"devDependencies": {
-				"@types/react-email-editor": "^1.1.7"
+				"@types/react-email-editor": "^1.1.7",
+				"prettier": "2.7.1"
 			}
 		},
 		"node_modules/@babel/code-frame": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.0.tgz",
-			"integrity": "sha512-IF4EOMEV+bfYwOmNxGzSnjR2EmQod7f1UXOpZM3l4i4o4QNwzjtJAu/HxdjHq0aYBvdqMuQEY1eg0nqW9ZPORA==",
+			"version": "7.18.6",
+			"resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz",
+			"integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
 			"dependencies": {
-				"@babel/highlight": "^7.16.0"
+				"@babel/highlight": "^7.18.6"
 			},
 			"engines": {
 				"node": ">=6.9.0"
 			}
 		},
 		"node_modules/@babel/helper-module-imports": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.16.0.tgz",
-			"integrity": "sha512-kkH7sWzKPq0xt3H1n+ghb4xEMP8k0U7XV3kkB+ZGy69kDk2ySFW1qPi06sjKzFY3t1j6XbJSqr4mF9L7CYVyhg==",
+			"version": "7.18.6",
+			"resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.18.6.tgz",
+			"integrity": "sha512-0NFvs3VkuSYbFi1x2Vd6tKrywq+z/cLeYC/RJNFrIX/30Bf5aiGYbtvGXolEktzJH8o5E5KJ3tT+nkxuuZFVlA==",
 			"dependencies": {
-				"@babel/types": "^7.16.0"
+				"@babel/types": "^7.18.6"
 			},
 			"engines": {
 				"node": ">=6.9.0"
@@ -66,20 +67,28 @@
 				"node": ">=6.9.0"
 			}
 		},
+		"node_modules/@babel/helper-string-parser": {
+			"version": "7.18.10",
+			"resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.18.10.tgz",
+			"integrity": "sha512-XtIfWmeNY3i4t7t4D2t02q50HvqHybPqW2ki1kosnvWCwuCMeo81Jf0gwr85jy/neUdg5XDdeFE/80DXiO+njw==",
+			"engines": {
+				"node": ">=6.9.0"
+			}
+		},
 		"node_modules/@babel/helper-validator-identifier": {
-			"version": "7.15.7",
-			"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz",
-			"integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==",
+			"version": "7.19.1",
+			"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz",
+			"integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==",
 			"engines": {
 				"node": ">=6.9.0"
 			}
 		},
 		"node_modules/@babel/highlight": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.0.tgz",
-			"integrity": "sha512-t8MH41kUQylBtu2+4IQA3atqevA2lRgqA2wyVB/YiWmsDSuylZZuXOUy9ric30hfzauEFfdsuk/eXTRrGrfd0g==",
+			"version": "7.18.6",
+			"resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz",
+			"integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==",
 			"dependencies": {
-				"@babel/helper-validator-identifier": "^7.15.7",
+				"@babel/helper-validator-identifier": "^7.18.6",
 				"chalk": "^2.0.0",
 				"js-tokens": "^4.0.0"
 			},
@@ -113,11 +122,12 @@
 			}
 		},
 		"node_modules/@babel/types": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.16.0.tgz",
-			"integrity": "sha512-PJgg/k3SdLsGb3hhisFvtLOw5ts113klrpLuIPtCJIU+BB24fqq6lf8RWqKJEjzqXR9AEH1rIb5XTqwBHB+kQg==",
+			"version": "7.19.3",
+			"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.19.3.tgz",
+			"integrity": "sha512-hGCaQzIY22DJlDh9CH7NOxgKkFjBk0Cw9xDO1Xmh2151ti7wiGfQ3LauXzL4HP1fmFlTX6XjpRETTpUcv7wQLw==",
 			"dependencies": {
-				"@babel/helper-validator-identifier": "^7.15.7",
+				"@babel/helper-string-parser": "^7.18.10",
+				"@babel/helper-validator-identifier": "^7.19.1",
 				"to-fast-properties": "^2.0.0"
 			},
 			"engines": {
@@ -1315,7 +1325,7 @@
 		"node_modules/chalk/node_modules/escape-string-regexp": {
 			"version": "1.0.5",
 			"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-			"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+			"integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
 			"engines": {
 				"node": ">=0.8.0"
 			}
@@ -1336,7 +1346,7 @@
 		"node_modules/color-name": {
 			"version": "1.1.3",
 			"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-			"integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
+			"integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
 		},
 		"node_modules/compute-scroll-into-view": {
 			"version": "1.0.14",
@@ -1804,7 +1814,7 @@
 		"node_modules/has-flag": {
 			"version": "3.0.0",
 			"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-			"integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+			"integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
 			"engines": {
 				"node": ">=4"
 			}
@@ -1990,6 +2000,21 @@
 				"tslib": "^2.1.0"
 			}
 		},
+		"node_modules/prettier": {
+			"version": "2.7.1",
+			"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
+			"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
+			"dev": true,
+			"bin": {
+				"prettier": "bin-prettier.js"
+			},
+			"engines": {
+				"node": ">=10.13.0"
+			},
+			"funding": {
+				"url": "https://github.com/prettier/prettier?sponsor=1"
+			}
+		},
 		"node_modules/prop-types": {
 			"version": "15.8.1",
 			"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
@@ -2425,19 +2450,19 @@
 	},
 	"dependencies": {
 		"@babel/code-frame": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.0.tgz",
-			"integrity": "sha512-IF4EOMEV+bfYwOmNxGzSnjR2EmQod7f1UXOpZM3l4i4o4QNwzjtJAu/HxdjHq0aYBvdqMuQEY1eg0nqW9ZPORA==",
+			"version": "7.18.6",
+			"resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz",
+			"integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
 			"requires": {
-				"@babel/highlight": "^7.16.0"
+				"@babel/highlight": "^7.18.6"
 			}
 		},
 		"@babel/helper-module-imports": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.16.0.tgz",
-			"integrity": "sha512-kkH7sWzKPq0xt3H1n+ghb4xEMP8k0U7XV3kkB+ZGy69kDk2ySFW1qPi06sjKzFY3t1j6XbJSqr4mF9L7CYVyhg==",
+			"version": "7.18.6",
+			"resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.18.6.tgz",
+			"integrity": "sha512-0NFvs3VkuSYbFi1x2Vd6tKrywq+z/cLeYC/RJNFrIX/30Bf5aiGYbtvGXolEktzJH8o5E5KJ3tT+nkxuuZFVlA==",
 			"requires": {
-				"@babel/types": "^7.16.0"
+				"@babel/types": "^7.18.6"
 			}
 		},
 		"@babel/helper-plugin-utils": {
@@ -2445,17 +2470,22 @@
 			"resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.16.5.tgz",
 			"integrity": "sha512-59KHWHXxVA9K4HNF4sbHCf+eJeFe0Te/ZFGqBT4OjXhrwvA04sGfaEGsVTdsjoszq0YTP49RC9UKe5g8uN2RwQ=="
 		},
+		"@babel/helper-string-parser": {
+			"version": "7.18.10",
+			"resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.18.10.tgz",
+			"integrity": "sha512-XtIfWmeNY3i4t7t4D2t02q50HvqHybPqW2ki1kosnvWCwuCMeo81Jf0gwr85jy/neUdg5XDdeFE/80DXiO+njw=="
+		},
 		"@babel/helper-validator-identifier": {
-			"version": "7.15.7",
-			"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz",
-			"integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w=="
+			"version": "7.19.1",
+			"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz",
+			"integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w=="
 		},
 		"@babel/highlight": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.0.tgz",
-			"integrity": "sha512-t8MH41kUQylBtu2+4IQA3atqevA2lRgqA2wyVB/YiWmsDSuylZZuXOUy9ric30hfzauEFfdsuk/eXTRrGrfd0g==",
+			"version": "7.18.6",
+			"resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz",
+			"integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==",
 			"requires": {
-				"@babel/helper-validator-identifier": "^7.15.7",
+				"@babel/helper-validator-identifier": "^7.18.6",
 				"chalk": "^2.0.0",
 				"js-tokens": "^4.0.0"
 			}
@@ -2477,11 +2507,12 @@
 			}
 		},
 		"@babel/types": {
-			"version": "7.16.0",
-			"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.16.0.tgz",
-			"integrity": "sha512-PJgg/k3SdLsGb3hhisFvtLOw5ts113klrpLuIPtCJIU+BB24fqq6lf8RWqKJEjzqXR9AEH1rIb5XTqwBHB+kQg==",
+			"version": "7.19.3",
+			"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.19.3.tgz",
+			"integrity": "sha512-hGCaQzIY22DJlDh9CH7NOxgKkFjBk0Cw9xDO1Xmh2151ti7wiGfQ3LauXzL4HP1fmFlTX6XjpRETTpUcv7wQLw==",
 			"requires": {
-				"@babel/helper-validator-identifier": "^7.15.7",
+				"@babel/helper-string-parser": "^7.18.10",
+				"@babel/helper-validator-identifier": "^7.19.1",
 				"to-fast-properties": "^2.0.0"
 			}
 		},
@@ -2605,8 +2636,7 @@
 		"@chakra-ui/css-reset": {
 			"version": "1.1.1",
 			"resolved": "https://registry.npmjs.org/@chakra-ui/css-reset/-/css-reset-1.1.1.tgz",
-			"integrity": "sha512-+KNNHL4OWqeKia5SL858K3Qbd8WxMij9mWIilBzLD4j2KFrl/+aWFw8syMKth3NmgIibrjsljo+PU3fy2o50dg==",
-			"requires": {}
+			"integrity": "sha512-+KNNHL4OWqeKia5SL858K3Qbd8WxMij9mWIilBzLD4j2KFrl/+aWFw8syMKth3NmgIibrjsljo+PU3fy2o50dg=="
 		},
 		"@chakra-ui/descendant": {
 			"version": "2.1.1",
@@ -3210,8 +3240,7 @@
 		"@graphql-typed-document-node/core": {
 			"version": "3.1.1",
 			"resolved": "https://registry.npmjs.org/@graphql-typed-document-node/core/-/core-3.1.1.tgz",
-			"integrity": "sha512-NQ17ii0rK1b34VZonlmT2QMJFI70m0TRwbknO/ihlbatXyaktDhN/98vBiUU6kNBPljqGqyIrl2T4nY2RpFANg==",
-			"requires": {}
+			"integrity": "sha512-NQ17ii0rK1b34VZonlmT2QMJFI70m0TRwbknO/ihlbatXyaktDhN/98vBiUU6kNBPljqGqyIrl2T4nY2RpFANg=="
 		},
 		"@popperjs/core": {
 			"version": "2.11.0",
@@ -3397,7 +3426,7 @@
 				"escape-string-regexp": {
 					"version": "1.0.5",
 					"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-					"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
+					"integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg=="
 				}
 			}
 		},
@@ -3417,7 +3446,7 @@
 		"color-name": {
 			"version": "1.1.3",
 			"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-			"integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
+			"integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
 		},
 		"compute-scroll-into-view": {
 			"version": "1.0.14",
@@ -3483,8 +3512,7 @@
 		"draftjs-utils": {
 			"version": "0.10.2",
 			"resolved": "https://registry.npmjs.org/draftjs-utils/-/draftjs-utils-0.10.2.tgz",
-			"integrity": "sha512-EstHqr3R3JVcilJrBaO/A+01GvwwKmC7e4TCjC7S94ZeMh4IVmf60OuQXtHHpwItK8C2JCi3iljgN5KHkJboUg==",
-			"requires": {}
+			"integrity": "sha512-EstHqr3R3JVcilJrBaO/A+01GvwwKmC7e4TCjC7S94ZeMh4IVmf60OuQXtHHpwItK8C2JCi3iljgN5KHkJboUg=="
 		},
 		"error-ex": {
 			"version": "1.3.2",
@@ -3732,7 +3760,7 @@
 		"has-flag": {
 			"version": "3.0.0",
 			"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-			"integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
+			"integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw=="
 		},
 		"hey-listen": {
 			"version": "1.0.8",
@@ -3758,8 +3786,7 @@
 		"html-to-draftjs": {
 			"version": "1.5.0",
 			"resolved": "https://registry.npmjs.org/html-to-draftjs/-/html-to-draftjs-1.5.0.tgz",
-			"integrity": "sha512-kggLXBNciKDwKf+KYsuE+V5gw4dZ7nHyGMX9m0wy7urzWjKGWyNFetmArRLvRV0VrxKN70WylFsJvMTJx02OBQ==",
-			"requires": {}
+			"integrity": "sha512-kggLXBNciKDwKf+KYsuE+V5gw4dZ7nHyGMX9m0wy7urzWjKGWyNFetmArRLvRV0VrxKN70WylFsJvMTJx02OBQ=="
 		},
 		"import-fresh": {
 			"version": "3.3.0",
@@ -3887,6 +3914,12 @@
 				}
 			}
 		},
+		"prettier": {
+			"version": "2.7.1",
+			"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
+			"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
+			"dev": true
+		},
 		"prop-types": {
 			"version": "15.8.1",
 			"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
@@ -3949,8 +3982,7 @@
 		"react-email-editor": {
 			"version": "1.6.1",
 			"resolved": "https://registry.npmjs.org/react-email-editor/-/react-email-editor-1.6.1.tgz",
-			"integrity": "sha512-pEWpRmTY0ok03cwTGqEOoEldnzThhuRGTrcMnv8W3/jc5MTfcr9USU/IQ9HrVvFStLKoxYBIQnSKY+iCYWOtSQ==",
-			"requires": {}
+			"integrity": "sha512-pEWpRmTY0ok03cwTGqEOoEldnzThhuRGTrcMnv8W3/jc5MTfcr9USU/IQ9HrVvFStLKoxYBIQnSKY+iCYWOtSQ=="
 		},
 		"react-fast-compare": {
 			"version": "3.2.0",
@@ -3973,8 +4005,7 @@
 		"react-icons": {
 			"version": "4.3.1",
 			"resolved": "https://registry.npmjs.org/react-icons/-/react-icons-4.3.1.tgz",
-			"integrity": "sha512-cB10MXLTs3gVuXimblAdI71jrJx8njrJZmNMEMC+sQu5B/BIOmlsAjskdqpn81y8UBVEGuHODd7/ci5DvoSzTQ==",
-			"requires": {}
+			"integrity": "sha512-cB10MXLTs3gVuXimblAdI71jrJx8njrJZmNMEMC+sQu5B/BIOmlsAjskdqpn81y8UBVEGuHODd7/ci5DvoSzTQ=="
 		},
 		"react-is": {
 			"version": "16.13.1",
@@ -4165,8 +4196,7 @@
 		"use-callback-ref": {
 			"version": "1.2.5",
 			"resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.2.5.tgz",
-			"integrity": "sha512-gN3vgMISAgacF7sqsLPByqoePooY3n2emTH59Ur5d/M8eg4WTWu1xp8i8DHjohftIyEx0S08RiYxbffr4j8Peg==",
-			"requires": {}
+			"integrity": "sha512-gN3vgMISAgacF7sqsLPByqoePooY3n2emTH59Ur5d/M8eg4WTWu1xp8i8DHjohftIyEx0S08RiYxbffr4j8Peg=="
 		},
 		"use-sidecar": {
 			"version": "1.0.5",

dashboard/package.json

@@ -5,7 +5,8 @@
 	"main": "index.js",
 	"scripts": {
 		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
-		"start": "NODE_ENV=development node ./esbuild.config.js"
+		"start": "NODE_ENV=development node ./esbuild.config.js",
+		"format": "prettier --write --use-tabs 'src/**/*.(ts|tsx|js|jsx)'"
 	},
 	"keywords": [],
 	"author": "Lakhan Samani",
@@ -35,6 +36,7 @@
 		"urql": "^2.0.6"
 	},
 	"devDependencies": {
-		"@types/react-email-editor": "^1.1.7"
+		"@types/react-email-editor": "^1.1.7",
+		"prettier": "2.7.1"
 	}
 }

dashboard/src/components/EditUserModal.tsx

@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { useState } from 'react';
 import {
 	Button,
 	Center,
@@ -20,13 +20,14 @@ import { useClient } from 'urql';
 import { FaSave } from 'react-icons/fa';
 import InputField from './InputField';
 import {
-	ArrayInputType,
 	DateInputType,
+	MultiSelectInputType,
 	SelectInputType,
 	TextInputType,
 } from '../constants';
 import { getObjectDiff } from '../utils';
 import { UpdateUser } from '../graphql/mutation';
+import { GetAvailableRolesQuery } from '../graphql/queries';
 
 const GenderTypes = {
 	Undisclosed: null,
@@ -57,8 +58,9 @@ const EditUserModal = ({
 }) => {
 	const client = useClient();
 	const toast = useToast();
+	const [availableRoles, setAvailableRoles] = useState<string[]>([]);
 	const { isOpen, onOpen, onClose } = useDisclosure();
-	const [userData, setUserData] = React.useState<userDataTypes>({
+	const [userData, setUserData] = useState<userDataTypes>({
 		id: '',
 		email: '',
 		given_name: '',
@@ -73,7 +75,17 @@ const EditUserModal = ({
 	});
 	React.useEffect(() => {
 		setUserData(user);
+		fetchAvailableRoles();
 	}, []);
+	const fetchAvailableRoles = async () => {
+		const res = await client.query(GetAvailableRolesQuery).toPromise();
+		if (res.data?._env?.ROLES && res.data?._env?.PROTECTED_ROLES) {
+			setAvailableRoles([
+				...res.data._env.ROLES,
+				...res.data._env.PROTECTED_ROLES,
+			]);
+		}
+	};
 	const saveHandler = async () => {
 		const diff = getObjectDiff(user, userData);
 		const updatedUserData = diff.reduce(
@@ -82,7 +94,7 @@ const EditUserModal = ({
 				// @ts-ignore
 				[property]: userData[property],
 			}),
-			{}
+			{},
 		);
 		const res = await client
 			.mutation(UpdateUser, { params: { ...updatedUserData, id: userData.id } })
@@ -221,7 +233,8 @@ const EditUserModal = ({
 									<InputField
 										variables={userData}
 										setVariables={setUserData}
-										inputType={ArrayInputType.USER_ROLES}
+										availableRoles={availableRoles}
+										inputType={MultiSelectInputType.USER_ROLES}
 									/>
 								</Center>
 							</Flex>

dashboard/src/components/EnvComponents/AccessToken.tsx

@@ -1,65 +1,65 @@
-import React from "react";
-import { Flex, Stack, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../../components/InputField";
-import { TextInputType, TextAreaInputType } from "../../constants";
+import React from 'react';
+import { Flex, Stack, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../../components/InputField';
+import { TextInputType, TextAreaInputType } from '../../constants';
 
 const AccessToken = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
-  return (
-    <div>
-      {" "}
-      <Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
-        Access Token
-      </Text>
-      <Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "50%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">Access Token Expiry Time:</Text>
-          </Flex>
-          <Flex
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.ACCESS_TOKEN_EXPIRY_TIME}
-              placeholder="0h15m0s"
-            />
-          </Flex>
-        </Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "60%"}
-            justifyContent="start"
-            direction="column"
-          >
-            <Text fontSize="sm">Custom Scripts:</Text>
-            <Text fontSize="xs" color="blackAlpha.500">
-              (Used to add custom fields in ID token)
-            </Text>
-          </Flex>
-          <Flex
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextAreaInputType.CUSTOM_ACCESS_TOKEN_SCRIPT}
-              placeholder="Add script here"
-              minH="25vh"
-            />
-          </Flex>
-        </Flex>
-      </Stack>
-    </div>
-  );
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
+	return (
+		<div>
+			{' '}
+			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
+				Access Token
+			</Text>
+			<Stack spacing={6} padding="2% 0%">
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '50%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">Access Token Expiry Time:</Text>
+					</Flex>
+					<Flex
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.ACCESS_TOKEN_EXPIRY_TIME}
+							placeholder="0h15m0s"
+						/>
+					</Flex>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '60%'}
+						justifyContent="start"
+						direction="column"
+					>
+						<Text fontSize="sm">Custom Scripts:</Text>
+						<Text fontSize="xs" color="blackAlpha.500">
+							(Used to add custom fields in ID token)
+						</Text>
+					</Flex>
+					<Flex
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextAreaInputType.CUSTOM_ACCESS_TOKEN_SCRIPT}
+							placeholder="Add script here"
+							minH="25vh"
+						/>
+					</Flex>
+				</Flex>
+			</Stack>
+		</div>
+	);
 };
 
-export default AccessToken;
+export default AccessToken;

dashboard/src/components/EnvComponents/DomainWhitelisting.tsx

@@ -1,35 +1,35 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../../components/InputField";
-import { ArrayInputType} from "../../constants";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../../components/InputField';
+import { ArrayInputType } from '../../constants';
 
 const DomainWhiteListing = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
-  return (
-    <div>
-      {" "}
-      <Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
-        Domain White Listing
-      </Text>
-      <Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex w="30%" justifyContent="start" alignItems="center">
-            <Text fontSize="sm">Allowed Origins:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              variables={variables}
-              setVariables={setVariables}
-              inputType={ArrayInputType.ALLOWED_ORIGINS}
-            />
-          </Center>
-        </Flex>
-      </Stack>
-    </div>
-  );
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
+	return (
+		<div>
+			{' '}
+			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
+				Domain White Listing
+			</Text>
+			<Stack spacing={6} padding="2% 0%">
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">Allowed Origins:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							variables={variables}
+							setVariables={setVariables}
+							inputType={ArrayInputType.ALLOWED_ORIGINS}
+						/>
+					</Center>
+				</Flex>
+			</Stack>
+		</div>
+	);
 };
 
-export default DomainWhiteListing;
+export default DomainWhiteListing;

dashboard/src/components/EnvComponents/EmailConfiguration.tsx

@@ -1,114 +1,134 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../../components/InputField";
-import { TextInputType, HiddenInputType} from "../../constants";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../../components/InputField';
+import { TextInputType, HiddenInputType } from '../../constants';
 const EmailConfigurations = ({
-  variables,
-  setVariables,
-  fieldVisibility,
-  setFieldVisibility,
+	variables,
+	setVariables,
+	fieldVisibility,
+	setFieldVisibility,
 }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
-  return (
-    <div>
-      {" "}
-      <Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
-        Email Configurations
-      </Text>
-      <Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex w="30%" justifyContent="start" alignItems="center">
-            <Text fontSize="sm">SMTP Host:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.SMTP_HOST}
-            />
-          </Center>
-        </Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex w="30%" justifyContent="start" alignItems="center">
-            <Text fontSize="sm">SMTP Port:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.SMTP_PORT}
-            />
-          </Center>
-        </Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">SMTP Username:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.SMTP_USERNAME}
-            />
-          </Center>
-        </Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">SMTP Password:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              fieldVisibility={fieldVisibility}
-              setFieldVisibility={setFieldVisibility}
-              inputType={HiddenInputType.SMTP_PASSWORD}
-            />
-          </Center>
-        </Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex w="30%" justifyContent="start" alignItems="center">
-            <Text fontSize="sm">From Email:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.SENDER_EMAIL}
-            />
-          </Center>
-        </Flex>
-      </Stack>
-    </div>
-  );
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
+	return (
+		<div>
+			{' '}
+			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
+				Email Configurations
+			</Text>
+			<Stack spacing={6} padding="2% 0%">
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">SMTP Host:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.SMTP_HOST}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">SMTP Port:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.SMTP_PORT}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">SMTP Local Name:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.SMTP_LOCAL_NAME}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">SMTP Username:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.SMTP_USERNAME}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">SMTP Password:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							fieldVisibility={fieldVisibility}
+							setFieldVisibility={setFieldVisibility}
+							inputType={HiddenInputType.SMTP_PASSWORD}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">From Email:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.SENDER_EMAIL}
+						/>
+					</Center>
+				</Flex>
+			</Stack>
+		</div>
+	);
 };
 
-export default EmailConfigurations;
+export default EmailConfigurations;

dashboard/src/components/EnvComponents/Features.tsx

@@ -126,6 +126,40 @@ const Features = ({ variables, setVariables }: any) => {
 					</Flex>
 				</Flex>
 			</Stack>
+			<Divider paddingY={5} />
+			<Text fontSize="md" paddingTop={5} fontWeight="bold" mb={5}>
+				Cookie Security Features
+			</Text>
+			<Stack spacing={6}>
+				<Flex>
+					<Flex w="100%" alignItems="baseline" flexDir="column">
+						<Text fontSize="sm">Use Secure App Cookie:</Text>
+						<Text fontSize="x-small">
+							Note: If you set this to insecure, it will set{' '}
+							<code>sameSite</code> property of cookie to <code>lax</code> mode
+						</Text>
+					</Flex>
+					<Flex justifyContent="start">
+						<InputField
+							variables={variables}
+							setVariables={setVariables}
+							inputType={SwitchInputType.APP_COOKIE_SECURE}
+						/>
+					</Flex>
+				</Flex>
+				<Flex>
+					<Flex w="100%" alignItems="baseline" flexDir="column">
+						<Text fontSize="sm">Use Secure Admin Cookie:</Text>
+					</Flex>
+					<Flex justifyContent="start">
+						<InputField
+							variables={variables}
+							setVariables={setVariables}
+							inputType={SwitchInputType.ADMIN_COOKIE_SECURE}
+						/>
+					</Flex>
+				</Flex>
+			</Stack>
 		</div>
 	);
 };

dashboard/src/components/EnvComponents/JWTConfiguration.tsx

@@ -37,7 +37,7 @@ const JSTConfigurations = ({
 				JSON.stringify({
 					type: variables.JWT_TYPE,
 					key: variables.JWT_PUBLIC_KEY || variables.JWT_SECRET,
-				})
+				}),
 			);
 			toast({
 				title: `JWT config copied successfully`,

dashboard/src/components/EnvComponents/OrganizationInfo.tsx

@@ -1,60 +1,60 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../InputField";
-import { TextInputType } from "../../constants";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../InputField';
+import { TextInputType } from '../../constants';
 
 const OrganizationInfo = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
-  return (
-    <div>
-      {" "}
-      <Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
-        Organization Information
-      </Text>
-      <Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">Organization Name:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.ORGANIZATION_NAME}
-            />
-          </Center>
-        </Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">Organization Logo:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={TextInputType.ORGANIZATION_LOGO}
-            />
-          </Center>
-        </Flex>
-      </Stack>
-    </div>
-  );
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
+	return (
+		<div>
+			{' '}
+			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
+				Organization Information
+			</Text>
+			<Stack spacing={6} padding="2% 0%">
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">Organization Name:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.ORGANIZATION_NAME}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">Organization Logo:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.ORGANIZATION_LOGO}
+						/>
+					</Center>
+				</Flex>
+			</Stack>
+		</div>
+	);
 };
 
-export default OrganizationInfo;
+export default OrganizationInfo;

dashboard/src/components/EnvComponents/SecurityAdminSecret.tsx

@@ -1,138 +1,138 @@
-import React from "react";
+import React from 'react';
 import {
-  Flex,
-  Stack,
-  Center,
-  Text,
-  Input,
-  InputGroup,
-  InputRightElement,
-  useMediaQuery,
-} from "@chakra-ui/react";
-import { FaRegEyeSlash, FaRegEye } from "react-icons/fa";
-import InputField from "../InputField";
-import { HiddenInputType } from "../../constants";
+	Flex,
+	Stack,
+	Center,
+	Text,
+	Input,
+	InputGroup,
+	InputRightElement,
+	useMediaQuery,
+} from '@chakra-ui/react';
+import { FaRegEyeSlash, FaRegEye } from 'react-icons/fa';
+import InputField from '../InputField';
+import { HiddenInputType } from '../../constants';
 const SecurityAdminSecret = ({
-  variables,
-  setVariables,
-  fieldVisibility,
-  setFieldVisibility,
-  validateAdminSecretHandler,
-  adminSecret,
+	variables,
+	setVariables,
+	fieldVisibility,
+	setFieldVisibility,
+	validateAdminSecretHandler,
+	adminSecret,
 }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
-  return (
-    <div>
-      {" "}
-      <Text fontSize="md" paddingTop="2%" fontWeight="bold">
-        Security (Admin Secret)
-      </Text>
-      <Stack
-        spacing={6}
-        padding="0 5%"
-        marginTop="3%"
-        border="1px solid #ff7875"
-        borderRadius="5px"
-      >
-        <Flex
-          marginTop={isNotSmallerScreen ? "3%" : "5%"}
-          direction={isNotSmallerScreen ? "row" : "column"}
-        >
-          <Flex
-            mt={3}
-            w={isNotSmallerScreen ? "30%" : "40%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">Old Admin Secret:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputGroup size="sm">
-              <Input
-                borderRadius={5}
-                size="sm"
-                placeholder="Enter Old Admin Secret"
-                value={adminSecret.value as string}
-                onChange={(event: any) => validateAdminSecretHandler(event)}
-                type={
-                  !fieldVisibility[HiddenInputType.OLD_ADMIN_SECRET]
-                    ? "password"
-                    : "text"
-                }
-              />
-              <InputRightElement
-                right="5px"
-                children={
-                  <Flex>
-                    {fieldVisibility[HiddenInputType.OLD_ADMIN_SECRET] ? (
-                      <Center
-                        w="25px"
-                        margin="0 1.5%"
-                        cursor="pointer"
-                        onClick={() =>
-                          setFieldVisibility({
-                            ...fieldVisibility,
-                            [HiddenInputType.OLD_ADMIN_SECRET]: false,
-                          })
-                        }
-                      >
-                        <FaRegEyeSlash color="#bfbfbf" />
-                      </Center>
-                    ) : (
-                      <Center
-                        w="25px"
-                        margin="0 1.5%"
-                        cursor="pointer"
-                        onClick={() =>
-                          setFieldVisibility({
-                            ...fieldVisibility,
-                            [HiddenInputType.OLD_ADMIN_SECRET]: true,
-                          })
-                        }
-                      >
-                        <FaRegEye color="#bfbfbf" />
-                      </Center>
-                    )}
-                  </Flex>
-                }
-              />
-            </InputGroup>
-          </Center>
-        </Flex>
-        <Flex
-          paddingBottom="3%"
-          direction={isNotSmallerScreen ? "row" : "column"}
-        >
-          <Flex
-            w={isNotSmallerScreen ? "30%" : "50%"}
-            justifyContent="start"
-            alignItems="center"
-          >
-            <Text fontSize="sm">New Admin Secret:</Text>
-          </Flex>
-          <Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
-          >
-            <InputField
-              borderRadius={5}
-              mb={3}
-              variables={variables}
-              setVariables={setVariables}
-              inputType={HiddenInputType.ADMIN_SECRET}
-              fieldVisibility={fieldVisibility}
-              setFieldVisibility={setFieldVisibility}
-              isDisabled={adminSecret.disableInputField}
-              placeholder="Enter New Admin Secret"
-            />
-          </Center>
-        </Flex>
-      </Stack>
-    </div>
-  );
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
+	return (
+		<div>
+			{' '}
+			<Text fontSize="md" paddingTop="2%" fontWeight="bold">
+				Security (Admin Secret)
+			</Text>
+			<Stack
+				spacing={6}
+				padding="0 5%"
+				marginTop="3%"
+				border="1px solid #ff7875"
+				borderRadius="5px"
+			>
+				<Flex
+					marginTop={isNotSmallerScreen ? '3%' : '5%'}
+					direction={isNotSmallerScreen ? 'row' : 'column'}
+				>
+					<Flex
+						mt={3}
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">Old Admin Secret:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputGroup size="sm">
+							<Input
+								borderRadius={5}
+								size="sm"
+								placeholder="Enter Old Admin Secret"
+								value={adminSecret.value as string}
+								onChange={(event: any) => validateAdminSecretHandler(event)}
+								type={
+									!fieldVisibility[HiddenInputType.OLD_ADMIN_SECRET]
+										? 'password'
+										: 'text'
+								}
+							/>
+							<InputRightElement
+								right="5px"
+								children={
+									<Flex>
+										{fieldVisibility[HiddenInputType.OLD_ADMIN_SECRET] ? (
+											<Center
+												w="25px"
+												margin="0 1.5%"
+												cursor="pointer"
+												onClick={() =>
+													setFieldVisibility({
+														...fieldVisibility,
+														[HiddenInputType.OLD_ADMIN_SECRET]: false,
+													})
+												}
+											>
+												<FaRegEyeSlash color="#bfbfbf" />
+											</Center>
+										) : (
+											<Center
+												w="25px"
+												margin="0 1.5%"
+												cursor="pointer"
+												onClick={() =>
+													setFieldVisibility({
+														...fieldVisibility,
+														[HiddenInputType.OLD_ADMIN_SECRET]: true,
+													})
+												}
+											>
+												<FaRegEye color="#bfbfbf" />
+											</Center>
+										)}
+									</Flex>
+								}
+							/>
+						</InputGroup>
+					</Center>
+				</Flex>
+				<Flex
+					paddingBottom="3%"
+					direction={isNotSmallerScreen ? 'row' : 'column'}
+				>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '50%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">New Admin Secret:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							mb={3}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={HiddenInputType.ADMIN_SECRET}
+							fieldVisibility={fieldVisibility}
+							setFieldVisibility={setFieldVisibility}
+							isDisabled={adminSecret.disableInputField}
+							placeholder="Enter New Admin Secret"
+						/>
+					</Center>
+				</Flex>
+			</Stack>
+		</div>
+	);
 };
 
-export default SecurityAdminSecret;
+export default SecurityAdminSecret;

dashboard/src/components/GenerateKeysModal.tsx

@@ -167,7 +167,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 						) : (
 							<>
 								{Object.values(HMACEncryptionType).includes(
-									stateVariables.JWT_TYPE
+									stateVariables.JWT_TYPE,
 								) ? (
 									<Flex marginTop="8">
 										<Flex w="23%" justifyContent="start" alignItems="center">

dashboard/src/components/InputField.tsx

@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { useState } from 'react';
 import {
 	Box,
 	Flex,
@@ -13,6 +13,12 @@ import {
 	Textarea,
 	Switch,
 	Text,
+	MenuButton,
+	MenuList,
+	MenuItemOption,
+	MenuOptionGroup,
+	Button,
+	Menu,
 } from '@chakra-ui/react';
 import {
 	FaRegClone,
@@ -20,6 +26,7 @@ import {
 	FaRegEyeSlash,
 	FaPlus,
 	FaTimes,
+	FaAngleDown,
 } from 'react-icons/fa';
 import {
 	ArrayInputOperations,
@@ -30,6 +37,7 @@ import {
 	TextAreaInputType,
 	SwitchInputType,
 	DateInputType,
+	MultiSelectInputType,
 } from '../constants';
 import { copyTextToClipboard } from '../utils';
 
@@ -39,13 +47,16 @@ const InputField = ({
 	setVariables,
 	fieldVisibility,
 	setFieldVisibility,
+	availableRoles,
 	...downshiftProps
 }: any) => {
 	const props = {
 		size: 'sm',
 		...downshiftProps,
 	};
-	const [inputFieldVisibility, setInputFieldVisibility] = React.useState<
+	const [availableUserRoles, setAvailableUserRoles] =
+		useState<string[]>(availableRoles);
+	const [inputFieldVisibility, setInputFieldVisibility] = useState<
 		Record<string, boolean>
 	>({
 		ROLES: false,
@@ -54,7 +65,7 @@ const InputField = ({
 		ALLOWED_ORIGINS: false,
 		roles: false,
 	});
-	const [inputData, setInputData] = React.useState<Record<string, string>>({
+	const [inputData, setInputData] = useState<Record<string, string>>({
 		ROLES: '',
 		DEFAULT_ROLES: '',
 		PROTECTED_ROLES: '',
@@ -64,7 +75,7 @@ const InputField = ({
 	const updateInputHandler = (
 		type: string,
 		operation: any,
-		role: string = ''
+		role: string = '',
 	) => {
 		if (operation === ArrayInputOperations.APPEND) {
 			if (inputData[type] !== '') {
@@ -78,7 +89,7 @@ const InputField = ({
 		}
 		if (operation === ArrayInputOperations.REMOVE) {
 			let updatedEnvVars = variables[type].filter(
-				(item: string) => item !== role
+				(item: string) => item !== role,
 			);
 			setVariables({
 				...variables,
@@ -95,7 +106,7 @@ const InputField = ({
 					onChange={(
 						event: Event & {
 							target: HTMLInputElement;
-						}
+						},
 					) =>
 						setVariables({
 							...variables,
@@ -116,11 +127,11 @@ const InputField = ({
 			<InputGroup size="sm">
 				<Input
 					{...props}
-					value={variables[inputType] ?? ''}
+					value={variables[inputType] || ''}
 					onChange={(
 						event: Event & {
 							target: HTMLInputElement;
-						}
+						},
 					) =>
 						setVariables({
 							...variables,
@@ -207,7 +218,7 @@ const InputField = ({
 									updateInputHandler(
 										inputType,
 										ArrayInputOperations.REMOVE,
-										role
+										role,
 									)
 								}
 							/>
@@ -221,7 +232,7 @@ const InputField = ({
 							size="xs"
 							minW="150px"
 							placeholder="add a new value"
-							value={inputData[inputType] ?? ''}
+							value={inputData[inputType] || ''}
 							onChange={(e: any) => {
 								setInputData({ ...inputData, [inputType]: e.target.value });
 							}}
@@ -278,6 +289,87 @@ const InputField = ({
 			</Select>
 		);
 	}
+	if (Object.values(MultiSelectInputType).includes(inputType)) {
+		return (
+			<Flex w="100%" style={{ position: 'relative' }}>
+				<Flex
+					border="1px solid #e2e8f0"
+					w="100%"
+					borderRadius="var(--chakra-radii-sm)"
+					p="1% 0 0 2.5%"
+					overflowX={variables[inputType].length > 3 ? 'scroll' : 'hidden'}
+					overflowY="hidden"
+					justifyContent="space-between"
+					alignItems="center"
+				>
+					<Flex justifyContent="start" alignItems="center" w="100%" wrap="wrap">
+						{variables[inputType].map((role: string, index: number) => (
+							<Box key={index} margin="0.5%" role="group">
+								<Tag
+									size="sm"
+									variant="outline"
+									colorScheme="gray"
+									minW="fit-content"
+								>
+									<TagLabel cursor="default">{role}</TagLabel>
+									<TagRightIcon
+										boxSize="12px"
+										as={FaTimes}
+										display="none"
+										cursor="pointer"
+										_groupHover={{ display: 'block' }}
+										onClick={() =>
+											updateInputHandler(
+												inputType,
+												ArrayInputOperations.REMOVE,
+												role,
+											)
+										}
+									/>
+								</Tag>
+							</Box>
+						))}
+					</Flex>
+					<Menu matchWidth={true}>
+						<MenuButton px="10px" py="7.5px">
+							<FaAngleDown />
+						</MenuButton>
+						<MenuList
+							position="absolute"
+							top="0"
+							right="0"
+							zIndex="10"
+							maxH="150"
+							overflowX="scroll"
+						>
+							<MenuOptionGroup
+								title={undefined}
+								value={variables[inputType]}
+								type="checkbox"
+								onChange={(values: string[] | string) => {
+									setVariables({
+										...variables,
+										[inputType]: values,
+									});
+								}}
+							>
+								{availableUserRoles.map((role) => {
+									return (
+										<MenuItemOption
+											key={`multiselect-menu-${role}`}
+											value={role}
+										>
+											{role}
+										</MenuItemOption>
+									);
+								})}
+							</MenuOptionGroup>
+						</MenuList>
+					</Menu>
+				</Flex>
+			</Flex>
+		);
+	}
 	if (Object.values(TextAreaInputType).includes(inputType)) {
 		return (
 			<Textarea
@@ -288,7 +380,7 @@ const InputField = ({
 				onChange={(
 					event: Event & {
 						target: HTMLInputElement;
-					}
+					},
 				) =>
 					setVariables({
 						...variables,

dashboard/src/components/InviteMembersModal.tsx

@@ -304,7 +304,7 @@ const InviteMembersModal = ({
 																onClick={() =>
 																	updateEmailListHandler(
 																		ArrayInputOperations.REMOVE,
-																		index
+																		index,
 																	)
 																}
 															>

dashboard/src/components/Menu.tsx

@@ -218,7 +218,7 @@ export const Sidebar = ({ onClose, ...rest }: SidebarProps) => {
 									</NavItem>{' '}
 								</Text>
 							</NavLink>
-						)
+						),
 					)}
 					<Link
 						href="/playground"

dashboard/src/components/UpdateEmailTemplateModal.tsx

@@ -29,6 +29,10 @@ import {
 	Tbody,
 	Td,
 	Code,
+	Radio,
+	RadioGroup,
+	Stack,
+	Textarea,
 } from '@chakra-ui/react';
 import { FaPlus, FaAngleDown, FaAngleUp } from 'react-icons/fa';
 import { useClient } from 'urql';
@@ -38,6 +42,7 @@ import {
 	EmailTemplateInputDataFields,
 	emailTemplateEventNames,
 	emailTemplateVariables,
+	EmailTemplateEditors,
 } from '../constants';
 import { capitalizeFirstLetter } from '../utils';
 import { AddEmailTemplate, EditEmailTemplate } from '../graphql/mutation';
@@ -66,6 +71,8 @@ interface templateVariableDataTypes {
 interface emailTemplateDataType {
 	[EmailTemplateInputDataFields.EVENT_NAME]: string;
 	[EmailTemplateInputDataFields.SUBJECT]: string;
+	[EmailTemplateInputDataFields.TEMPLATE]: string;
+	[EmailTemplateInputDataFields.DESIGN]: string;
 }
 
 interface validatorDataType {
@@ -75,6 +82,8 @@ interface validatorDataType {
 const initTemplateData: emailTemplateDataType = {
 	[EmailTemplateInputDataFields.EVENT_NAME]: emailTemplateEventNames.Signup,
 	[EmailTemplateInputDataFields.SUBJECT]: '',
+	[EmailTemplateInputDataFields.TEMPLATE]: '',
+	[EmailTemplateInputDataFields.DESIGN]: '',
 };
 
 const initTemplateValidatorData: validatorDataType = {
@@ -91,6 +100,9 @@ const UpdateEmailTemplate = ({
 	const emailEditorRef = useRef(null);
 	const { isOpen, onOpen, onClose } = useDisclosure();
 	const [loading, setLoading] = useState<boolean>(false);
+	const [editor, setEditor] = useState<string>(
+		EmailTemplateEditors.PLAIN_HTML_EDITOR,
+	);
 	const [templateVariables, setTemplateVariables] = useState<
 		templateVariableDataTypes[]
 	>([]);
@@ -107,9 +119,11 @@ const UpdateEmailTemplate = ({
 		if (selectedTemplate) {
 			const { design } = selectedTemplate;
 			try {
-				const designData = JSON.parse(design);
-				// @ts-ignore
-				emailEditorRef.current.editor.loadDesign(designData);
+				if (design) {
+					const designData = JSON.parse(design);
+					// @ts-ignore
+					emailEditorRef.current.editor.loadDesign(designData);
+				}
 			} catch (error) {
 				console.error(error);
 				onClose();
@@ -136,70 +150,85 @@ const UpdateEmailTemplate = ({
 		);
 	};
 
+	const updateTemplate = async (params: emailTemplateDataType) => {
+		let res: any = {};
+		if (
+			view === UpdateModalViews.Edit &&
+			selectedTemplate?.[EmailTemplateInputDataFields.ID]
+		) {
+			res = await client
+				.mutation(EditEmailTemplate, {
+					params: {
+						...params,
+						id: selectedTemplate[EmailTemplateInputDataFields.ID],
+					},
+				})
+				.toPromise();
+		} else {
+			res = await client.mutation(AddEmailTemplate, { params }).toPromise();
+		}
+		setLoading(false);
+		if (res.error) {
+			toast({
+				title: capitalizeFirstLetter(res.error.message),
+				isClosable: true,
+				status: 'error',
+				position: 'bottom-right',
+			});
+		} else if (
+			res.data?._add_email_template ||
+			res.data?._update_email_template
+		) {
+			toast({
+				title: capitalizeFirstLetter(
+					res.data?._add_email_template?.message ||
+						res.data?._update_email_template?.message,
+				),
+				isClosable: true,
+				status: 'success',
+				position: 'bottom-right',
+			});
+			setTemplateData({
+				...initTemplateData,
+			});
+			setValidator({ ...initTemplateValidatorData });
+			fetchEmailTemplatesData();
+		}
+	};
+
 	const saveData = async () => {
 		if (!validateData()) return;
 		setLoading(true);
-		// @ts-ignore
-		return await emailEditorRef.current.editor.exportHtml(async (data) => {
-			const { design, html } = data;
-			if (!html || !design) {
-				setLoading(false);
-				return;
-			}
-			const params = {
-				[EmailTemplateInputDataFields.EVENT_NAME]:
-					templateData[EmailTemplateInputDataFields.EVENT_NAME],
-				[EmailTemplateInputDataFields.SUBJECT]:
-					templateData[EmailTemplateInputDataFields.SUBJECT],
-				[EmailTemplateInputDataFields.TEMPLATE]: html.trim(),
-				[EmailTemplateInputDataFields.DESIGN]: JSON.stringify(design),
-			};
-			let res: any = {};
-			if (
-				view === UpdateModalViews.Edit &&
-				selectedTemplate?.[EmailTemplateInputDataFields.ID]
-			) {
-				res = await client
-					.mutation(EditEmailTemplate, {
-						params: {
-							...params,
-							id: selectedTemplate[EmailTemplateInputDataFields.ID],
-						},
-					})
-					.toPromise();
-			} else {
-				res = await client.mutation(AddEmailTemplate, { params }).toPromise();
-			}
-			setLoading(false);
-			if (res.error) {
-				toast({
-					title: capitalizeFirstLetter(res.error.message),
-					isClosable: true,
-					status: 'error',
-					position: 'bottom-right',
-				});
-			} else if (
-				res.data?._add_email_template ||
-				res.data?._update_email_template
-			) {
-				toast({
-					title: capitalizeFirstLetter(
-						res.data?._add_email_template?.message ||
-							res.data?._update_email_template?.message
-					),
-					isClosable: true,
-					status: 'success',
-					position: 'bottom-right',
-				});
-				setTemplateData({
-					...initTemplateData,
-				});
-				setValidator({ ...initTemplateValidatorData });
-				fetchEmailTemplatesData();
-			}
-			view === UpdateModalViews.ADD && onClose();
-		});
+		let params: emailTemplateDataType = {
+			[EmailTemplateInputDataFields.EVENT_NAME]:
+				templateData[EmailTemplateInputDataFields.EVENT_NAME],
+			[EmailTemplateInputDataFields.SUBJECT]:
+				templateData[EmailTemplateInputDataFields.SUBJECT],
+			[EmailTemplateInputDataFields.TEMPLATE]:
+				templateData[EmailTemplateInputDataFields.TEMPLATE],
+			[EmailTemplateInputDataFields.DESIGN]: '',
+		};
+		if (editor === EmailTemplateEditors.UNLAYER_EDITOR) {
+			// @ts-ignore
+			await emailEditorRef.current.editor.exportHtml(async (data) => {
+				const { design, html } = data;
+				if (!html || !design) {
+					setLoading(false);
+					return;
+				}
+				params = {
+					...params,
+					[EmailTemplateInputDataFields.TEMPLATE]: html.trim(),
+					[EmailTemplateInputDataFields.DESIGN]: JSON.stringify(design),
+				};
+				await updateTemplate(params);
+			});
+		} else {
+			await updateTemplate(params);
+		}
+		view === UpdateModalViews.ADD && onClose();
 	};
+
 	const resetData = () => {
 		if (selectedTemplate) {
 			setTemplateData(selectedTemplate);
@@ -207,6 +236,8 @@ const UpdateEmailTemplate = ({
 			setTemplateData({ ...initTemplateData });
 		}
 	};
+
+	// set template data if edit modal is open
 	useEffect(() => {
 		if (
 			isOpen &&
@@ -214,13 +245,15 @@ const UpdateEmailTemplate = ({
 			selectedTemplate &&
 			Object.keys(selectedTemplate || {}).length
 		) {
-			const { id, created_at, template, design, ...rest } = selectedTemplate;
+			const { id, created_at, ...rest } = selectedTemplate;
 			setTemplateData(rest);
 		}
 	}, [isOpen]);
+
+	// set template variables
 	useEffect(() => {
 		const updatedTemplateVariables = Object.entries(
-			emailTemplateVariables
+			emailTemplateVariables,
 		).reduce((acc, [key, val]): any => {
 			if (
 				(templateData[EmailTemplateInputDataFields.EVENT_NAME] !==
@@ -244,6 +277,51 @@ const UpdateEmailTemplate = ({
 		setTemplateVariables(updatedTemplateVariables);
 	}, [templateData[EmailTemplateInputDataFields.EVENT_NAME]]);
 
+	// change editor
+	useEffect(() => {
+		if (isOpen && selectedTemplate) {
+			const { design } = selectedTemplate;
+			if (design) {
+				setEditor(EmailTemplateEditors.UNLAYER_EDITOR);
+			} else {
+				setEditor(EmailTemplateEditors.PLAIN_HTML_EDITOR);
+			}
+		}
+	}, [isOpen, selectedTemplate]);
+
+	// reset fields when editor is changed
+	useEffect(() => {
+		if (selectedTemplate?.design) {
+			if (editor === EmailTemplateEditors.UNLAYER_EDITOR) {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: selectedTemplate.template,
+					[EmailTemplateInputDataFields.DESIGN]: selectedTemplate.design,
+				});
+			} else {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: '',
+					[EmailTemplateInputDataFields.DESIGN]: '',
+				});
+			}
+		} else if (selectedTemplate?.template) {
+			if (editor === EmailTemplateEditors.UNLAYER_EDITOR) {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: '',
+					[EmailTemplateInputDataFields.DESIGN]: '',
+				});
+			} else {
+				setTemplateData({
+					...templateData,
+					[EmailTemplateInputDataFields.TEMPLATE]: selectedTemplate?.template,
+					[EmailTemplateInputDataFields.DESIGN]: '',
+				});
+			}
+		}
+	}, [editor]);
+
 	return (
 		<>
 			{view === UpdateModalViews.ADD ? (
@@ -367,7 +445,7 @@ const UpdateEmailTemplate = ({
 										onChange={(e) =>
 											inputChangehandler(
 												EmailTemplateInputDataFields.EVENT_NAME,
-												e.currentTarget.value
+												e.currentTarget.value,
 											)
 										}
 									>
@@ -376,7 +454,7 @@ const UpdateEmailTemplate = ({
 												<option value={value} key={key}>
 													{key}
 												</option>
-											)
+											),
 										)}
 									</Select>
 								</Flex>
@@ -401,7 +479,7 @@ const UpdateEmailTemplate = ({
 											onChange={(e) =>
 												inputChangehandler(
 													EmailTemplateInputDataFields.SUBJECT,
-													e.currentTarget.value
+													e.currentTarget.value,
 												)
 											}
 										/>
@@ -414,7 +492,22 @@ const UpdateEmailTemplate = ({
 								alignItems="center"
 								marginBottom="2%"
 							>
-								Template Body
+								<Flex flex="1">Template Body</Flex>
+								<Flex flex="3">
+									<RadioGroup
+										onChange={(value) => setEditor(value)}
+										value={editor}
+									>
+										<Stack direction="row" spacing="50px">
+											<Radio value={EmailTemplateEditors.PLAIN_HTML_EDITOR}>
+												Plain HTML
+											</Radio>
+											<Radio value={EmailTemplateEditors.UNLAYER_EDITOR}>
+												Unlayer Editor
+											</Radio>
+										</Stack>
+									</RadioGroup>
+								</Flex>
 							</Flex>
 							<Flex
 								width="100%"
@@ -423,7 +516,22 @@ const UpdateEmailTemplate = ({
 								border="1px solid"
 								borderColor="gray.200"
 							>
-								<EmailEditor ref={emailEditorRef} onReady={onReady} />
+								{editor === EmailTemplateEditors.UNLAYER_EDITOR ? (
+									<EmailEditor ref={emailEditorRef} onReady={onReady} />
+								) : (
+									<Textarea
+										value={templateData.template}
+										onChange={(e) => {
+											setTemplateData({
+												...templateData,
+												[EmailTemplateInputDataFields.TEMPLATE]: e.target.value,
+											});
+										}}
+										placeholder="Template HTML"
+										border="0"
+										height="500px"
+									/>
+								)}
 							</Flex>
 						</Flex>
 					</ModalBody>

dashboard/src/components/UpdateWebhookModal.tsx

@@ -126,13 +126,13 @@ const UpdateWebhookModal = ({
 		...initWebhookValidatorData,
 	});
 	const [verifiedStatus, setVerifiedStatus] = useState<webhookVerifiedStatus>(
-		webhookVerifiedStatus.PENDING
+		webhookVerifiedStatus.PENDING,
 	);
 	const inputChangehandler = (
 		inputType: string,
 		value: any,
 		headerInputType: string = WebhookInputHeaderFields.KEY,
-		headerIndex: number = 0
+		headerIndex: number = 0,
 	) => {
 		if (
 			verifiedStatus !== webhookVerifiedStatus.PENDING &&
@@ -238,7 +238,7 @@ const UpdateWebhookModal = ({
 			validator[WebhookInputDataFields.ENDPOINT] &&
 			!validator[WebhookInputDataFields.HEADERS].some(
 				(headerData: headersValidatorDataType) =>
-					!headerData.key || !headerData.value
+					!headerData.key || !headerData.value,
 			)
 		);
 	};
@@ -256,7 +256,7 @@ const UpdateWebhookModal = ({
 				(acc, data) => {
 					return data.key ? { ...acc, [data.key]: data.value } : acc;
 				},
-				{}
+				{},
 			);
 			if (Object.keys(headers).length) {
 				params[WebhookInputDataFields.HEADERS] = headers;
@@ -295,7 +295,7 @@ const UpdateWebhookModal = ({
 		} else if (res.data?._add_webhook || res.data?._update_webhook) {
 			toast({
 				title: capitalizeFirstLetter(
-					res.data?._add_webhook?.message || res.data?._update_webhook?.message
+					res.data?._add_webhook?.message || res.data?._update_webhook?.message,
 				),
 				isClosable: true,
 				status: 'success',
@@ -333,7 +333,7 @@ const UpdateWebhookModal = ({
 				setValidator({
 					...validator,
 					[WebhookInputDataFields.HEADERS]: new Array(
-						formattedHeadersData.length
+						formattedHeadersData.length,
 					)
 						.fill({})
 						.map(() => ({ ...initHeadersValidatorData })),
@@ -406,7 +406,7 @@ const UpdateWebhookModal = ({
 										onChange={(e) =>
 											inputChangehandler(
 												WebhookInputDataFields.EVENT_NAME,
-												e.currentTarget.value
+												e.currentTarget.value,
 											)
 										}
 									>
@@ -415,7 +415,7 @@ const UpdateWebhookModal = ({
 												<option value={value} key={key}>
 													{key}
 												</option>
-											)
+											),
 										)}
 									</Select>
 								</Flex>
@@ -438,7 +438,7 @@ const UpdateWebhookModal = ({
 											onChange={(e) =>
 												inputChangehandler(
 													WebhookInputDataFields.ENDPOINT,
-													e.currentTarget.value
+													e.currentTarget.value,
 												)
 											}
 										/>
@@ -462,7 +462,7 @@ const UpdateWebhookModal = ({
 										onChange={() =>
 											inputChangehandler(
 												WebhookInputDataFields.ENABLED,
-												!webhook[WebhookInputDataFields.ENABLED]
+												!webhook[WebhookInputDataFields.ENABLED],
 											)
 										}
 									/>
@@ -517,7 +517,7 @@ const UpdateWebhookModal = ({
 															WebhookInputDataFields.HEADERS,
 															e.target.value,
 															WebhookInputHeaderFields.KEY,
-															index
+															index,
 														)
 													}
 													width="30%"
@@ -540,7 +540,7 @@ const UpdateWebhookModal = ({
 															WebhookInputDataFields.HEADERS,
 															e.target.value,
 															WebhookInputHeaderFields.VALUE,
-															index
+															index,
 														)
 													}
 													width="65%"
@@ -560,7 +560,7 @@ const UpdateWebhookModal = ({
 												</InputRightElement>
 											</InputGroup>
 										</Flex>
-									)
+									),
 								)}
 							</Flex>
 							<Divider marginY={5} />

dashboard/src/components/ViewWebhookLogsModal.tsx

@@ -161,15 +161,15 @@ const ViewWebhookLogsModal = ({
 													<Td>
 														<Text fontSize="sm">{`${logData.id.substring(
 															0,
-															5
+															5,
 														)}***${logData.id.substring(
 															logData.id.length - 5,
-															logData.id.length
+															logData.id.length,
 														)}`}</Text>
 													</Td>
 													<Td>
 														{dayjs(logData.created_at * 1000).format(
-															'MMM DD, YYYY'
+															'MMM DD, YYYY',
 														)}
 													</Td>
 													<Td>

dashboard/src/constants.ts

@@ -15,6 +15,7 @@ export const TextInputType = {
 	SMTP_HOST: 'SMTP_HOST',
 	SMTP_PORT: 'SMTP_PORT',
 	SMTP_USERNAME: 'SMTP_USERNAME',
+	SMTP_LOCAL_NAME: 'SMTP_LOCAL_NAME',
 	SENDER_EMAIL: 'SENDER_EMAIL',
 	ORGANIZATION_NAME: 'ORGANIZATION_NAME',
 	ORGANIZATION_LOGO: 'ORGANIZATION_LOGO',
@@ -48,7 +49,6 @@ export const ArrayInputType = {
 	DEFAULT_ROLES: 'DEFAULT_ROLES',
 	PROTECTED_ROLES: 'PROTECTED_ROLES',
 	ALLOWED_ORIGINS: 'ALLOWED_ORIGINS',
-	USER_ROLES: 'roles',
 };
 
 export const SelectInputType = {
@@ -56,6 +56,10 @@ export const SelectInputType = {
 	GENDER: 'gender',
 };
 
+export const MultiSelectInputType = {
+	USER_ROLES: 'roles',
+};
+
 export const TextAreaInputType = {
 	CUSTOM_ACCESS_TOKEN_SCRIPT: 'CUSTOM_ACCESS_TOKEN_SCRIPT',
 	JWT_PRIVATE_KEY: 'JWT_PRIVATE_KEY',
@@ -63,6 +67,8 @@ export const TextAreaInputType = {
 };
 
 export const SwitchInputType = {
+	APP_COOKIE_SECURE: 'APP_COOKIE_SECURE',
+	ADMIN_COOKIE_SECURE: 'ADMIN_COOKIE_SECURE',
 	DISABLE_LOGIN_PAGE: 'DISABLE_LOGIN_PAGE',
 	DISABLE_MAGIC_LINK_LOGIN: 'DISABLE_MAGIC_LINK_LOGIN',
 	DISABLE_EMAIL_VERIFICATION: 'DISABLE_EMAIL_VERIFICATION',
@@ -127,12 +133,15 @@ export interface envVarTypes {
 	SMTP_PORT: string;
 	SMTP_USERNAME: string;
 	SMTP_PASSWORD: string;
+	SMTP_LOCAL_NAME: string;
 	SENDER_EMAIL: string;
 	ALLOWED_ORIGINS: [string] | [];
 	ORGANIZATION_NAME: string;
 	ORGANIZATION_LOGO: string;
 	CUSTOM_ACCESS_TOKEN_SCRIPT: string;
 	ADMIN_SECRET: string;
+	APP_COOKIE_SECURE: boolean;
+	ADMIN_COOKIE_SECURE: boolean;
 	DISABLE_LOGIN_PAGE: boolean;
 	DISABLE_MAGIC_LINK_LOGIN: boolean;
 	DISABLE_EMAIL_VERIFICATION: boolean;
@@ -328,3 +337,8 @@ export const webhookPayloadExample: string = `{
 	},
 	"auth_recipe":"google"
  }`;
+
+export enum EmailTemplateEditors {
+	UNLAYER_EDITOR = 'unlayer_editor',
+	PLAIN_HTML_EDITOR = 'plain_html_editor',
+}

dashboard/src/graphql/queries/index.ts

@@ -45,11 +45,14 @@ export const EnvVariablesQuery = `
       SMTP_PORT
       SMTP_USERNAME
       SMTP_PASSWORD
+      SMTP_LOCAL_NAME
       SENDER_EMAIL
       ALLOWED_ORIGINS
       ORGANIZATION_NAME
       ORGANIZATION_LOGO
       ADMIN_SECRET
+      APP_COOKIE_SECURE
+      ADMIN_COOKIE_SECURE
       DISABLE_LOGIN_PAGE
       DISABLE_MAGIC_LINK_LOGIN
       DISABLE_EMAIL_VERIFICATION
@@ -167,3 +170,12 @@ export const WebhookLogsQuery = `
     }
   }
 `;
+
+export const GetAvailableRolesQuery = `
+  query {
+    _env {
+      ROLES
+      PROTECTED_ROLES
+    }
+  }
+`;

dashboard/src/index.tsx

@@ -6,5 +6,5 @@ ReactDOM.render(
 	<div>
 		<App />
 	</div>,
-	document.getElementById('root')
+	document.getElementById('root'),
 );

dashboard/src/pages/EmailTemplates.tsx

@@ -154,7 +154,7 @@ const EmailTemplates = () => {
 									<Td>{templateData[EmailTemplateInputDataFields.SUBJECT]}</Td>
 									<Td>
 										{dayjs(templateData.created_at * 1000).format(
-											'MMM DD, YYYY'
+											'MMM DD, YYYY',
 										)}
 									</Td>
 									<Td>

dashboard/src/pages/Environment.tsx

@@ -65,12 +65,15 @@ const Environment = () => {
 		SMTP_PORT: '',
 		SMTP_USERNAME: '',
 		SMTP_PASSWORD: '',
+		SMTP_LOCAL_NAME: '',
 		SENDER_EMAIL: '',
 		ALLOWED_ORIGINS: [],
 		ORGANIZATION_NAME: '',
 		ORGANIZATION_LOGO: '',
 		CUSTOM_ACCESS_TOKEN_SCRIPT: '',
 		ADMIN_SECRET: '',
+		APP_COOKIE_SECURE: false,
+		ADMIN_COOKIE_SECURE: false,
 		DISABLE_LOGIN_PAGE: false,
 		DISABLE_MAGIC_LINK_LOGIN: false,
 		DISABLE_EMAIL_VERIFICATION: false,
@@ -155,7 +158,7 @@ const Environment = () => {
 				// @ts-ignore
 				[property]: envVariables[property],
 			}),
-			{}
+			{},
 		);
 		if (
 			updatedEnvVariables[HiddenInputType.ADMIN_SECRET] === '' ||

dashboard/src/pages/Users.tsx

@@ -29,7 +29,7 @@ import {
 	MenuItem,
 	useToast,
 	Spinner,
-	TableContainer
+	TableContainer,
 } from '@chakra-ui/react';
 import {
 	FaAngleLeft,
@@ -195,7 +195,7 @@ export default function Users() {
 
 	const updateAccessHandler = async (
 		id: string,
-		action: updateAccessActions
+		action: updateAccessActions,
 	) => {
 		switch (action) {
 			case updateAccessActions.ENABLE:
@@ -263,8 +263,9 @@ export default function Users() {
 			.toPromise();
 		if (res.data?._update_user?.id) {
 			toast({
-				title: `Multi factor authentication ${user.is_multi_factor_auth_enabled ? 'disabled' : 'enabled'
-					} for user`,
+				title: `Multi factor authentication ${
+					user.is_multi_factor_auth_enabled ? 'disabled' : 'enabled'
+				} for user`,
 				isClosable: true,
 				status: 'success',
 				position: 'bottom-right',
@@ -387,7 +388,7 @@ export default function Users() {
 																onClick={() =>
 																	updateAccessHandler(
 																		user.id,
-																		updateAccessActions.ENABLE
+																		updateAccessActions.ENABLE,
 																	)
 																}
 															>
@@ -398,7 +399,7 @@ export default function Users() {
 																onClick={() =>
 																	updateAccessHandler(
 																		user.id,
-																		updateAccessActions.REVOKE
+																		updateAccessActions.REVOKE,
 																	)
 																}
 															>
@@ -407,13 +408,17 @@ export default function Users() {
 														)}
 														{user.is_multi_factor_auth_enabled ? (
 															<MenuItem
-																onClick={() => multiFactorAuthUpdateHandler(user)}
+																onClick={() =>
+																	multiFactorAuthUpdateHandler(user)
+																}
 															>
 																Disable MultiFactor Authentication
 															</MenuItem>
 														) : (
 															<MenuItem
-																onClick={() => multiFactorAuthUpdateHandler(user)}
+																onClick={() =>
+																	multiFactorAuthUpdateHandler(user)
+																}
 															>
 																Enable MultiFactor Authentication
 															</MenuItem>

dashboard/src/pages/Webhooks.tsx

@@ -170,12 +170,12 @@ const Webhooks = () => {
 											label={JSON.stringify(
 												webhook[WebhookInputDataFields.HEADERS],
 												null,
-												' '
+												' ',
 											)}
 										>
 											<Tag size="sm" variant="outline" colorScheme="gray">
 												{Object.keys(
-													webhook[WebhookInputDataFields.HEADERS] || {}
+													webhook[WebhookInputDataFields.HEADERS] || {},
 												)?.length.toString()}
 											</Tag>
 										</Tooltip>

dashboard/src/utils/index.ts

@@ -67,7 +67,7 @@ export const validateEmail = (email: string) => {
 	return email
 		.toLowerCase()
 		.match(
-			/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+			/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/,
 		)
 		? true
 		: false;
@@ -78,7 +78,7 @@ export const validateURI = (uri: string) => {
 	return uri
 		.toLowerCase()
 		.match(
-			/(?:^|\s)((https?:\/\/)?(?:localhost|[\w-]+(?:\.[\w-]+)+)(:\d+)?(\/\S*)?)/
+			/(?:^|\s)((https?:\/\/)?(?:localhost|[\w-]+(?:\.[\w-]+)+)(:\d+)?(\/\S*)?)/,
 		)
 		? true
 		: false;

dashboard/src/utils/parseCSV.ts

@@ -27,7 +27,7 @@ const parseCSV = (file: File, delimiter: string): Promise<dataTypes[]> => {
 						value: email.trim(),
 						isInvalid: !validateEmail(email.trim()),
 					};
-				})
+				}),
 			);
 		};
 

server/constants/db_types.go

@@ -25,4 +25,8 @@ const (
 	DbTypeCockroachDB = "cockroachdb"
 	// DbTypePlanetScaleDB is the planetscale database type
 	DbTypePlanetScaleDB = "planetscale"
+	// DbTypeDynamoDB is the Dynamo database type
+	DbTypeDynamoDB = "dynamodb"
+	// DbTypeSurrealDB is the SurrealDB database type
+	DbTypeSurrealDB = "surrealdb"
 )

server/constants/env.go

@@ -21,6 +21,12 @@ const (
 	EnvKeyDatabaseType = "DATABASE_TYPE"
 	// EnvKeyDatabaseURL key for env variable DATABASE_URL
 	EnvKeyDatabaseURL = "DATABASE_URL"
+	// EnvAwsRegion key for env variable AWS REGION
+	EnvAwsRegion = "AWS_REGION"
+	// EnvAwsAccessKeyID key for env variable AWS_ACCESS_KEY_ID
+	EnvAwsAccessKeyID = "AWS_ACCESS_KEY_ID"
+	// EnvAwsAccessKey key for env variable AWS_SECRET_ACCESS_KEY
+	EnvAwsSecretAccessKey = "AWS_SECRET_ACCESS_KEY"
 	// EnvKeyDatabaseName key for env variable DATABASE_NAME
 	EnvKeyDatabaseName = "DATABASE_NAME"
 	// EnvKeyDatabaseUsername key for env variable DATABASE_USERNAME
@@ -45,6 +51,8 @@ const (
 	EnvKeySmtpUsername = "SMTP_USERNAME"
 	// EnvKeySmtpPassword key for env variable SMTP_PASSWORD
 	EnvKeySmtpPassword = "SMTP_PASSWORD"
+	// EnvKeySmtpLocalName key for env variable SMTP_LOCAL_NAME
+	EnvKeySmtpLocalName = "SMTP_LOCAL_NAME"
 	// EnvKeySenderEmail key for env variable SENDER_EMAIL
 	EnvKeySenderEmail = "SENDER_EMAIL"
 	// EnvKeyIsEmailServiceEnabled key for env variable IS_EMAIL_SERVICE_ENABLED

server/constants/oauth2.go

@@ -0,0 +1,19 @@
+package constants
+
+const (
+	// - query: for Authorization Code grant. 302 Found triggers redirect.
+	ResponseModeQuery = "query"
+	// - fragment: for Implicit grant. 302 Found triggers redirect.
+	ResponseModeFragment = "fragment"
+	// - form_post: 200 OK with response parameters embedded in an HTML form as hidden parameters.
+	ResponseModeFormPost = "form_post"
+	// - web_message: For Silent Authentication. Uses HTML5 web messaging.
+	ResponseModeWebMessage = "web_message"
+
+	// For the Authorization Code grant, use response_type=code to include the authorization code.
+	ResponseTypeCode = "code"
+	// For the Implicit grant, use response_type=token to include an access token.
+	ResponseTypeToken = "token"
+	// For the Implicit grant of id_token, use response_type=id_token to include an identifier token.
+	ResponseTypeIDToken = "id_token"
+)

server/constants/verification_types.go

@@ -14,3 +14,14 @@ const (
 	// VerificationTypeOTP is the otp verification type
 	VerificationTypeOTP = "verify_otp"
 )
+
+var (
+	// VerificationTypes is slice of all verification types
+	VerificationTypes = []string{
+		VerificationTypeBasicAuthSignup,
+		VerificationTypeMagicLinkLogin,
+		VerificationTypeUpdateEmail,
+		VerificationTypeForgotPassword,
+		VerificationTypeInviteMember,
+	}
+)

server/cookie/cookie.go

@@ -29,10 +29,20 @@ func SetSession(gc *gin.Context, sessionID string) {
 		domain = "." + domain
 	}
 
+	// Since app cookie can come from cross site it becomes important to set this in lax mode when insecure.
+	// Example person using custom UI on their app domain and making request to authorizer domain.
+	// For more information check:
+	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
+	// https://github.com/gin-gonic/gin/blob/master/context.go#L86
+	// TODO add ability to sameSite = none / strict from dashboard
+	if !appCookieSecure {
+		gc.SetSameSite(http.SameSiteLaxMode)
+	} else {
+		gc.SetSameSite(http.SameSiteNoneMode)
+	}
 	// TODO allow configuring from dashboard
 	year := 60 * 60 * 24 * 365
 
-	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.AppCookieName+"_session", sessionID, year, "/", host, secure, httpOnly)
 	gc.SetCookie(constants.AppCookieName+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)
 }

server/db/db.go

@@ -7,8 +7,10 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/providers"
 	"github.com/authorizerdev/authorizer/server/db/providers/arangodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/cassandradb"
+	"github.com/authorizerdev/authorizer/server/db/providers/dynamodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/mongodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/sql"
+	"github.com/authorizerdev/authorizer/server/db/providers/surrealdb"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
@@ -20,10 +22,12 @@ func InitDB() error {
 
 	envs := memorystore.RequiredEnvStoreObj.GetRequiredEnv()
 
-	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB
+	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB && envs.DatabaseType != constants.DbTypeSurrealDB
 	isArangoDB := envs.DatabaseType == constants.DbTypeArangodb
 	isMongoDB := envs.DatabaseType == constants.DbTypeMongodb
 	isCassandra := envs.DatabaseType == constants.DbTypeCassandraDB || envs.DatabaseType == constants.DbTypeScyllaDB
+	isDynamoDB := envs.DatabaseType == constants.DbTypeDynamoDB
+	isSurrealDB := envs.DatabaseType == constants.DbTypeSurrealDB
 
 	if isSQL {
 		log.Info("Initializing SQL Driver for: ", envs.DatabaseType)
@@ -61,5 +65,23 @@ func InitDB() error {
 		}
 	}
 
+	if isDynamoDB {
+		log.Info("Initializing DynamoDB Driver for: ", envs.DatabaseType)
+		Provider, err = dynamodb.NewProvider()
+		if err != nil {
+			log.Fatal("Failed to initialize DynamoDB driver: ", err)
+			return err
+		}
+	}
+
+	if isSurrealDB {
+		log.Info("Initializing Surreal Driver")
+		Provider, err = surrealdb.NewProvider()
+		if err != nil {
+			log.Fatal("Failed to initialize Surreal driver: ", err)
+			return err
+		}
+	}
+
 	return nil
 }

server/db/models/email_templates.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"encoding/json"
 	"strings"
 
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -9,14 +10,14 @@ import (
 
 // EmailTemplate model for database
 type EmailTemplate struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name"`
-	Subject   string `gorm:"type:text" json:"subject" bson:"subject" cql:"subject"`
-	Template  string `gorm:"type:text" json:"template" bson:"template" cql:"template"`
-	Design    string `gorm:"type:text" json:"design" bson:"design" cql:"design"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name" dynamo:"event_name" index:"event_name,hash"`
+	Subject   string `json:"subject" bson:"subject" cql:"subject" dynamo:"subject"`
+	Template  string `json:"template" bson:"template" cql:"template" dynamo:"template"`
+	Design    string `json:"design" bson:"design" cql:"design" dynamo:"design"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 // AsAPIEmailTemplate to return email template as graphql response object
@@ -35,3 +36,10 @@ func (e *EmailTemplate) AsAPIEmailTemplate() *model.EmailTemplate {
 		UpdatedAt: refs.NewInt64Ref(e.UpdatedAt),
 	}
 }
+
+func (e *EmailTemplate) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(e) // Convert to a json string
+	json.Unmarshal(data, &res) // Convert to a map
+	return res
+}

server/db/models/env.go

@@ -1,13 +1,22 @@
 package models
 
+import "encoding/json"
+
 // Note: any change here should be reflected in providers/casandra/provider.go as it does not have model support in collection creation
 
 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	EnvData   string `gorm:"type:text" json:"env" bson:"env" cql:"env"`
-	Hash      string `gorm:"type:text" json:"hash" bson:"hash" cql:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+}
+
+func (env *Env) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(env) // Convert to a json string
+	json.Unmarshal(data, &res)   // Convert to a map
+	return res
 }

server/db/models/model.go

@@ -13,6 +13,10 @@ type CollectionList struct {
 }
 
 var (
+	// DB/Namespace
+	DBNamespace = "authorizer"
+	// Identifier field used for surreal db
+	SurrealDbIdentifier = "identifier"
 	// Prefix for table name / collection names
 	Prefix = "authorizer_"
 	// Collections / Tables available for authorizer in the database (used for dbs other than gorm)

server/db/models/otp.go

@@ -1,12 +1,25 @@
 package models
 
+import "encoding/json"
+
 // OTP model for database
 type OTP struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	Email     string `gorm:"unique" json:"email" bson:"email" cql:"email"`
-	Otp       string `json:"otp" bson:"otp" cql:"otp"`
-	ExpiresAt int64  `json:"expires_at" bson:"expires_at" cql:"expires_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	Email     string `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
+	Otp       string `json:"otp" bson:"otp" cql:"otp" dynamo:"otp"`
+	ExpiresAt int64  `json:"expires_at" bson:"expires_at" cql:"expires_at" dynamo:"expires_at"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+}
+
+type Paging struct {
+	ID string `json:"id,omitempty" dynamo:"id,hash"`
+}
+
+func (o *OTP) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(o) // Convert to a json string
+	json.Unmarshal(data, &res) // Convert to a map
+	return res
 }

server/db/models/session.go

@@ -1,14 +1,23 @@
 package models
 
+import "encoding/json"
+
 // Note: any change here should be reflected in providers/casandra/provider.go as it does not have model support in collection creation
 
 // Session model for db
 type Session struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	UserID    string `gorm:"type:char(36)" json:"user_id" bson:"user_id" cql:"user_id"`
-	UserAgent string `json:"user_agent" bson:"user_agent" cql:"user_agent"`
-	IP        string `json:"ip" bson:"ip" cql:"ip"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	UserID    string `gorm:"type:char(36)" json:"user_id" bson:"user_id" cql:"user_id" dynamo:"user_id" index:"user_id,hash"`
+	UserAgent string `json:"user_agent" bson:"user_agent" cql:"user_agent" dynamo:"user_agent"`
+	IP        string `json:"ip" bson:"ip" cql:"ip" dynamo:"ip"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+}
+
+func (s *Session) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(s) // Convert to a json string
+	json.Unmarshal(data, &res) // Convert to a map
+	return res
 }

server/db/models/user.go

@@ -12,27 +12,27 @@ import (
 
 // User model for db
 type User struct {
-	Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
+	Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
 
-	Email                    string  `gorm:"unique" json:"email" bson:"email" cql:"email"`
-	EmailVerifiedAt          *int64  `json:"email_verified_at" bson:"email_verified_at" cql:"email_verified_at"`
-	Password                 *string `gorm:"type:text" json:"password" bson:"password" cql:"password"`
-	SignupMethods            string  `json:"signup_methods" bson:"signup_methods" cql:"signup_methods"`
-	GivenName                *string `json:"given_name" bson:"given_name" cql:"given_name"`
-	FamilyName               *string `json:"family_name" bson:"family_name" cql:"family_name"`
-	MiddleName               *string `json:"middle_name" bson:"middle_name" cql:"middle_name"`
-	Nickname                 *string `json:"nickname" bson:"nickname" cql:"nickname"`
-	Gender                   *string `json:"gender" bson:"gender" cql:"gender"`
-	Birthdate                *string `json:"birthdate" bson:"birthdate" cql:"birthdate"`
-	PhoneNumber              *string `gorm:"unique" json:"phone_number" bson:"phone_number" cql:"phone_number"`
-	PhoneNumberVerifiedAt    *int64  `json:"phone_number_verified_at" bson:"phone_number_verified_at" cql:"phone_number_verified_at"`
-	Picture                  *string `gorm:"type:text" json:"picture" bson:"picture" cql:"picture"`
-	Roles                    string  `json:"roles" bson:"roles" cql:"roles"`
-	RevokedTimestamp         *int64  `json:"revoked_timestamp" bson:"revoked_timestamp" cql:"revoked_timestamp"`
-	IsMultiFactorAuthEnabled *bool   `json:"is_multi_factor_auth_enabled" bson:"is_multi_factor_auth_enabled" cql:"is_multi_factor_auth_enabled"`
-	UpdatedAt                int64   `json:"updated_at" bson:"updated_at" cql:"updated_at"`
-	CreatedAt                int64   `json:"created_at" bson:"created_at" cql:"created_at"`
+	Email                    string  `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
+	EmailVerifiedAt          *int64  `json:"email_verified_at" bson:"email_verified_at" cql:"email_verified_at" dynamo:"email_verified_at"`
+	Password                 *string `json:"password" bson:"password" cql:"password" dynamo:"password"`
+	SignupMethods            string  `json:"signup_methods" bson:"signup_methods" cql:"signup_methods" dynamo:"signup_methods"`
+	GivenName                *string `json:"given_name" bson:"given_name" cql:"given_name" dynamo:"given_name"`
+	FamilyName               *string `json:"family_name" bson:"family_name" cql:"family_name" dynamo:"family_name"`
+	MiddleName               *string `json:"middle_name" bson:"middle_name" cql:"middle_name" dynamo:"middle_name"`
+	Nickname                 *string `json:"nickname" bson:"nickname" cql:"nickname" dynamo:"nickname"`
+	Gender                   *string `json:"gender" bson:"gender" cql:"gender" dynamo:"gender"`
+	Birthdate                *string `json:"birthdate" bson:"birthdate" cql:"birthdate" dynamo:"birthdate"`
+	PhoneNumber              *string `gorm:"index" json:"phone_number" bson:"phone_number" cql:"phone_number" dynamo:"phone_number"`
+	PhoneNumberVerifiedAt    *int64  `json:"phone_number_verified_at" bson:"phone_number_verified_at" cql:"phone_number_verified_at" dynamo:"phone_number_verified_at"`
+	Picture                  *string `json:"picture" bson:"picture" cql:"picture" dynamo:"picture"`
+	Roles                    string  `json:"roles" bson:"roles" cql:"roles" dynamo:"roles"`
+	RevokedTimestamp         *int64  `json:"revoked_timestamp" bson:"revoked_timestamp" cql:"revoked_timestamp" dynamo:"revoked_timestamp"`
+	IsMultiFactorAuthEnabled *bool   `json:"is_multi_factor_auth_enabled" bson:"is_multi_factor_auth_enabled" cql:"is_multi_factor_auth_enabled" dynamo:"is_multi_factor_auth_enabled"`
+	UpdatedAt                int64   `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt                int64   `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }
 
 func (user *User) AsAPIUser() *model.User {

server/db/models/verification_requests.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"encoding/json"
 	"strings"
 
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -11,16 +12,16 @@ import (
 
 // VerificationRequest model for db
 type VerificationRequest struct {
-	Key         string `json:"_key,omitempty" bson:"_key" cql:"_key,omitempty"` // for arangodb
-	ID          string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	Token       string `gorm:"type:text" json:"token" bson:"token" cql:"jwt_token"` // token is reserved keyword in cassandra
-	Identifier  string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(64)" json:"identifier" bson:"identifier" cql:"identifier"`
-	ExpiresAt   int64  `json:"expires_at" bson:"expires_at" cql:"expires_at"`
-	Email       string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(256)" json:"email" bson:"email" cql:"email"`
-	Nonce       string `gorm:"type:text" json:"nonce" bson:"nonce" cql:"nonce"`
-	RedirectURI string `gorm:"type:text" json:"redirect_uri" bson:"redirect_uri" cql:"redirect_uri"`
-	CreatedAt   int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt   int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key         string `json:"_key,omitempty" bson:"_key" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID          string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	Token       string `json:"token" bson:"token" cql:"jwt_token" dynamo:"token" index:"token,hash"`
+	Identifier  string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(64)" json:"identifier" bson:"identifier" cql:"identifier" dynamo:"identifier"`
+	ExpiresAt   int64  `json:"expires_at" bson:"expires_at" cql:"expires_at" dynamo:"expires_at"`
+	Email       string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(256)" json:"email" bson:"email" cql:"email" dynamo:"email"`
+	Nonce       string `json:"nonce" bson:"nonce" cql:"nonce" dynamo:"nonce"`
+	RedirectURI string `json:"redirect_uri" bson:"redirect_uri" cql:"redirect_uri" dynamo:"redirect_uri"`
+	CreatedAt   int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt   int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequest {
@@ -41,3 +42,10 @@ func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequ
 		UpdatedAt:   refs.NewInt64Ref(v.UpdatedAt),
 	}
 }
+
+func (v *VerificationRequest) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(v) // Convert to a json string
+	json.Unmarshal(data, &res) // Convert to a map
+	return res
+}

server/db/models/webhook.go

@@ -12,14 +12,14 @@ import (
 
 // Webhook model for db
 type Webhook struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name"`
-	EndPoint  string `gorm:"type:text" json:"endpoint" bson:"endpoint" cql:"endpoint"`
-	Headers   string `gorm:"type:text" json:"headers" bson:"headers" cql:"headers"`
-	Enabled   bool   `json:"enabled" bson:"enabled" cql:"enabled"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name" dynamo:"event_name" index:"event_name,hash"`
+	EndPoint  string `json:"endpoint" bson:"endpoint" cql:"endpoint" dynamo:"endpoint"`
+	Headers   string `json:"headers" bson:"headers" cql:"headers" dynamo:"headers"`
+	Enabled   bool   `json:"enabled" bson:"enabled" cql:"enabled" dynamo:"enabled"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 // AsAPIWebhook to return webhook as graphql response object
@@ -42,3 +42,10 @@ func (w *Webhook) AsAPIWebhook() *model.Webhook {
 		UpdatedAt: refs.NewInt64Ref(w.UpdatedAt),
 	}
 }
+
+func (w *Webhook) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(w) // Convert to a json string
+	json.Unmarshal(data, &res) // Convert to a map
+	return res
+}

server/db/models/webhook_log.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"encoding/json"
 	"strings"
 
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -11,14 +12,14 @@ import (
 
 // WebhookLog model for db
 type WebhookLog struct {
-	Key        string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID         string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	HttpStatus int64  `json:"http_status" bson:"http_status" cql:"http_status"`
-	Response   string `gorm:"type:text" json:"response" bson:"response" cql:"response"`
-	Request    string `gorm:"type:text" json:"request" bson:"request" cql:"request"`
-	WebhookID  string `gorm:"type:char(36)" json:"webhook_id" bson:"webhook_id" cql:"webhook_id"`
-	CreatedAt  int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt  int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key        string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID         string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	HttpStatus int64  `json:"http_status" bson:"http_status" cql:"http_status" dynamo:"http_status"`
+	Response   string `json:"response" bson:"response" cql:"response" dynamo:"response"`
+	Request    string `json:"request" bson:"request" cql:"request" dynamo:"request"`
+	WebhookID  string `gorm:"type:char(36)" json:"webhook_id" bson:"webhook_id" cql:"webhook_id" dynamo:"webhook_id" index:"webhook_id,hash"`
+	CreatedAt  int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt  int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 // AsAPIWebhookLog to return webhook log as graphql response object
@@ -37,3 +38,10 @@ func (w *WebhookLog) AsAPIWebhookLog() *model.WebhookLog {
 		UpdatedAt:  refs.NewInt64Ref(w.UpdatedAt),
 	}
 }
+
+func (w *WebhookLog) ToMap() map[string]interface{} {
+	res := map[string]interface{}{}
+	data, _ := json.Marshal(w) // Convert to a json string
+	json.Unmarshal(data, &res) // Convert to a map
+	return res
+}

server/db/providers/dynamodb/email_template.go

@@ -0,0 +1,121 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddEmailTemplate to add EmailTemplate
+func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	if emailTemplate.ID == "" {
+		emailTemplate.ID = uuid.New().String()
+	}
+
+	emailTemplate.Key = emailTemplate.ID
+	emailTemplate.CreatedAt = time.Now().Unix()
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	err := collection.Put(emailTemplate).RunWithContext(ctx)
+
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// UpdateEmailTemplate to update EmailTemplate
+func (p *provider) UpdateEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	err := UpdateByHashKey(collection, "id", emailTemplate.ID, emailTemplate)
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// ListEmailTemplates to list EmailTemplate
+func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagination) (*model.EmailTemplates, error) {
+
+	var emailTemplate models.EmailTemplate
+	var iter dynamo.PagingIter
+	var lastEval dynamo.PagingKey
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	emailTemplates := []*model.EmailTemplate{}
+	paginationClone := pagination
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &emailTemplate) {
+			if paginationClone.Offset == iteration {
+				emailTemplates = append(emailTemplates, emailTemplate.AsAPIEmailTemplate())
+			}
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	paginationClone.Total = count
+
+	return &model.EmailTemplates{
+		Pagination:     &paginationClone,
+		EmailTemplates: emailTemplates,
+	}, nil
+}
+
+// GetEmailTemplateByID to get EmailTemplate by id
+func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	var emailTemplate models.EmailTemplate
+	err := collection.Get("id", emailTemplateID).OneWithContext(ctx, &emailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// GetEmailTemplateByEventName to get EmailTemplate by event_name
+func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	var emailTemplates []models.EmailTemplate
+	var emailTemplate models.EmailTemplate
+
+	err := collection.Scan().Index("event_name").Filter("'event_name' = ?", eventName).Limit(1).AllWithContext(ctx, &emailTemplates)
+	if err != nil {
+		return nil, err
+	}
+	if len(emailTemplates) > 0 {
+		emailTemplate = emailTemplates[0]
+		return emailTemplate.AsAPIEmailTemplate(), nil
+	} else {
+		return nil, errors.New("no record found")
+	}
+
+}
+
+// DeleteEmailTemplate to delete EmailTemplate
+func (p *provider) DeleteEmailTemplate(ctx context.Context, emailTemplate *model.EmailTemplate) error {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	err := collection.Delete("id", emailTemplate.ID).RunWithContext(ctx)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

server/db/providers/dynamodb/env.go

@@ -0,0 +1,72 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// AddEnv to save environment information in database
+func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	collection := p.db.Table(models.Collections.Env)
+
+	if env.ID == "" {
+		env.ID = uuid.New().String()
+	}
+
+	env.Key = env.ID
+
+	env.CreatedAt = time.Now().Unix()
+	env.UpdatedAt = time.Now().Unix()
+
+	err := collection.Put(env).RunWithContext(ctx)
+
+	if err != nil {
+		return env, err
+	}
+
+	return env, nil
+}
+
+// UpdateEnv to update environment information in database
+func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
+
+	collection := p.db.Table(models.Collections.Env)
+	env.UpdatedAt = time.Now().Unix()
+
+	err := UpdateByHashKey(collection, "id", env.ID, env)
+
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// GetEnv to get environment information from database
+func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
+	var env models.Env
+
+	collection := p.db.Table(models.Collections.Env)
+	// As there is no Findone supported.
+	iter := collection.Scan().Limit(1).Iter()
+
+	for iter.NextWithContext(ctx, &env) {
+		if env.ID == "" {
+			return env, errors.New("no documets found")
+		} else {
+			return env, nil
+		}
+	}
+
+	err := iter.Err()
+
+	if err != nil {
+		return env, fmt.Errorf("config not found")
+	}
+
+	return env, nil
+}

server/db/providers/dynamodb/otp.go

@@ -0,0 +1,80 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// UpsertOTP to add or update otp
+func (p *provider) UpsertOTP(ctx context.Context, otpParam *models.OTP) (*models.OTP, error) {
+	otp, _ := p.GetOTPByEmail(ctx, otpParam.Email)
+	shouldCreate := false
+	if otp == nil {
+		id := uuid.NewString()
+		otp = &models.OTP{
+			ID:        id,
+			Key:       id,
+			Otp:       otpParam.Otp,
+			Email:     otpParam.Email,
+			ExpiresAt: otpParam.ExpiresAt,
+			CreatedAt: time.Now().Unix(),
+		}
+		shouldCreate = true
+	} else {
+		otp.Otp = otpParam.Otp
+		otp.ExpiresAt = otpParam.ExpiresAt
+	}
+
+	collection := p.db.Table(models.Collections.OTP)
+	otp.UpdatedAt = time.Now().Unix()
+
+	var err error
+	if shouldCreate {
+		err = collection.Put(otp).RunWithContext(ctx)
+	} else {
+		err = UpdateByHashKey(collection, "id", otp.ID, otp)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return otp, nil
+}
+
+// GetOTPByEmail to get otp for a given email address
+func (p *provider) GetOTPByEmail(ctx context.Context, emailAddress string) (*models.OTP, error) {
+	var otps []models.OTP
+	var otp models.OTP
+
+	collection := p.db.Table(models.Collections.OTP)
+
+	err := collection.Scan().Index("email").Filter("'email' = ?", emailAddress).Limit(1).AllWithContext(ctx, &otps)
+
+	if err != nil {
+		return nil, err
+	}
+	if len(otps) > 0 {
+		otp = otps[0]
+		return &otp, nil
+	} else {
+		return nil, errors.New("no docuemnt found")
+	}
+}
+
+// DeleteOTP to delete otp
+func (p *provider) DeleteOTP(ctx context.Context, otp *models.OTP) error {
+	collection := p.db.Table(models.Collections.OTP)
+
+	if otp.ID != "" {
+		err := collection.Delete("id", otp.ID).RunWithContext(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

server/db/providers/dynamodb/provider.go

@@ -0,0 +1,61 @@
+package dynamodb
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/guregu/dynamo"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+)
+
+type provider struct {
+	db *dynamo.DB
+}
+
+// NewProvider returns a new Dynamo provider
+func NewProvider() (*provider, error) {
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	awsRegion := memorystore.RequiredEnvStoreObj.GetRequiredEnv().AwsRegion
+	awsAccessKeyID := memorystore.RequiredEnvStoreObj.GetRequiredEnv().AwsAccessKeyID
+	awsSecretAccessKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().AwsSecretAccessKey
+
+	config := aws.Config{
+		MaxRetries:                    aws.Int(3),
+		CredentialsChainVerboseErrors: aws.Bool(true), // for full error logs
+	}
+
+	if awsRegion != "" {
+		config.Region = aws.String(awsRegion)
+	}
+
+	// custom awsAccessKeyID, awsSecretAccessKey took first priority, if not then fetch config from aws credentials
+	if awsAccessKeyID != "" && awsSecretAccessKey != "" {
+		config.Credentials = credentials.NewStaticCredentials(awsAccessKeyID, awsSecretAccessKey, "")
+	} else if dbURL != "" {
+		// static config in case of testing or local-setup
+		config.Credentials = credentials.NewStaticCredentials("key", "key", "")
+		config.Endpoint = aws.String(dbURL)
+	} else {
+		log.Debugf("%s or %s or %s not found. Trying to load default credentials from aws config", constants.EnvAwsRegion, constants.EnvAwsAccessKeyID, constants.EnvAwsSecretAccessKey)
+	}
+
+	session := session.Must(session.NewSession(&config))
+	db := dynamo.New(session)
+
+	db.CreateTable(models.Collections.User, models.User{}).Wait()
+	db.CreateTable(models.Collections.Session, models.Session{}).Wait()
+	db.CreateTable(models.Collections.EmailTemplate, models.EmailTemplate{}).Wait()
+	db.CreateTable(models.Collections.Env, models.Env{}).Wait()
+	db.CreateTable(models.Collections.OTP, models.OTP{}).Wait()
+	db.CreateTable(models.Collections.VerificationRequest, models.VerificationRequest{}).Wait()
+	db.CreateTable(models.Collections.Webhook, models.Webhook{}).Wait()
+	db.CreateTable(models.Collections.WebhookLog, models.WebhookLog{}).Wait()
+
+	return &provider{
+		db: db,
+	}, nil
+}

server/db/providers/dynamodb/session.go

@@ -0,0 +1,28 @@
+package dynamodb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// AddSession to save session information in database
+func (p *provider) AddSession(ctx context.Context, session models.Session) error {
+	collection := p.db.Table(models.Collections.Session)
+
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	session.CreatedAt = time.Now().Unix()
+	session.UpdatedAt = time.Now().Unix()
+	err := collection.Put(session).RunWithContext(ctx)
+	return err
+}
+
+// DeleteSession to delete session information from database
+func (p *provider) DeleteSession(ctx context.Context, userId string) error {
+	return nil
+}

server/db/providers/dynamodb/shared.go

@@ -0,0 +1,46 @@
+package dynamodb
+
+import (
+	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/guregu/dynamo"
+)
+
+// As updpate all item not supported so set manually via Set and SetNullable for empty field
+func UpdateByHashKey(table dynamo.Table, hashKey string, hashValue string, item interface{}) error {
+	existingValue, err := dynamo.MarshalItem(item)
+	var i interface{}
+
+	if err != nil {
+		return err
+	}
+
+	nullableValue, err := dynamodbattribute.MarshalMap(item)
+	if err != nil {
+		return err
+	}
+
+	u := table.Update(hashKey, hashValue)
+	for k, v := range existingValue {
+		if k == hashKey {
+			continue
+		}
+		u = u.Set(k, v)
+	}
+
+	for k, v := range nullableValue {
+		if k == hashKey {
+			continue
+		}
+		dynamodbattribute.Unmarshal(v, &i)
+		if i == nil {
+			u = u.SetNullable(k, v)
+		}
+	}
+
+	err = u.Run()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

server/db/providers/dynamodb/user.go

@@ -0,0 +1,195 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+	log "github.com/sirupsen/logrus"
+)
+
+// AddUser to save user information in database
+func (p *provider) AddUser(ctx context.Context, user models.User) (models.User, error) {
+	collection := p.db.Table(models.Collections.User)
+
+	if user.ID == "" {
+		user.ID = uuid.New().String()
+	}
+
+	if user.Roles == "" {
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
+	}
+
+	user.CreatedAt = time.Now().Unix()
+	user.UpdatedAt = time.Now().Unix()
+
+	err := collection.Put(user).RunWithContext(ctx)
+
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// UpdateUser to update user information in database
+func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
+	collection := p.db.Table(models.Collections.User)
+
+	if user.ID != "" {
+
+		user.UpdatedAt = time.Now().Unix()
+
+		err := UpdateByHashKey(collection, "id", user.ID, user)
+		if err != nil {
+			return user, err
+		}
+
+		if err != nil {
+			return user, err
+		}
+
+	}
+	return user, nil
+}
+
+// DeleteUser to delete user information from database
+func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
+	collection := p.db.Table(models.Collections.User)
+	sessionCollection := p.db.Table(models.Collections.Session)
+
+	if user.ID != "" {
+		err := collection.Delete("id", user.ID).Run()
+		if err != nil {
+			return err
+		}
+
+		_, err = sessionCollection.Batch("id").Write().Delete(dynamo.Keys{"user_id", user.ID}).RunWithContext(ctx)
+
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ListUsers to get list of users from database
+func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
+	var user models.User
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.User)
+	users := []*model.User{}
+
+	paginationClone := pagination
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &user) {
+			if paginationClone.Offset == iteration {
+				users = append(users, user.AsAPIUser())
+			}
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	err = iter.Err()
+
+	if err != nil {
+		return nil, err
+	}
+
+	paginationClone.Total = count
+
+	return &model.Users{
+		Pagination: &paginationClone,
+		Users:      users,
+	}, nil
+}
+
+// GetUserByEmail to get user information from database using email address
+func (p *provider) GetUserByEmail(ctx context.Context, email string) (models.User, error) {
+	var users []models.User
+	var user models.User
+
+	collection := p.db.Table(models.Collections.User)
+	err := collection.Scan().Index("email").Filter("'email' = ?", email).AllWithContext(ctx, &users)
+
+	if err != nil {
+		return user, nil
+	}
+
+	if len(users) > 0 {
+		user = users[0]
+		return user, nil
+	} else {
+		return user, errors.New("no record found")
+	}
+
+}
+
+// GetUserByID to get user information from database using user ID
+func (p *provider) GetUserByID(ctx context.Context, id string) (models.User, error) {
+	collection := p.db.Table(models.Collections.User)
+	var user models.User
+	err := collection.Get("id", id).OneWithContext(ctx, &user)
+
+	if err != nil {
+		if user.Email == "" {
+			return user, errors.New("no documets found")
+		} else {
+			return user, nil
+		}
+	}
+	return user, nil
+}
+
+// UpdateUsers to update multiple users, with parameters of user IDs slice
+// If ids set to nil / empty all the users will be updated
+func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{}, ids []string) error {
+	// set updated_at time for all users
+	userCollection := p.db.Table(models.Collections.User)
+	var allUsers []models.User
+	var res int64 = 0
+	var err error
+	if len(ids) > 0 {
+		for _, v := range ids {
+			err = UpdateByHashKey(userCollection, "id", v, data)
+		}
+	} else {
+		// as there is no facility to update all doc - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SQLtoNoSQL.UpdateData.html
+		userCollection.Scan().All(&allUsers)
+
+		for _, user := range allUsers {
+			err = UpdateByHashKey(userCollection, "id", user.ID, data)
+			if err == nil {
+				res = res + 1
+			}
+		}
+	}
+
+	if err != nil {
+		return err
+	} else {
+		log.Info("Updated users: ", res)
+	}
+	return nil
+}

server/db/providers/dynamodb/verification_requests.go

@@ -0,0 +1,116 @@
+package dynamodb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddVerification to save verification request in database
+func (p *provider) AddVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) (models.VerificationRequest, error) {
+	collection := p.db.Table(models.Collections.VerificationRequest)
+
+	if verificationRequest.ID == "" {
+		verificationRequest.ID = uuid.New().String()
+		verificationRequest.CreatedAt = time.Now().Unix()
+		verificationRequest.UpdatedAt = time.Now().Unix()
+		err := collection.Put(verificationRequest).RunWithContext(ctx)
+		if err != nil {
+			return verificationRequest, err
+		}
+	}
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByToken to get verification request from database using token
+func (p *provider) GetVerificationRequestByToken(ctx context.Context, token string) (models.VerificationRequest, error) {
+	collection := p.db.Table(models.Collections.VerificationRequest)
+	var verificationRequest models.VerificationRequest
+
+	iter := collection.Scan().Filter("'token' = ?", token).Iter()
+	for iter.NextWithContext(ctx, &verificationRequest) {
+		return verificationRequest, nil
+	}
+
+	err := iter.Err()
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByEmail to get verification request by email from database
+func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email string, identifier string) (models.VerificationRequest, error) {
+	var verificationRequest models.VerificationRequest
+	collection := p.db.Table(models.Collections.VerificationRequest)
+	iter := collection.Scan().Filter("'email' = ?", email).Filter("'identifier' = ?", identifier).Iter()
+	for iter.NextWithContext(ctx, &verificationRequest) {
+		return verificationRequest, nil
+	}
+
+	err := iter.Err()
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// ListVerificationRequests to get list of verification requests from database
+func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
+	verificationRequests := []*model.VerificationRequest{}
+	var verificationRequest models.VerificationRequest
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.VerificationRequest)
+	paginationClone := pagination
+
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &verificationRequest) {
+			if paginationClone.Offset == iteration {
+				verificationRequests = append(verificationRequests, verificationRequest.AsAPIVerificationRequest())
+			}
+		}
+		err = iter.Err()
+		if err != nil {
+			return nil, err
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	paginationClone.Total = count
+
+	return &model.VerificationRequests{
+		VerificationRequests: verificationRequests,
+		Pagination:           &paginationClone,
+	}, nil
+}
+
+// DeleteVerificationRequest to delete verification request from database
+func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
+	collection := p.db.Table(models.Collections.VerificationRequest)
+
+	if verificationRequest.ID != "" {
+		err := collection.Delete("id", verificationRequest.ID).RunWithContext(ctx)
+
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

server/db/providers/dynamodb/webhook.go

@@ -0,0 +1,148 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddWebhook to add webhook
+func (p *provider) AddWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	collection := p.db.Table(models.Collections.Webhook)
+
+	if webhook.ID == "" {
+		webhook.ID = uuid.New().String()
+	}
+
+	webhook.Key = webhook.ID
+	webhook.CreatedAt = time.Now().Unix()
+	webhook.UpdatedAt = time.Now().Unix()
+
+	err := collection.Put(webhook).RunWithContext(ctx)
+
+	if err != nil {
+		return nil, err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// UpdateWebhook to update webhook
+func (p *provider) UpdateWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	collection := p.db.Table(models.Collections.Webhook)
+
+	webhook.UpdatedAt = time.Now().Unix()
+	err := UpdateByHashKey(collection, "id", webhook.ID, webhook)
+
+	if err != nil {
+		return nil, err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// ListWebhooks to list webhook
+func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination) (*model.Webhooks, error) {
+	webhooks := []*model.Webhook{}
+	var webhook models.Webhook
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.Webhook)
+	paginationClone := pagination
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &webhook) {
+			if paginationClone.Offset == iteration {
+				webhooks = append(webhooks, webhook.AsAPIWebhook())
+			}
+		}
+		err = iter.Err()
+		if err != nil {
+			return nil, err
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	paginationClone.Total = count
+
+	return &model.Webhooks{
+		Pagination: &paginationClone,
+		Webhooks:   webhooks,
+	}, nil
+}
+
+// GetWebhookByID to get webhook by id
+func (p *provider) GetWebhookByID(ctx context.Context, webhookID string) (*model.Webhook, error) {
+	collection := p.db.Table(models.Collections.Webhook)
+	var webhook models.Webhook
+
+	err := collection.Get("id", webhookID).OneWithContext(ctx, &webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if webhook.ID == "" {
+		return webhook.AsAPIWebhook(), errors.New("no documets found")
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// GetWebhookByEventName to get webhook by event_name
+func (p *provider) GetWebhookByEventName(ctx context.Context, eventName string) (*model.Webhook, error) {
+	var webhook models.Webhook
+	collection := p.db.Table(models.Collections.Webhook)
+
+	iter := collection.Scan().Index("event_name").Filter("'event_name' = ?", eventName).Iter()
+
+	for iter.NextWithContext(ctx, &webhook) {
+		return webhook.AsAPIWebhook(), nil
+	}
+
+	err := iter.Err()
+
+	if err != nil {
+		return webhook.AsAPIWebhook(), err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// DeleteWebhook to delete webhook
+func (p *provider) DeleteWebhook(ctx context.Context, webhook *model.Webhook) error {
+	// Also delete webhook logs for given webhook id
+	if webhook.ID != "" {
+		webhookCollection := p.db.Table(models.Collections.Webhook)
+		pagination := model.Pagination{}
+		webhookLogCollection := p.db.Table(models.Collections.WebhookLog)
+		err := webhookCollection.Delete("id", webhook.ID).RunWithContext(ctx)
+		if err != nil {
+			return err
+		}
+		webhookLogs, errIs := p.ListWebhookLogs(ctx, pagination, webhook.ID)
+
+		for _, webhookLog := range webhookLogs.WebhookLogs {
+			err = webhookLogCollection.Delete("id", webhookLog.ID).RunWithContext(ctx)
+			if err != nil {
+				return err
+			}
+		}
+		if errIs != nil {
+			return errIs
+		}
+	}
+	return nil
+}

server/db/providers/dynamodb/webhook_log.go

@@ -0,0 +1,78 @@
+package dynamodb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddWebhookLog to add webhook log
+func (p *provider) AddWebhookLog(ctx context.Context, webhookLog models.WebhookLog) (*model.WebhookLog, error) {
+	collection := p.db.Table(models.Collections.WebhookLog)
+
+	if webhookLog.ID == "" {
+		webhookLog.ID = uuid.New().String()
+	}
+
+	webhookLog.Key = webhookLog.ID
+	webhookLog.CreatedAt = time.Now().Unix()
+	webhookLog.UpdatedAt = time.Now().Unix()
+	err := collection.Put(webhookLog).RunWithContext(ctx)
+
+	if err != nil {
+		return nil, err
+	}
+	return webhookLog.AsAPIWebhookLog(), nil
+}
+
+// ListWebhookLogs to list webhook logs
+func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Pagination, webhookID string) (*model.WebhookLogs, error) {
+	webhookLogs := []*model.WebhookLog{}
+	var webhookLog models.WebhookLog
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+	var err error
+	var count int64
+
+	collection := p.db.Table(models.Collections.WebhookLog)
+	paginationClone := pagination
+	scanner := collection.Scan()
+
+	if webhookID != "" {
+		iter = scanner.Index("webhook_id").Filter("'webhook_id' = ?", webhookID).Iter()
+		for iter.NextWithContext(ctx, &webhookLog) {
+			webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+		}
+		err = iter.Err()
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		for (paginationClone.Offset + paginationClone.Limit) > iteration {
+			iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+			for iter.NextWithContext(ctx, &webhookLog) {
+				if paginationClone.Offset == iteration {
+					webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+				}
+			}
+			err = iter.Err()
+			if err != nil {
+				return nil, err
+			}
+			lastEval = iter.LastEvaluatedKey()
+			iteration += paginationClone.Limit
+		}
+	}
+
+	paginationClone.Total = count
+	// paginationClone.Cursor = iter.LastEvaluatedKey()
+	return &model.WebhookLogs{
+		Pagination:  &paginationClone,
+		WebhookLogs: webhookLogs,
+	}, nil
+}

server/db/providers/sql/provider.go

@@ -1,16 +1,15 @@
 package sql
 
 import (
-	"log"
-	"os"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/glebarez/sqlite"
+	"github.com/sirupsen/logrus"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/postgres"
-	"gorm.io/driver/sqlite"
 	"gorm.io/driver/sqlserver"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
@@ -21,17 +20,27 @@ type provider struct {
 	db *gorm.DB
 }
 
+const (
+	phoneNumberIndexName  = "UQ_phone_number"
+	phoneNumberColumnName = "phone_number"
+)
+
+type indexInfo struct {
+	IndexName  string `json:"index_name"`
+	ColumnName string `json:"column_name"`
+}
+
 // NewProvider returns a new SQL provider
 func NewProvider() (*provider, error) {
 	var sqlDB *gorm.DB
 	var err error
 	customLogger := logger.New(
-		log.New(os.Stdout, "\r\n", log.LstdFlags), // io writer
+		logrus.StandardLogger(),
 		logger.Config{
-			SlowThreshold:             time.Second,   // Slow SQL threshold
-			LogLevel:                  logger.Silent, // Log level
-			IgnoreRecordNotFoundError: true,          // Ignore ErrRecordNotFound error for logger
-			Colorful:                  false,         // Disable color
+			SlowThreshold:             time.Second,  // Slow SQL threshold
+			LogLevel:                  logger.Error, // Log level
+			IgnoreRecordNotFoundError: true,         // Ignore ErrRecordNotFound error for logger
+			Colorful:                  false,        // Disable color
 		},
 	)
 
@@ -50,7 +59,7 @@ func NewProvider() (*provider, error) {
 	case constants.DbTypePostgres, constants.DbTypeYugabyte, constants.DbTypeCockroachDB:
 		sqlDB, err = gorm.Open(postgres.Open(dbURL), ormConfig)
 	case constants.DbTypeSqlite:
-		sqlDB, err = gorm.Open(sqlite.Open(dbURL), ormConfig)
+		sqlDB, err = gorm.Open(sqlite.Open(dbURL+"?_pragma=busy_timeout(5000)&_pragma=journal_mode(WAL)"), ormConfig)
 	case constants.DbTypeMysql, constants.DbTypeMariaDB, constants.DbTypePlanetScaleDB:
 		sqlDB, err = gorm.Open(mysql.Open(dbURL), ormConfig)
 	case constants.DbTypeSqlserver:
@@ -61,10 +70,44 @@ func NewProvider() (*provider, error) {
 		return nil, err
 	}
 
+	// For sqlserver, handle uniqueness of phone_number manually via extra db call
+	// during create and update mutation.
+	if sqlDB.Migrator().HasConstraint(&models.User{}, "authorizer_users_phone_number_key") {
+		err = sqlDB.Migrator().DropConstraint(&models.User{}, "authorizer_users_phone_number_key")
+		logrus.Debug("Failed to drop phone number constraint:", err)
+	}
+
 	err = sqlDB.AutoMigrate(&models.User{}, &models.VerificationRequest{}, &models.Session{}, &models.Env{}, &models.Webhook{}, models.WebhookLog{}, models.EmailTemplate{}, &models.OTP{})
 	if err != nil {
 		return nil, err
 	}
+
+	// IMPACT: Request user to manually delete: UQ_phone_number constraint
+	// unique constraint on phone number does not work with multiple null values for sqlserver
+	// for more information check https://stackoverflow.com/a/767702
+	// if dbType == constants.DbTypeSqlserver {
+	// 	var indexInfos []indexInfo
+	// 	// remove index on phone number if present with different name
+	// 	res := sqlDB.Raw("SELECT i.name AS index_name, i.type_desc AS index_algorithm, CASE i.is_unique WHEN 1 THEN 'TRUE' ELSE 'FALSE' END AS is_unique, ac.Name AS column_name FROM sys.tables AS t INNER JOIN sys.indexes AS i ON t.object_id = i.object_id INNER JOIN sys.index_columns AS ic ON ic.object_id = i.object_id AND ic.index_id = i.index_id INNER JOIN sys.all_columns AS ac ON ic.object_id = ac.object_id AND ic.column_id = ac.column_id WHERE t.name = 'authorizer_users' AND SCHEMA_NAME(t.schema_id) = 'dbo';").Scan(&indexInfos)
+	// 	if res.Error != nil {
+	// 		return nil, res.Error
+	// 	}
+
+	// 	for _, val := range indexInfos {
+	// 		if val.ColumnName == phoneNumberColumnName && val.IndexName != phoneNumberIndexName {
+	// 			// drop index & create new
+	// 			if res := sqlDB.Exec(fmt.Sprintf(`ALTER TABLE authorizer_users DROP CONSTRAINT "%s";`, val.IndexName)); res.Error != nil {
+	// 				return nil, res.Error
+	// 			}
+
+	// 			// create index
+	// 			if res := sqlDB.Exec(fmt.Sprintf("CREATE UNIQUE NONCLUSTERED INDEX %s ON authorizer_users(phone_number) WHERE phone_number IS NOT NULL;", phoneNumberIndexName)); res.Error != nil {
+	// 				return nil, res.Error
+	// 			}
+	// 		}
+	// 	}
+	// }
+
 	return &provider{
 		db: sqlDB,
 	}, nil

server/db/providers/sql/user.go

@@ -2,12 +2,15 @@ package sql
 
 import (
 	"context"
+	"fmt"
+	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/google/uuid"
 	"gorm.io/gorm"
 	"gorm.io/gorm/clause"
@@ -27,6 +30,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 		user.Roles = defaultRoles
 	}
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhone(ctx, refs.StringValue(user.PhoneNumber)); u != nil {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
 	user.Key = user.ID
@@ -47,6 +56,12 @@ func (p *provider) AddUser(ctx context.Context, user models.User) (models.User,
 func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
 	user.UpdatedAt = time.Now().Unix()
 
+	if user.PhoneNumber != nil && strings.TrimSpace(refs.StringValue(user.PhoneNumber)) != "" {
+		if u, _ := p.GetUserByPhone(ctx, refs.StringValue(user.PhoneNumber)); u != nil && u.ID != user.ID {
+			return user, fmt.Errorf("user with given phone number already exists")
+		}
+	}
+
 	result := p.db.Save(&user)
 
 	if result.Error != nil {
@@ -141,3 +156,14 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}
 	return nil
 }
+
+func (p *provider) GetUserByPhone(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+	result := p.db.Where("phone_number = ?", phoneNumber).First(&user)
+
+	if result.Error != nil {
+		return user, result.Error
+	}
+
+	return user, nil
+}

server/db/providers/surrealdb/email_template.go

@@ -0,0 +1,48 @@
+package surrealdb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+)
+
+// AddEmailTemplate to add EmailTemplate
+func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	if emailTemplate.ID == "" {
+		emailTemplate.ID = uuid.New().String()
+	}
+
+	emailTemplate.Key = emailTemplate.ID
+	emailTemplate.CreatedAt = time.Now().Unix()
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// UpdateEmailTemplate to update EmailTemplate
+func (p *provider) UpdateEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// ListEmailTemplates to list EmailTemplate
+func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagination) (*model.EmailTemplates, error) {
+	return nil, nil
+}
+
+// GetEmailTemplateByID to get EmailTemplate by id
+func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
+	return nil, nil
+}
+
+// GetEmailTemplateByEventName to get EmailTemplate by event_name
+func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
+	return nil, nil
+}
+
+// DeleteEmailTemplate to delete EmailTemplate
+func (p *provider) DeleteEmailTemplate(ctx context.Context, emailTemplate *model.EmailTemplate) error {
+	return nil
+}

server/db/providers/surrealdb/env.go

@@ -0,0 +1,68 @@
+package surrealdb
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+	"github.com/surrealdb/surrealdb.go"
+)
+
+// AddEnv to save environment information in database
+func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	if env.ID == "" {
+		env.ID = uuid.New().String()
+	}
+
+	env.CreatedAt = time.Now().Unix()
+	env.UpdatedAt = time.Now().Unix()
+
+	mapData := env.ToMap()
+	mapData[models.SurrealDbIdentifier] = env.ID
+
+	_, err := p.db.Create(models.Collections.Env, mapData)
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// UpdateEnv to update environment information in database
+func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	env.UpdatedAt = time.Now().Unix()
+
+	mapData := env.ToMap()
+	mapData[models.SurrealDbIdentifier] = env.ID
+
+	_, err := p.db.Update(models.Collections.Env, mapData)
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// GetEnv to get environment information from database
+func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
+	var env models.Env
+
+	mapData, err := p.db.Select(models.Collections.Env)
+	if err != nil {
+		return env, err
+	}
+
+	envs := []models.Env{}
+	err = surrealdb.Unmarshal(mapData, &envs)
+	if err != nil {
+		return env, err
+	}
+
+	if len(envs) > 0 {
+		env = envs[0]
+	} else {
+		return env, fmt.Errorf("env record not found")
+	}
+
+	return env, nil
+}

server/db/providers/surrealdb/otp.go

@@ -0,0 +1,22 @@
+package surrealdb
+
+import (
+	"context"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+)
+
+// UpsertOTP to add or update otp
+func (p *provider) UpsertOTP(ctx context.Context, otp *models.OTP) (*models.OTP, error) {
+	return nil, nil
+}
+
+// GetOTPByEmail to get otp for a given email address
+func (p *provider) GetOTPByEmail(ctx context.Context, emailAddress string) (*models.OTP, error) {
+	return nil, nil
+}
+
+// DeleteOTP to delete otp
+func (p *provider) DeleteOTP(ctx context.Context, otp *models.OTP) error {
+	return nil
+}

server/db/providers/surrealdb/provider.go

@@ -0,0 +1,42 @@
+package surrealdb
+
+import (
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/surrealdb/surrealdb.go"
+)
+
+// TODO change following provider to new db provider
+type provider struct {
+	db *surrealdb.DB
+}
+
+// NewProvider returns a new SQL provider
+// TODO change following provider to new db provider
+func NewProvider() (*provider, error) {
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	db, err := surrealdb.New(dbURL)
+	if err != nil {
+		return nil, err
+	}
+
+	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+
+	_, err = db.Signin(map[string]interface{}{
+		"user": dbUsername,
+		"pass": dbPassword,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = db.Use(models.DBNamespace, models.DBNamespace)
+	if err != nil {
+		return nil, err
+	}
+
+	return &provider{
+		db: db,
+	}, nil
+}

server/db/providers/surrealdb/session.go

@@ -0,0 +1,25 @@
+package surrealdb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// AddSession to save session information in database
+func (p *provider) AddSession(ctx context.Context, session models.Session) error {
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	session.CreatedAt = time.Now().Unix()
+	session.UpdatedAt = time.Now().Unix()
+	return nil
+}
+
+// DeleteSession to delete session information from database
+func (p *provider) DeleteSession(ctx context.Context, userId string) error {
+	return nil
+}

server/db/providers/surrealdb/user.go

@@ -0,0 +1,71 @@
+package surrealdb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/google/uuid"
+)
+
+// AddUser to save user information in database
+func (p *provider) AddUser(ctx context.Context, user models.User) (models.User, error) {
+	if user.ID == "" {
+		user.ID = uuid.New().String()
+	}
+
+	if user.Roles == "" {
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
+	}
+
+	user.CreatedAt = time.Now().Unix()
+	user.UpdatedAt = time.Now().Unix()
+
+	return user, nil
+}
+
+// UpdateUser to update user information in database
+func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
+	user.UpdatedAt = time.Now().Unix()
+	return user, nil
+}
+
+// DeleteUser to delete user information from database
+func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
+	return nil
+}
+
+// ListUsers to get list of users from database
+func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
+	return nil, nil
+}
+
+// GetUserByEmail to get user information from database using email address
+func (p *provider) GetUserByEmail(ctx context.Context, email string) (models.User, error) {
+	var user models.User
+
+	return user, nil
+}
+
+// GetUserByID to get user information from database using user ID
+func (p *provider) GetUserByID(ctx context.Context, id string) (models.User, error) {
+	var user models.User
+
+	return user, nil
+}
+
+// UpdateUsers to update multiple users, with parameters of user IDs slice
+// If ids set to nil / empty all the users will be updated
+func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{}, ids []string) error {
+	// set updated_at time for all users
+	data["updated_at"] = time.Now().Unix()
+
+	return nil
+}

server/db/providers/surrealdb/verification_requests.go

@@ -0,0 +1,46 @@
+package surrealdb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+)
+
+// AddVerification to save verification request in database
+func (p *provider) AddVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) (models.VerificationRequest, error) {
+	if verificationRequest.ID == "" {
+		verificationRequest.ID = uuid.New().String()
+	}
+
+	verificationRequest.CreatedAt = time.Now().Unix()
+	verificationRequest.UpdatedAt = time.Now().Unix()
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByToken to get verification request from database using token
+func (p *provider) GetVerificationRequestByToken(ctx context.Context, token string) (models.VerificationRequest, error) {
+	var verificationRequest models.VerificationRequest
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByEmail to get verification request by email from database
+func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email string, identifier string) (models.VerificationRequest, error) {
+	var verificationRequest models.VerificationRequest
+
+	return verificationRequest, nil
+}
+
+// ListVerificationRequests to get list of verification requests from database
+func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
+	return nil, nil
+}
+
+// DeleteVerificationRequest to delete verification request from database
+func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
+	return nil
+}

server/db/providers/surrealdb/webhook.go

@@ -0,0 +1,49 @@
+package surrealdb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+)
+
+// AddWebhook to add webhook
+func (p *provider) AddWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	if webhook.ID == "" {
+		webhook.ID = uuid.New().String()
+	}
+
+	webhook.Key = webhook.ID
+	webhook.CreatedAt = time.Now().Unix()
+	webhook.UpdatedAt = time.Now().Unix()
+	return webhook.AsAPIWebhook(), nil
+}
+
+// UpdateWebhook to update webhook
+func (p *provider) UpdateWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	webhook.UpdatedAt = time.Now().Unix()
+	return webhook.AsAPIWebhook(), nil
+}
+
+// ListWebhooks to list webhook
+func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination) (*model.Webhooks, error) {
+	return nil, nil
+}
+
+// GetWebhookByID to get webhook by id
+func (p *provider) GetWebhookByID(ctx context.Context, webhookID string) (*model.Webhook, error) {
+	return nil, nil
+}
+
+// GetWebhookByEventName to get webhook by event_name
+func (p *provider) GetWebhookByEventName(ctx context.Context, eventName string) (*model.Webhook, error) {
+	return nil, nil
+}
+
+// DeleteWebhook to delete webhook
+func (p *provider) DeleteWebhook(ctx context.Context, webhook *model.Webhook) error {
+	// Also delete webhook logs for given webhook id
+	return nil
+}

server/db/providers/surrealdb/webhook_log.go

@@ -0,0 +1,27 @@
+package surrealdb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+)
+
+// AddWebhookLog to add webhook log
+func (p *provider) AddWebhookLog(ctx context.Context, webhookLog models.WebhookLog) (*model.WebhookLog, error) {
+	if webhookLog.ID == "" {
+		webhookLog.ID = uuid.New().String()
+	}
+
+	webhookLog.Key = webhookLog.ID
+	webhookLog.CreatedAt = time.Now().Unix()
+	webhookLog.UpdatedAt = time.Now().Unix()
+	return webhookLog.AsAPIWebhookLog(), nil
+}
+
+// ListWebhookLogs to list webhook logs
+func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Pagination, webhookID string) (*model.WebhookLogs, error) {
+	return nil, nil
+}

server/email/email.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/tls"
 	"strconv"
+	"strings"
 	"text/template"
 
 	log "github.com/sirupsen/logrus"
@@ -126,6 +127,12 @@ func SendEmail(to []string, event string, data map[string]interface{}) error {
 		return err
 	}
 
+	smtpLocalName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySmtpLocalName)
+	if err != nil {
+		log.Debugf("Error while getting smtp localname from env variable: %v", err)
+		smtpLocalName = ""
+	}
+
 	isProd, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsProd)
 	if err != nil {
 		log.Errorf("Error while getting env variable: %v", err)
@@ -141,6 +148,11 @@ func SendEmail(to []string, event string, data map[string]interface{}) error {
 	if !isProd {
 		d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
 	}
+
+	if strings.TrimSpace(smtpLocalName) != "" {
+		d.LocalName = smtpLocalName
+	}
+
 	if err := d.DialAndSend(m); err != nil {
 		log.Debug("SMTP Failed: ", err)
 		return err

server/env/env.go

@@ -55,6 +55,7 @@ func InitAllEnv() error {
 	osSmtpPort := os.Getenv(constants.EnvKeySmtpPort)
 	osSmtpUsername := os.Getenv(constants.EnvKeySmtpUsername)
 	osSmtpPassword := os.Getenv(constants.EnvKeySmtpPassword)
+	osSmtpLocalName := os.Getenv(constants.EnvKeySmtpLocalName)
 	osSenderEmail := os.Getenv(constants.EnvKeySenderEmail)
 	osJwtType := os.Getenv(constants.EnvKeyJwtType)
 	osJwtSecret := os.Getenv(constants.EnvKeyJwtSecret)
@@ -77,6 +78,9 @@ func InitAllEnv() error {
 	osResetPasswordURL := os.Getenv(constants.EnvKeyResetPasswordURL)
 	osOrganizationName := os.Getenv(constants.EnvKeyOrganizationName)
 	osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo)
+	osAwsRegion := os.Getenv(constants.EnvAwsRegion)
+	osAwsAccessKey := os.Getenv(constants.EnvAwsAccessKeyID)
+	osAwsSecretKey := os.Getenv(constants.EnvAwsSecretAccessKey)
 
 	// os bool vars
 	osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
@@ -119,6 +123,27 @@ func InitAllEnv() error {
 		}
 	}
 
+	if val, ok := envData[constants.EnvAwsRegion]; !ok || val == "" {
+		envData[constants.EnvAwsRegion] = osAwsRegion
+	}
+	if osAwsRegion != "" && envData[constants.EnvAwsRegion] != osAwsRegion {
+		envData[constants.EnvAwsRegion] = osAwsRegion
+	}
+
+	if val, ok := envData[constants.EnvAwsAccessKeyID]; !ok || val == "" {
+		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
+	}
+	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsRegion {
+		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
+	}
+
+	if val, ok := envData[constants.EnvAwsSecretAccessKey]; !ok || val == "" {
+		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
+	}
+	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsRegion {
+		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
+	}
+
 	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
 		envData[constants.EnvKeyAppURL] = osAppURL
 	}
@@ -181,6 +206,13 @@ func InitAllEnv() error {
 		envData[constants.EnvKeySmtpUsername] = osSmtpUsername
 	}
 
+	if val, ok := envData[constants.EnvKeySmtpLocalName]; !ok || val == "" {
+		envData[constants.EnvKeySmtpLocalName] = osSmtpLocalName
+	}
+	if osSmtpLocalName != "" && envData[constants.EnvKeySmtpLocalName] != osSmtpLocalName {
+		envData[constants.EnvKeySmtpLocalName] = osSmtpLocalName
+	}
+
 	if val, ok := envData[constants.EnvKeySmtpPassword]; !ok || val == "" {
 		envData[constants.EnvKeySmtpPassword] = osSmtpPassword
 	}
@@ -300,7 +332,7 @@ func InitAllEnv() error {
 		envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim
 
 		if envData[constants.EnvKeyJwtRoleClaim] == "" {
-			envData[constants.EnvKeyJwtRoleClaim] = "role"
+			envData[constants.EnvKeyJwtRoleClaim] = "roles"
 		}
 	}
 	if osJwtRoleClaim != "" && envData[constants.EnvKeyJwtRoleClaim] != osJwtRoleClaim {

server/env/persist_env.go

@@ -201,7 +201,7 @@ func PersistEnv() error {
 				envValue := strings.TrimSpace(os.Getenv(key))
 				if envValue != "" {
 					switch key {
-					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication:
+					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv, constants.EnvKeyDisableStrongPassword, constants.EnvKeyIsEmailServiceEnabled, constants.EnvKeyEnforceMultiFactorAuthentication, constants.EnvKeyDisableMultiFactorAuthentication, constants.EnvKeyAdminCookieSecure, constants.EnvKeyAppCookieSecure:
 						if envValueBool, err := strconv.ParseBool(envValue); err == nil {
 							if value.(bool) != envValueBool {
 								storeData[key] = envValueBool

server/go.mod

@@ -3,40 +3,46 @@ module github.com/authorizerdev/authorizer/server
 go 1.16
 
 require (
-	github.com/99designs/gqlgen v0.14.0
-	github.com/arangodb/go-driver v1.2.1
-	github.com/coreos/go-oidc/v3 v3.1.0
-	github.com/gin-gonic/gin v1.7.2
-	github.com/go-playground/validator/v10 v10.8.0 // indirect
-	github.com/go-redis/redis/v8 v8.11.0
-	github.com/gocql/gocql v1.2.0
+	github.com/99designs/gqlgen v0.17.20
+	github.com/arangodb/go-driver v1.4.0
+	github.com/aws/aws-sdk-go v1.44.145
+	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.4.0
+	github.com/gin-gonic/gin v1.8.1
+	github.com/glebarez/go-sqlite v1.19.5 // indirect
+	github.com/glebarez/sqlite v1.5.0
+	github.com/go-playground/validator/v10 v10.11.1 // indirect
+	github.com/go-redis/redis/v8 v8.11.5
+	github.com/goccy/go-json v0.9.11 // indirect
+	github.com/gocql/gocql v1.2.1
+	github.com/gofrs/uuid v4.3.1+incompatible // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.3.0
-	github.com/joho/godotenv v1.3.0
-	github.com/json-iterator/go v1.1.11 // indirect
-	github.com/mattn/go-isatty v0.0.13 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/guregu/dynamo v1.17.0
+	github.com/joho/godotenv v1.4.0
+	github.com/klauspost/compress v1.15.12 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.1 // indirect
-	github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f
-	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.0
-	github.com/ugorji/go v1.2.6 // indirect
-	github.com/vektah/gqlparser/v2 v2.2.0
-	go.mongodb.org/mongo-driver v1.8.1
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
-	golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect
-	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20220927061507-ef77025ab5aa // indirect
+	github.com/robertkrimen/otto v0.0.0-20221126133309-a3b51c68f2a4
+	github.com/sirupsen/logrus v1.9.0
+	github.com/stretchr/testify v1.8.1
+	github.com/surrealdb/surrealdb.go v0.1.2-0.20221019092700-845266102715
+	github.com/urfave/cli/v2 v2.23.5 // indirect
+	github.com/vektah/gqlparser/v2 v2.5.1
+	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
+	go.mongodb.org/mongo-driver v1.11.0
+	golang.org/x/crypto v0.3.0
+	golang.org/x/oauth2 v0.2.0
+	golang.org/x/tools v0.3.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/square/go-jose.v2 v2.6.0
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gorm.io/driver/mysql v1.2.1
-	gorm.io/driver/postgres v1.2.3
-	gorm.io/driver/sqlite v1.2.6
-	gorm.io/driver/sqlserver v1.2.1
-	gorm.io/gorm v1.22.4
+	gorm.io/driver/mysql v1.4.4
+	gorm.io/driver/postgres v1.4.5
+	gorm.io/driver/sqlserver v1.4.1
+	gorm.io/gorm v1.24.2
 )

server/gqlgen.yml

@@ -23,19 +23,26 @@ resolver:
   dir: graph
   package: graph
 
-# Optional: turn on use `gqlgen:"fieldName"` tags in your models
+# Optional: turn on use ` + "`" + `gqlgen:"fieldName"` + "`" + ` tags in your models
 # struct_tag: json
 
 # Optional: turn on to use []Thing instead of []*Thing
 # omit_slice_element_pointers: false
 
+# Optional: turn off to make struct-type struct fields not use pointers
+# e.g. type Thing struct { FieldA OtherThing } instead of { FieldA *OtherThing }
+# struct_fields_always_pointers: true
+
+# Optional: turn off to make resolvers return values instead of pointers for structs
+# resolvers_always_return_pointers: true
+
 # Optional: set to speed up generation time by not performing a final validation pass.
 # skip_validation: true
 
 # gqlgen will search for any type names in the schema in these go packages
 # if they match it will use them, otherwise it will generate them.
 autobind:
-  - 'github.com/authorizerdev/authorizer/server/graph/model'
+#  - "github.com/authorizerdev/authorizer/server/graph/model"
 
 # This section declares type mapping between the GraphQL and go type systems
 #
@@ -45,7 +52,6 @@ autobind:
 models:
   ID:
     model:
-      # - github.com/99designs/gqlgen/graphql.IntID # An go integer
       - github.com/99designs/gqlgen/graphql.ID
       - github.com/99designs/gqlgen/graphql.Int
       - github.com/99designs/gqlgen/graphql.Int64
@@ -55,11 +61,12 @@ models:
       - github.com/99designs/gqlgen/graphql.Int
       - github.com/99designs/gqlgen/graphql.Int64
       - github.com/99designs/gqlgen/graphql.Int32
-  Float:
-    model:
-      - github.com/99designs/gqlgen/graphql.Float
-      - github.com/99designs/gqlgen/graphql.Float64
-      - github.com/99designs/gqlgen/graphql.Float32
   Int64:
     model:
       - github.com/99designs/gqlgen/graphql.Int64
+  Map:
+    model:
+      - github.com/99designs/gqlgen/graphql.Map
+  Any:
+    model:
+      - github.com/99designs/gqlgen/graphql.Any

server/graph/model/models_gen.go

@@ -3,10 +3,10 @@
 package model
 
 type AddEmailTemplateRequest struct {
-	EventName string `json:"event_name"`
-	Subject   string `json:"subject"`
-	Template  string `json:"template"`
-	Design    string `json:"design"`
+	EventName string  `json:"event_name"`
+	Subject   string  `json:"subject"`
+	Template  string  `json:"template"`
+	Design    *string `json:"design"`
 }
 
 type AddWebhookRequest struct {
@@ -74,6 +74,7 @@ type Env struct {
 	SMTPPort                         *string  `json:"SMTP_PORT"`
 	SMTPUsername                     *string  `json:"SMTP_USERNAME"`
 	SMTPPassword                     *string  `json:"SMTP_PASSWORD"`
+	SMTPLocalName                    *string  `json:"SMTP_LOCAL_NAME"`
 	SenderEmail                      *string  `json:"SENDER_EMAIL"`
 	JwtType                          *string  `json:"JWT_TYPE"`
 	JwtSecret                        *string  `json:"JWT_SECRET"`
@@ -110,6 +111,8 @@ type Env struct {
 	TwitterClientSecret              *string  `json:"TWITTER_CLIENT_SECRET"`
 	OrganizationName                 *string  `json:"ORGANIZATION_NAME"`
 	OrganizationLogo                 *string  `json:"ORGANIZATION_LOGO"`
+	AppCookieSecure                  bool     `json:"APP_COOKIE_SECURE"`
+	AdminCookieSecure                bool     `json:"ADMIN_COOKIE_SECURE"`
 }
 
 type Error struct {
@@ -148,6 +151,7 @@ type LoginInput struct {
 	Password string   `json:"password"`
 	Roles    []string `json:"roles"`
 	Scope    []string `json:"scope"`
+	State    *string  `json:"state"`
 }
 
 type MagicLinkLoginInput struct {
@@ -196,12 +200,14 @@ type PaginationInput struct {
 }
 
 type ResendOTPRequest struct {
-	Email string `json:"email"`
+	Email string  `json:"email"`
+	State *string `json:"state"`
 }
 
 type ResendVerifyEmailInput struct {
-	Email      string `json:"email"`
-	Identifier string `json:"identifier"`
+	Email      string  `json:"email"`
+	Identifier string  `json:"identifier"`
+	State      *string `json:"state"`
 }
 
 type ResetPasswordInput struct {
@@ -235,6 +241,7 @@ type SignUpInput struct {
 	Scope                    []string `json:"scope"`
 	RedirectURI              *string  `json:"redirect_uri"`
 	IsMultiFactorAuthEnabled *bool    `json:"is_multi_factor_auth_enabled"`
+	State                    *string  `json:"state"`
 }
 
 type TestEndpointRequest struct {
@@ -269,6 +276,7 @@ type UpdateEnvInput struct {
 	SMTPPort                         *string  `json:"SMTP_PORT"`
 	SMTPUsername                     *string  `json:"SMTP_USERNAME"`
 	SMTPPassword                     *string  `json:"SMTP_PASSWORD"`
+	SMTPLocalName                    *string  `json:"SMTP_LOCAL_NAME"`
 	SenderEmail                      *string  `json:"SENDER_EMAIL"`
 	JwtType                          *string  `json:"JWT_TYPE"`
 	JwtSecret                        *string  `json:"JWT_SECRET"`
@@ -277,6 +285,8 @@ type UpdateEnvInput struct {
 	AllowedOrigins                   []string `json:"ALLOWED_ORIGINS"`
 	AppURL                           *string  `json:"APP_URL"`
 	ResetPasswordURL                 *string  `json:"RESET_PASSWORD_URL"`
+	AppCookieSecure                  *bool    `json:"APP_COOKIE_SECURE"`
+	AdminCookieSecure                *bool    `json:"ADMIN_COOKIE_SECURE"`
 	DisableEmailVerification         *bool    `json:"DISABLE_EMAIL_VERIFICATION"`
 	DisableBasicAuthentication       *bool    `json:"DISABLE_BASIC_AUTHENTICATION"`
 	DisableMagicLinkLogin            *bool    `json:"DISABLE_MAGIC_LINK_LOGIN"`
@@ -380,7 +390,8 @@ type ValidateJWTTokenInput struct {
 }
 
 type ValidateJWTTokenResponse struct {
-	IsValid bool `json:"is_valid"`
+	IsValid bool                   `json:"is_valid"`
+	Claims  map[string]interface{} `json:"claims"`
 }
 
 type VerificationRequest struct {
@@ -401,12 +412,14 @@ type VerificationRequests struct {
 }
 
 type VerifyEmailInput struct {
-	Token string `json:"token"`
+	Token string  `json:"token"`
+	State *string `json:"state"`
 }
 
 type VerifyOTPRequest struct {
-	Email string `json:"email"`
-	Otp   string `json:"otp"`
+	Email string  `json:"email"`
+	Otp   string  `json:"otp"`
+	State *string `json:"state"`
 }
 
 type Webhook struct {

server/graph/schema.graphqls

@@ -110,6 +110,7 @@ type Env {
 	SMTP_PORT: String
 	SMTP_USERNAME: String
 	SMTP_PASSWORD: String
+	SMTP_LOCAL_NAME: String
 	SENDER_EMAIL: String
 	JWT_TYPE: String
 	JWT_SECRET: String
@@ -146,10 +147,13 @@ type Env {
 	TWITTER_CLIENT_SECRET: String
 	ORGANIZATION_NAME: String
 	ORGANIZATION_LOGO: String
+	APP_COOKIE_SECURE: Boolean!
+	ADMIN_COOKIE_SECURE: Boolean!
 }
 
 type ValidateJWTTokenResponse {
 	is_valid: Boolean!
+	claims: Map
 }
 
 type GenerateJWTKeysResponse {
@@ -217,6 +221,7 @@ input UpdateEnvInput {
 	SMTP_PORT: String
 	SMTP_USERNAME: String
 	SMTP_PASSWORD: String
+	SMTP_LOCAL_NAME: String
 	SENDER_EMAIL: String
 	JWT_TYPE: String
 	JWT_SECRET: String
@@ -225,6 +230,8 @@ input UpdateEnvInput {
 	ALLOWED_ORIGINS: [String!]
 	APP_URL: String
 	RESET_PASSWORD_URL: String
+	APP_COOKIE_SECURE: Boolean
+	ADMIN_COOKIE_SECURE: Boolean
 	DISABLE_EMAIL_VERIFICATION: Boolean
 	DISABLE_BASIC_AUTHENTICATION: Boolean
 	DISABLE_MAGIC_LINK_LOGIN: Boolean
@@ -278,6 +285,10 @@ input SignUpInput {
 	scope: [String!]
 	redirect_uri: String
 	is_multi_factor_auth_enabled: Boolean
+	# state is used for authorization code grant flow
+	# it is used to get code for an on-going auth process during login
+	# and use that code for setting `c_hash` in id_token
+	state: String
 }
 
 input LoginInput {
@@ -285,15 +296,27 @@ input LoginInput {
 	password: String!
 	roles: [String!]
 	scope: [String!]
+	# state is used for authorization code grant flow
+	# it is used to get code for an on-going auth process during login
+	# and use that code for setting `c_hash` in id_token
+	state: String
 }
 
 input VerifyEmailInput {
 	token: String!
+	# state is used for authorization code grant flow
+	# it is used to get code for an on-going auth process during login
+	# and use that code for setting `c_hash` in id_token
+	state: String
 }
 
 input ResendVerifyEmailInput {
 	email: String!
 	identifier: String!
+	# state is used for authorization code grant flow
+	# it is used to get code for an on-going auth process during login
+	# and use that code for setting `c_hash` in id_token
+	state: String
 }
 
 input UpdateProfileInput {
@@ -423,7 +446,9 @@ input AddEmailTemplateRequest {
 	event_name: String!
 	subject: String!
 	template: String!
-	design: String!
+	# Design value is set when editor is used
+	# If raw HTML is used design value is set to null
+	design: String
 }
 
 input UpdateEmailTemplateRequest {
@@ -431,6 +456,8 @@ input UpdateEmailTemplateRequest {
 	event_name: String
 	template: String
 	subject: String
+	# Design value is set when editor is used
+	# If raw HTML is used design value is set to null
 	design: String
 }
 
@@ -441,10 +468,18 @@ input DeleteEmailTemplateRequest {
 input VerifyOTPRequest {
 	email: String!
 	otp: String!
+	# state is used for authorization code grant flow
+	# it is used to get code for an on-going auth process during login
+	# and use that code for setting `c_hash` in id_token
+	state: String
 }
 
 input ResendOTPRequest {
 	email: String!
+	# state is used for authorization code grant flow
+	# it is used to get code for an on-going auth process during login
+	# and use that code for setting `c_hash` in id_token
+	state: String
 }
 
 type Mutation {

server/graph/schema.resolvers.go

@@ -11,166 +11,207 @@ import (
 	"github.com/authorizerdev/authorizer/server/resolvers"
 )
 
+// Signup is the resolver for the signup field.
 func (r *mutationResolver) Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse, error) {
 	return resolvers.SignupResolver(ctx, params)
 }
 
+// Login is the resolver for the login field.
 func (r *mutationResolver) Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, error) {
 	return resolvers.LoginResolver(ctx, params)
 }
 
+// MagicLinkLogin is the resolver for the magic_link_login field.
 func (r *mutationResolver) MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*model.Response, error) {
 	return resolvers.MagicLinkLoginResolver(ctx, params)
 }
 
+// Logout is the resolver for the logout field.
 func (r *mutationResolver) Logout(ctx context.Context) (*model.Response, error) {
 	return resolvers.LogoutResolver(ctx)
 }
 
+// UpdateProfile is the resolver for the update_profile field.
 func (r *mutationResolver) UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model.Response, error) {
 	return resolvers.UpdateProfileResolver(ctx, params)
 }
 
+// VerifyEmail is the resolver for the verify_email field.
 func (r *mutationResolver) VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.AuthResponse, error) {
 	return resolvers.VerifyEmailResolver(ctx, params)
 }
 
+// ResendVerifyEmail is the resolver for the resend_verify_email field.
 func (r *mutationResolver) ResendVerifyEmail(ctx context.Context, params model.ResendVerifyEmailInput) (*model.Response, error) {
 	return resolvers.ResendVerifyEmailResolver(ctx, params)
 }
 
+// ForgotPassword is the resolver for the forgot_password field.
 func (r *mutationResolver) ForgotPassword(ctx context.Context, params model.ForgotPasswordInput) (*model.Response, error) {
 	return resolvers.ForgotPasswordResolver(ctx, params)
 }
 
+// ResetPassword is the resolver for the reset_password field.
 func (r *mutationResolver) ResetPassword(ctx context.Context, params model.ResetPasswordInput) (*model.Response, error) {
 	return resolvers.ResetPasswordResolver(ctx, params)
 }
 
+// Revoke is the resolver for the revoke field.
 func (r *mutationResolver) Revoke(ctx context.Context, params model.OAuthRevokeInput) (*model.Response, error) {
 	return resolvers.RevokeResolver(ctx, params)
 }
 
+// VerifyOtp is the resolver for the verify_otp field.
 func (r *mutationResolver) VerifyOtp(ctx context.Context, params model.VerifyOTPRequest) (*model.AuthResponse, error) {
 	return resolvers.VerifyOtpResolver(ctx, params)
 }
 
+// ResendOtp is the resolver for the resend_otp field.
 func (r *mutationResolver) ResendOtp(ctx context.Context, params model.ResendOTPRequest) (*model.Response, error) {
 	return resolvers.ResendOTPResolver(ctx, params)
 }
 
+// DeleteUser is the resolver for the _delete_user field.
 func (r *mutationResolver) DeleteUser(ctx context.Context, params model.DeleteUserInput) (*model.Response, error) {
 	return resolvers.DeleteUserResolver(ctx, params)
 }
 
+// UpdateUser is the resolver for the _update_user field.
 func (r *mutationResolver) UpdateUser(ctx context.Context, params model.UpdateUserInput) (*model.User, error) {
 	return resolvers.UpdateUserResolver(ctx, params)
 }
 
+// AdminSignup is the resolver for the _admin_signup field.
 func (r *mutationResolver) AdminSignup(ctx context.Context, params model.AdminSignupInput) (*model.Response, error) {
 	return resolvers.AdminSignupResolver(ctx, params)
 }
 
+// AdminLogin is the resolver for the _admin_login field.
 func (r *mutationResolver) AdminLogin(ctx context.Context, params model.AdminLoginInput) (*model.Response, error) {
 	return resolvers.AdminLoginResolver(ctx, params)
 }
 
+// AdminLogout is the resolver for the _admin_logout field.
 func (r *mutationResolver) AdminLogout(ctx context.Context) (*model.Response, error) {
 	return resolvers.AdminLogoutResolver(ctx)
 }
 
+// UpdateEnv is the resolver for the _update_env field.
 func (r *mutationResolver) UpdateEnv(ctx context.Context, params model.UpdateEnvInput) (*model.Response, error) {
 	return resolvers.UpdateEnvResolver(ctx, params)
 }
 
+// InviteMembers is the resolver for the _invite_members field.
 func (r *mutationResolver) InviteMembers(ctx context.Context, params model.InviteMemberInput) (*model.Response, error) {
 	return resolvers.InviteMembersResolver(ctx, params)
 }
 
+// RevokeAccess is the resolver for the _revoke_access field.
 func (r *mutationResolver) RevokeAccess(ctx context.Context, param model.UpdateAccessInput) (*model.Response, error) {
 	return resolvers.RevokeAccessResolver(ctx, param)
 }
 
+// EnableAccess is the resolver for the _enable_access field.
 func (r *mutationResolver) EnableAccess(ctx context.Context, param model.UpdateAccessInput) (*model.Response, error) {
 	return resolvers.EnableAccessResolver(ctx, param)
 }
 
+// GenerateJwtKeys is the resolver for the _generate_jwt_keys field.
 func (r *mutationResolver) GenerateJwtKeys(ctx context.Context, params model.GenerateJWTKeysInput) (*model.GenerateJWTKeysResponse, error) {
 	return resolvers.GenerateJWTKeysResolver(ctx, params)
 }
 
+// AddWebhook is the resolver for the _add_webhook field.
 func (r *mutationResolver) AddWebhook(ctx context.Context, params model.AddWebhookRequest) (*model.Response, error) {
 	return resolvers.AddWebhookResolver(ctx, params)
 }
 
+// UpdateWebhook is the resolver for the _update_webhook field.
 func (r *mutationResolver) UpdateWebhook(ctx context.Context, params model.UpdateWebhookRequest) (*model.Response, error) {
 	return resolvers.UpdateWebhookResolver(ctx, params)
 }
 
+// DeleteWebhook is the resolver for the _delete_webhook field.
 func (r *mutationResolver) DeleteWebhook(ctx context.Context, params model.WebhookRequest) (*model.Response, error) {
 	return resolvers.DeleteWebhookResolver(ctx, params)
 }
 
+// TestEndpoint is the resolver for the _test_endpoint field.
 func (r *mutationResolver) TestEndpoint(ctx context.Context, params model.TestEndpointRequest) (*model.TestEndpointResponse, error) {
 	return resolvers.TestEndpointResolver(ctx, params)
 }
 
+// AddEmailTemplate is the resolver for the _add_email_template field.
 func (r *mutationResolver) AddEmailTemplate(ctx context.Context, params model.AddEmailTemplateRequest) (*model.Response, error) {
 	return resolvers.AddEmailTemplateResolver(ctx, params)
 }
 
+// UpdateEmailTemplate is the resolver for the _update_email_template field.
 func (r *mutationResolver) UpdateEmailTemplate(ctx context.Context, params model.UpdateEmailTemplateRequest) (*model.Response, error) {
 	return resolvers.UpdateEmailTemplateResolver(ctx, params)
 }
 
+// DeleteEmailTemplate is the resolver for the _delete_email_template field.
 func (r *mutationResolver) DeleteEmailTemplate(ctx context.Context, params model.DeleteEmailTemplateRequest) (*model.Response, error) {
 	return resolvers.DeleteEmailTemplateResolver(ctx, params)
 }
 
+// Meta is the resolver for the meta field.
 func (r *queryResolver) Meta(ctx context.Context) (*model.Meta, error) {
 	return resolvers.MetaResolver(ctx)
 }
 
+// Session is the resolver for the session field.
 func (r *queryResolver) Session(ctx context.Context, params *model.SessionQueryInput) (*model.AuthResponse, error) {
 	return resolvers.SessionResolver(ctx, params)
 }
 
+// Profile is the resolver for the profile field.
 func (r *queryResolver) Profile(ctx context.Context) (*model.User, error) {
 	return resolvers.ProfileResolver(ctx)
 }
 
+// ValidateJwtToken is the resolver for the validate_jwt_token field.
 func (r *queryResolver) ValidateJwtToken(ctx context.Context, params model.ValidateJWTTokenInput) (*model.ValidateJWTTokenResponse, error) {
 	return resolvers.ValidateJwtTokenResolver(ctx, params)
 }
 
+// Users is the resolver for the _users field.
 func (r *queryResolver) Users(ctx context.Context, params *model.PaginatedInput) (*model.Users, error) {
 	return resolvers.UsersResolver(ctx, params)
 }
 
+// VerificationRequests is the resolver for the _verification_requests field.
 func (r *queryResolver) VerificationRequests(ctx context.Context, params *model.PaginatedInput) (*model.VerificationRequests, error) {
 	return resolvers.VerificationRequestsResolver(ctx, params)
 }
 
+// AdminSession is the resolver for the _admin_session field.
 func (r *queryResolver) AdminSession(ctx context.Context) (*model.Response, error) {
 	return resolvers.AdminSessionResolver(ctx)
 }
 
+// Env is the resolver for the _env field.
 func (r *queryResolver) Env(ctx context.Context) (*model.Env, error) {
 	return resolvers.EnvResolver(ctx)
 }
 
+// Webhook is the resolver for the _webhook field.
 func (r *queryResolver) Webhook(ctx context.Context, params model.WebhookRequest) (*model.Webhook, error) {
 	return resolvers.WebhookResolver(ctx, params)
 }
 
+// Webhooks is the resolver for the _webhooks field.
 func (r *queryResolver) Webhooks(ctx context.Context, params *model.PaginatedInput) (*model.Webhooks, error) {
 	return resolvers.WebhooksResolver(ctx, params)
 }
 
+// WebhookLogs is the resolver for the _webhook_logs field.
 func (r *queryResolver) WebhookLogs(ctx context.Context, params *model.ListWebhookLogRequest) (*model.WebhookLogs, error) {
 	return resolvers.WebhookLogsResolver(ctx, params)
 }
 
+// EmailTemplates is the resolver for the _email_templates field.
 func (r *queryResolver) EmailTemplates(ctx context.Context, params *model.PaginatedInput) (*model.EmailTemplates, error) {
 	return resolvers.EmailTemplatesResolver(ctx, params)
 }

server/handlers/app.go

@@ -30,7 +30,7 @@ func AppHandler() gin.HandlerFunc {
 			return
 		}
 
-		redirect_uri := strings.TrimSpace(c.Query("redirect_uri"))
+		redirectURI := strings.TrimSpace(c.Query("redirect_uri"))
 		state := strings.TrimSpace(c.Query("state"))
 		scopeString := strings.TrimSpace(c.Query("scope"))
 
@@ -41,11 +41,11 @@ func AppHandler() gin.HandlerFunc {
 			scope = strings.Split(scopeString, " ")
 		}
 
-		if redirect_uri == "" {
-			redirect_uri = hostname + "/app"
+		if redirectURI == "" {
+			redirectURI = hostname + "/app"
 		} else {
 			// validate redirect url with allowed origins
-			if !validators.IsValidOrigin(redirect_uri) {
+			if !validators.IsValidOrigin(redirectURI) {
 				log.Debug("Invalid redirect_uri")
 				c.JSON(400, gin.H{"error": "invalid redirect url"})
 				return
@@ -75,7 +75,7 @@ func AppHandler() gin.HandlerFunc {
 		c.HTML(http.StatusOK, "app.tmpl", gin.H{
 			"data": map[string]interface{}{
 				"authorizerURL":    hostname,
-				"redirectURL":      redirect_uri,
+				"redirectURL":      redirectURI,
 				"scope":            scope,
 				"state":            state,
 				"organizationName": orgName,

server/handlers/authorize.go

@@ -1,10 +1,41 @@
 package handlers
 
+/**
+LOGIC TO REMEMBER THE AUTHORIZE FLOW
+
+
+jargons
+`at_hash` -> access_token_hash
+`c_hash` -> code_hash
+
+
+# ResponseType: Code
+	with /authorize request
+		- set state [state, code@@challenge]
+		- add &code to login redirect url
+	login resolver has optional param state
+		-if state found in store, split with @@
+		- if len > 1 -> response type is code and has code + challenge
+		- set `nonce, code` for createAuthToken request so that `c_hash` can be generated
+		- do not add `nonce` to id_token in code flow, instead set `c_hash` and `at_hash`
+
+
+# ResponseType: token / id_token
+	with /authorize request
+		- set state [state, nonce]
+		- add &nonce to login redirect url
+	login resolver has optional param state
+		- if state found in store, split with @@
+		- if len < 1 -> response type is token / id_token and value is nonce
+		- send received nonce for createAuthToken with empty code value
+		- set `nonce` and `at_hash` in `id_token`
+**/
+
 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -17,6 +48,15 @@ import (
 	"github.com/authorizerdev/authorizer/server/token"
 )
 
+// Check the flow for generating and verifying codes: https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce#:~:text=PKCE%20works%20by%20having%20the,is%20called%20the%20Code%20Challenge.
+
+// Check following docs for understanding request / response params for various types of requests: https://auth0.com/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-auth-code-flow
+
+const (
+	authorizeWebMessageTemplate = "authorize_web_message.tmpl"
+	authorizeFormPostTemplate   = "authorize_form_post.tmpl"
+)
+
 // AuthorizeHandler is the handler for the /authorize route
 // required params
 // ?redirect_uri = redirect url
@@ -24,8 +64,6 @@ import (
 // state[recommended] = to prevent CSRF attack (for authorizer its compulsory)
 // code_challenge = to prevent CSRF attack
 // code_challenge_method = to prevent CSRF attack [only sh256 is supported]
-
-// check the flow for generating and verifying codes: https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce#:~:text=PKCE%20works%20by%20having%20the,is%20called%20the%20Code%20Challenge.
 func AuthorizeHandler() gin.HandlerFunc {
 	return func(gc *gin.Context) {
 		redirectURI := strings.TrimSpace(gc.Query("redirect_uri"))
@@ -34,8 +72,8 @@ func AuthorizeHandler() gin.HandlerFunc {
 		codeChallenge := strings.TrimSpace(gc.Query("code_challenge"))
 		scopeString := strings.TrimSpace(gc.Query("scope"))
 		clientID := strings.TrimSpace(gc.Query("client_id"))
-		template := "authorize.tmpl"
 		responseMode := strings.TrimSpace(gc.Query("response_mode"))
+		nonce := strings.TrimSpace(gc.Query("nonce"))
 
 		var scope []string
 		if scopeString == "" {
@@ -45,176 +83,97 @@ func AuthorizeHandler() gin.HandlerFunc {
 		}
 
 		if responseMode == "" {
-			responseMode = "query"
-		}
-
-		if responseMode != "query" && responseMode != "web_message" {
-			log.Debug("Invalid response_mode: ", responseMode)
-			gc.JSON(400, gin.H{"error": "invalid response mode"})
+			responseMode = constants.ResponseModeQuery
 		}
 
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}
 
-		isQuery := responseMode == "query"
-
-		loginURL := "/app?state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
-
-		if clientID == "" {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Failed to get client_id: ", clientID)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "client_id is required",
-						},
-					},
-				})
-			}
-			return
-		}
-
-		if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Invalid client_id: ", clientID)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "invalid_client_id",
-						},
-					},
-				})
-			}
-			return
-		}
-
-		if state == "" {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Failed to get state: ", state)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "state is required",
-						},
-					},
-				})
-			}
-			return
-		}
-
 		if responseType == "" {
 			responseType = "token"
 		}
 
-		isResponseTypeCode := responseType == "code"
-		isResponseTypeToken := responseType == "token"
-
-		if !isResponseTypeCode && !isResponseTypeToken {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				log.Debug("Invalid response_type: ", responseType)
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error": "response_type is invalid",
-						},
-					},
-				})
-			}
+		if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {
+			log.Debug("invalid authorization request: ", err)
+			gc.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 			return
 		}
 
-		if isResponseTypeCode {
-			if codeChallenge == "" {
-				if isQuery {
-					gc.Redirect(http.StatusFound, loginURL)
-				} else {
-					log.Debug("Failed to get code_challenge: ", codeChallenge)
-					gc.HTML(http.StatusBadRequest, template, gin.H{
-						"target_origin": redirectURI,
-						"authorization_response": map[string]interface{}{
-							"type": "authorization_response",
-							"response": map[string]string{
-								"error": "code_challenge is required",
-							},
-						},
-					})
-				}
-				return
+		code := uuid.New().String()
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+
+		log := log.WithFields(log.Fields{
+			"response_mode": responseMode,
+			"response_type": responseType,
+		})
+
+		// TODO add state with timeout
+		// used for response mode query or fragment
+		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
+		if responseType == constants.ResponseTypeCode {
+			loginState += "&code=" + code
+			if err := memorystore.Provider.SetState(state, code+"@@"+codeChallenge); err != nil {
+				log.Debug("Error setting temp code", err)
+			}
+		} else {
+			loginState += "&nonce=" + nonce
+			if err := memorystore.Provider.SetState(state, nonce); err != nil {
+				log.Debug("Error setting temp code", err)
 			}
 		}
 
+		loginURL := "/app?" + loginState
+
+		if responseMode == constants.ResponseModeFragment {
+			loginURL = "/app#" + loginState
+		}
+
+		if responseType == constants.ResponseTypeCode && codeChallenge == "" {
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"error":             "code_challenge_required",
+					"error_description": "code challenge is required",
+				},
+			}, http.StatusOK)
+		}
+
+		loginError := map[string]interface{}{
+			"type": "authorization_response",
+			"response": map[string]interface{}{
+				"error":             "login_required",
+				"error_description": "Login is required",
+			},
+		}
 		sessionToken, err := cookie.GetSession(gc)
 		if err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error":             "login_required",
-							"error_description": "Login is required",
-						},
-					},
-				})
-			}
+			log.Debug("GetSession failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 			return
 		}
 
 		// get session from cookie
 		claims, err := token.ValidateBrowserSession(gc, sessionToken)
 		if err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error":             "login_required",
-							"error_description": "Login is required",
-						},
-					},
-				})
-			}
+			log.Debug("ValidateBrowserSession failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 			return
 		}
+
 		userID := claims.Subject
 		user, err := db.Provider.GetUserByID(gc, userID)
 		if err != nil {
-			if isQuery {
-				gc.Redirect(http.StatusFound, loginURL)
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type": "authorization_response",
-						"response": map[string]string{
-							"error":             "signup_required",
-							"error_description": "Sign up required",
-						},
-					},
-				})
-			}
+			log.Debug("GetUserByID failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"error":             "signup_required",
+					"error_description": "Sign up required",
+				},
+			}, http.StatusOK)
 			return
 		}
 
@@ -223,81 +182,102 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionKey = claims.LoginMethod + ":" + user.ID
 		}
 
-		// if user is logged in
-		// based on the response type code, generate the response
-		if isResponseTypeCode {
-			// rollover the session for security
-			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
-			nonce := uuid.New().String()
+		// rollover the session for security
+		go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
+		if responseType == constants.ResponseTypeCode {
 			newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
 			if err != nil {
-				if isQuery {
-					gc.Redirect(http.StatusFound, loginURL)
-				} else {
-					gc.HTML(http.StatusOK, template, gin.H{
-						"target_origin": redirectURI,
-						"authorization_response": map[string]interface{}{
-							"type": "authorization_response",
-							"response": map[string]string{
-								"error":             "login_required",
-								"error_description": "Login is required",
-							},
-						},
-					})
-				}
+				log.Debug("CreateSessionToken failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
+			}
+
+			// TODO: add state with timeout
+			// if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
+			// 	log.Debug("SetState failed: ", err)
+			// 	handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+			// 	return
+			// }
+
+			// TODO: add state with timeout
+			if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+newSessionToken); err != nil {
+				log.Debug("SetState failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
+			}
+
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil {
+				log.Debug("SetUserSession failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 				return
 			}
 
-			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken)
 			cookie.SetSession(gc, newSessionToken)
-			code := uuid.New().String()
-			memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken)
-			gc.HTML(http.StatusOK, template, gin.H{
-				"target_origin": redirectURI,
-				"authorization_response": map[string]interface{}{
-					"type": "authorization_response",
-					"response": map[string]string{
-						"code":  code,
-						"state": state,
-					},
+
+			// in case, response type is code and user is already logged in send the code and state
+			// and cookie session will already be rolled over and set
+			// gc.HTML(http.StatusOK, authorizeWebMessageTemplate, gin.H{
+			// 	"target_origin": redirectURI,
+			// 	"authorization_response": map[string]interface{}{
+			// 		"type": "authorization_response",
+			// 		"response": map[string]string{
+			// 			"code":  code,
+			// 			"state": state,
+			// 		},
+			// 	},
+			// })
+
+			params := "code=" + code + "&state=" + state + "&nonce=" + nonce
+			if responseMode == constants.ResponseModeQuery {
+				if strings.Contains(redirectURI, "?") {
+					redirectURI = redirectURI + "&" + params
+				} else {
+					redirectURI = redirectURI + "?" + params
+				}
+			} else if responseMode == constants.ResponseModeFragment {
+				if strings.Contains(redirectURI, "#") {
+					redirectURI = redirectURI + "&" + params
+				} else {
+					redirectURI = redirectURI + "#" + params
+				}
+			}
+
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"code":  code,
+					"state": state,
 				},
-			})
+			}, http.StatusOK)
+
 			return
 		}
 
-		if isResponseTypeToken {
+		if responseType == constants.ResponseTypeToken || responseType == constants.ResponseTypeIDToken {
 			// rollover the session for security
-			authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod)
+			authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod, nonce, "")
 			if err != nil {
-				if isQuery {
-					gc.Redirect(http.StatusFound, loginURL)
-				} else {
-					gc.HTML(http.StatusOK, template, gin.H{
-						"target_origin": redirectURI,
-						"authorization_response": map[string]interface{}{
-							"type": "authorization_response",
-							"response": map[string]string{
-								"error":             "login_required",
-								"error_description": "Login is required",
-							},
-						},
-					})
-				}
+				log.Debug("CreateAuthToken failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 				return
 			}
 
-			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
-			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
-			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
-			cookie.SetSession(gc, authToken.FingerPrintHash)
-
-			expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
-			if expiresIn <= 0 {
-				expiresIn = 1
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+nonce, authToken.FingerPrintHash); err != nil {
+				log.Debug("SetUserSession failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
 			}
 
+			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+nonce, authToken.FingerPrintHash); err != nil {
+				log.Debug("SetUserSession failed: ", err)
+				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+				return
+			}
+
+			cookie.SetSession(gc, authToken.FingerPrintHash)
+
 			// used of query mode
-			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
+			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(authToken.IDToken.ExpiresAt, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
 
 			res := map[string]interface{}{
 				"access_token": authToken.AccessToken.Token,
@@ -305,7 +285,12 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"state":        state,
 				"scope":        scope,
 				"token_type":   "Bearer",
-				"expires_in":   expiresIn,
+				"expires_in":   authToken.AccessToken.ExpiresAt,
+			}
+
+			if nonce != "" {
+				params += "&nonce=" + nonce
+				res["nonce"] = nonce
 			}
 
 			if authToken.RefreshToken != nil {
@@ -314,38 +299,77 @@ func AuthorizeHandler() gin.HandlerFunc {
 				memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 			}
 
-			if isQuery {
+			if responseMode == constants.ResponseModeQuery {
 				if strings.Contains(redirectURI, "?") {
-					gc.Redirect(http.StatusFound, redirectURI+"&"+params)
+					redirectURI = redirectURI + "&" + params
 				} else {
-					gc.Redirect(http.StatusFound, redirectURI+"?"+params)
+					redirectURI = redirectURI + "?" + params
+				}
+			} else if responseMode == constants.ResponseModeFragment {
+				if strings.Contains(redirectURI, "#") {
+					redirectURI = redirectURI + "&" + params
+				} else {
+					redirectURI = redirectURI + "#" + params
 				}
-			} else {
-				gc.HTML(http.StatusOK, template, gin.H{
-					"target_origin": redirectURI,
-					"authorization_response": map[string]interface{}{
-						"type":     "authorization_response",
-						"response": res,
-					},
-				})
 			}
+
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type":     "authorization_response",
+				"response": res,
+			}, http.StatusOK)
 			return
 		}
 
-		if isQuery {
-			gc.Redirect(http.StatusFound, loginURL)
-		} else {
-			// by default return with error
-			gc.HTML(http.StatusOK, template, gin.H{
-				"target_origin": redirectURI,
-				"authorization_response": map[string]interface{}{
-					"type": "authorization_response",
-					"response": map[string]string{
-						"error":             "login_required",
-						"error_description": "Login is required",
-					},
-				},
-			})
-		}
+		handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+	}
+}
+
+func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge string) error {
+	if strings.TrimSpace(state) == "" {
+		return fmt.Errorf("invalid state. state is required to prevent csrf attack", responseMode)
+	}
+	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken && responseType != constants.ResponseTypeIDToken {
+		return fmt.Errorf("invalid response type %s. 'code' & 'token' are valid response_type", responseMode)
+	}
+
+	if responseMode != constants.ResponseModeQuery && responseMode != constants.ResponseModeWebMessage && responseMode != constants.ResponseModeFragment && responseMode != constants.ResponseModeFormPost {
+		return fmt.Errorf("invalid response mode %s. 'query', 'fragment', 'form_post' and 'web_message' are valid response_mode", responseMode)
+	}
+
+	if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
+		return fmt.Errorf("invalid client_id %s", clientID)
+	}
+
+	return nil
+}
+
+func handleResponse(gc *gin.Context, responseMode, loginURI, redirectURI string, data map[string]interface{}, httpStatusCode int) {
+	isAuthenticationRequired := false
+	if _, ok := data["response"].(map[string]interface{})["error"]; ok {
+		isAuthenticationRequired = true
+	}
+
+	if isAuthenticationRequired {
+		gc.Redirect(http.StatusFound, loginURI)
+		return
+	}
+
+	switch responseMode {
+	case constants.ResponseModeQuery, constants.ResponseModeFragment:
+
+		gc.Redirect(http.StatusFound, redirectURI)
+		return
+	case constants.ResponseModeWebMessage:
+		gc.HTML(httpStatusCode, authorizeWebMessageTemplate, gin.H{
+			"target_origin":          redirectURI,
+			"authorization_response": data,
+		})
+		return
+	case constants.ResponseModeFormPost:
+		gc.HTML(httpStatusCode, authorizeFormPostTemplate, gin.H{
+			"target_origin":          redirectURI,
+			"authorization_response": data["response"],
+		})
+		return
 	}
 }

server/handlers/graphql.go

@@ -2,7 +2,7 @@ package handlers
 
 import (
 	"github.com/99designs/gqlgen/graphql/handler"
-	"github.com/authorizerdev/authorizer/server/graph"
+	graph "github.com/authorizerdev/authorizer/server/graph"
 	"github.com/authorizerdev/authorizer/server/graph/generated"
 	"github.com/gin-gonic/gin"
 )

server/handlers/oauth_callback.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"
 
@@ -55,20 +56,20 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		scopes := strings.Split(sessionSplit[3], ",")
 
 		user := models.User{}
-		code := ctx.Request.FormValue("code")
+		oauthCode := ctx.Request.FormValue("code")
 		switch provider {
 		case constants.AuthRecipeMethodGoogle:
-			user, err = processGoogleUserInfo(code)
+			user, err = processGoogleUserInfo(oauthCode)
 		case constants.AuthRecipeMethodGithub:
-			user, err = processGithubUserInfo(code)
+			user, err = processGithubUserInfo(oauthCode)
 		case constants.AuthRecipeMethodFacebook:
-			user, err = processFacebookUserInfo(code)
+			user, err = processFacebookUserInfo(oauthCode)
 		case constants.AuthRecipeMethodLinkedIn:
-			user, err = processLinkedInUserInfo(code)
+			user, err = processLinkedInUserInfo(oauthCode)
 		case constants.AuthRecipeMethodApple:
-			user, err = processAppleUserInfo(code)
+			user, err = processAppleUserInfo(oauthCode)
 		case constants.AuthRecipeMethodTwitter:
-			user, err = processTwitterUserInfo(code, sessionState)
+			user, err = processTwitterUserInfo(oauthCode, sessionState)
 		default:
 			log.Info("Invalid oauth provider")
 			err = fmt.Errorf(`invalid oauth provider`)
@@ -196,18 +197,53 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			}
 		}
 
-		authToken, err := token.CreateAuthToken(ctx, user, inputRoles, scopes, provider)
+		// TODO
+		// use stateValue to get code / nonce
+		// add code / nonce to id_token
+		code := ""
+		codeChallenge := ""
+		nonce := ""
+		if stateValue != "" {
+			// Get state from store
+			authorizeState, _ := memorystore.Provider.GetState(stateValue)
+			if authorizeState != "" {
+				authorizeStateSplit := strings.Split(authorizeState, "@@")
+				if len(authorizeStateSplit) > 1 {
+					code = authorizeStateSplit[0]
+					codeChallenge = authorizeStateSplit[1]
+				} else {
+					nonce = authorizeState
+				}
+				go memorystore.Provider.RemoveState(stateValue)
+			}
+		}
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+		authToken, err := token.CreateAuthToken(ctx, user, inputRoles, scopes, provider, nonce, code)
 		if err != nil {
 			log.Debug("Failed to create auth token: ", err)
 			ctx.JSON(500, gin.H{"error": err.Error()})
 		}
 
+		// Code challenge could be optional if PKCE flow is not used
+		if code != "" {
+			if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+				log.Debug("SetState failed: ", err)
+				ctx.JSON(500, gin.H{"error": err.Error()})
+			}
+		}
+
 		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 		if expiresIn <= 0 {
 			expiresIn = 1
 		}
 
-		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token
+		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
+
+		if code != "" {
+			params += "&code=" + code
+		}
 
 		sessionKey := provider + ":" + user.ID
 		cookie.SetSession(ctx, authToken.FingerPrintHash)
@@ -215,7 +251,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 
 		if authToken.RefreshToken != nil {
-			params = params + `&refresh_token=` + authToken.RefreshToken.Token
+			params += `&refresh_token=` + authToken.RefreshToken.Token
 			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 		}
 

server/handlers/openid_config.go

@@ -17,14 +17,14 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 		c.JSON(200, gin.H{
 			"issuer":                                issuer,
 			"authorization_endpoint":                issuer + "/authorize",
-			"token_endpoint":                        issuer + "/token",
+			"token_endpoint":                        issuer + "/oauth/token",
 			"userinfo_endpoint":                     issuer + "/userinfo",
 			"jwks_uri":                              issuer + "/.well-known/jwks.json",
-			"response_types_supported":              []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
+			"response_types_supported":              []string{"code", "token", "id_token"},
 			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
-			"response_modes_supported":              []string{"query", "fragment", "form_post"},
+			"response_modes_supported":              []string{"query", "fragment", "form_post", "web_message"},
 			"id_token_signing_alg_values_supported": []string{jwtType},
-			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
+			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "role", "gender", "birthdate", "phone_number", "phone_number_verified", "nonce", "updated_at", "created_at", "revoked_timestamp", "login_method", "signup_methods", "token_type"},
 		})
 	}
 }

server/handlers/token.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -17,12 +18,22 @@ import (
 	"github.com/authorizerdev/authorizer/server/token"
 )
 
+type RequestBody struct {
+	CodeVerifier string `form:"code_verifier" json:"code_verifier"`
+	Code         string `form:"code" json:"code"`
+	ClientID     string `form:"client_id" json:"client_id"`
+	ClientSecret string `form:"client_secret" json:"client_secret"`
+	GrantType    string `form:"grant_type" json:"grant_type"`
+	RefreshToken string `form:"refresh_token" json:"refresh_token"`
+	RedirectURI  string `form:"redirect_uri" json:"redirect_uri"`
+}
+
 // TokenHandler to handle /oauth/token requests
 // grant type required
 func TokenHandler() gin.HandlerFunc {
 	return func(gc *gin.Context) {
-		var reqBody map[string]string
-		if err := gc.BindJSON(&reqBody); err != nil {
+		var reqBody RequestBody
+		if err := gc.Bind(&reqBody); err != nil {
 			log.Debug("Error binding JSON: ", err)
 			gc.JSON(http.StatusBadRequest, gin.H{
 				"error":             "error_binding_json",
@@ -31,11 +42,12 @@ func TokenHandler() gin.HandlerFunc {
 			return
 		}
 
-		codeVerifier := strings.TrimSpace(reqBody["code_verifier"])
-		code := strings.TrimSpace(reqBody["code"])
-		clientID := strings.TrimSpace(reqBody["client_id"])
-		grantType := strings.TrimSpace(reqBody["grant_type"])
-		refreshToken := strings.TrimSpace(reqBody["refresh_token"])
+		codeVerifier := strings.TrimSpace(reqBody.CodeVerifier)
+		code := strings.TrimSpace(reqBody.Code)
+		clientID := strings.TrimSpace(reqBody.ClientID)
+		grantType := strings.TrimSpace(reqBody.GrantType)
+		refreshToken := strings.TrimSpace(reqBody.RefreshToken)
+		clientSecret := strings.TrimSpace(reqBody.ClientSecret)
 
 		if grantType == "" {
 			grantType = "authorization_code"
@@ -52,6 +64,12 @@ func TokenHandler() gin.HandlerFunc {
 			})
 		}
 
+		// check if clientID & clientSecret are present as part of
+		// authorization header with basic auth
+		if clientID == "" && clientSecret == "" {
+			clientID, clientSecret, _ = gc.Request.BasicAuth()
+		}
+
 		if clientID == "" {
 			log.Debug("Client ID is empty")
 			gc.JSON(http.StatusBadRequest, gin.H{
@@ -76,15 +94,6 @@ func TokenHandler() gin.HandlerFunc {
 		sessionKey := ""
 
 		if isAuthorizationCodeGrant {
-			if codeVerifier == "" {
-				log.Debug("Code verifier is empty")
-				gc.JSON(http.StatusBadRequest, gin.H{
-					"error":             "invalid_code_verifier",
-					"error_description": "The code verifier is required",
-				})
-				return
-			}
-
 			if code == "" {
 				log.Debug("Code is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
@@ -94,33 +103,53 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}
 
-			hash := sha256.New()
-			hash.Write([]byte(codeVerifier))
-			encryptedCode := strings.ReplaceAll(base64.URLEncoding.EncodeToString(hash.Sum(nil)), "+", "-")
-			encryptedCode = strings.ReplaceAll(encryptedCode, "/", "_")
-			encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
-			sessionData, err := memorystore.Provider.GetState(encryptedCode)
+			if codeVerifier == "" && clientSecret == "" {
+				gc.JSON(http.StatusBadRequest, gin.H{
+					"error":             "invalid_dat",
+					"error_description": "The code verifier or client secret is required",
+				})
+				return
+			}
+			// Get state
+			sessionData, err := memorystore.Provider.GetState(code)
 			if sessionData == "" || err != nil {
 				log.Debug("Session data is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
-					"error":             "invalid_code_verifier",
-					"error_description": "The code verifier is invalid",
+					"error":             "invalid_code",
+					"error_description": "The code is invalid",
 				})
 				return
 			}
 
-			go memorystore.Provider.RemoveState(encryptedCode)
-			// split session data
-			// it contains code@sessiontoken
-			sessionDataSplit := strings.Split(sessionData, "@")
+			// [0] -> code_challenge
+			// [1] -> session cookie
+			sessionDataSplit := strings.Split(sessionData, "@@")
 
-			if sessionDataSplit[0] != code {
-				log.Debug("Invalid code verifier. Unable to split session data")
-				gc.JSON(http.StatusBadRequest, gin.H{
-					"error":             "invalid_code_verifier",
-					"error_description": "The code verifier is invalid",
-				})
-				return
+			go memorystore.Provider.RemoveState(code)
+
+			if codeVerifier != "" {
+				hash := sha256.New()
+				hash.Write([]byte(codeVerifier))
+				encryptedCode := strings.ReplaceAll(base64.RawURLEncoding.EncodeToString(hash.Sum(nil)), "+", "-")
+				encryptedCode = strings.ReplaceAll(encryptedCode, "/", "_")
+				encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
+				if encryptedCode != sessionDataSplit[0] {
+					gc.JSON(http.StatusBadRequest, gin.H{
+						"error":             "invalid_code_verifier",
+						"error_description": "The code verifier is invalid",
+					})
+					return
+				}
+
+			} else {
+				if clientHash, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientSecret); clientSecret != clientHash || err != nil {
+					log.Debug("Client Secret is invalid: ", clientID)
+					gc.JSON(http.StatusBadRequest, gin.H{
+						"error":             "invalid_client_secret",
+						"error_description": "The client secret is invalid",
+					})
+					return
+				}
 			}
 
 			// validate session
@@ -146,6 +175,7 @@ func TokenHandler() gin.HandlerFunc {
 			}
 
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
+
 		} else {
 			// validate refresh token
 			if refreshToken == "" {
@@ -154,6 +184,7 @@ func TokenHandler() gin.HandlerFunc {
 					"error":             "invalid_refresh_token",
 					"error_description": "The refresh token is invalid",
 				})
+				return
 			}
 
 			claims, err := token.ValidateRefreshToken(gc, refreshToken)
@@ -163,9 +194,10 @@ func TokenHandler() gin.HandlerFunc {
 					"error":             "unauthorized",
 					"error_description": err.Error(),
 				})
+				return
 			}
 			userID = claims["sub"].(string)
-			loginMethod := claims["login_method"]
+			claimLoginMethod := claims["login_method"]
 			rolesInterface := claims["roles"].([]interface{})
 			scopeInterface := claims["scope"].([]interface{})
 			for _, v := range rolesInterface {
@@ -176,9 +208,11 @@ func TokenHandler() gin.HandlerFunc {
 			}
 
 			sessionKey = userID
-			if loginMethod != nil && loginMethod != "" {
-				sessionKey = loginMethod.(string) + ":" + sessionKey
+			if claimLoginMethod != nil && claimLoginMethod != "" {
+				sessionKey = claimLoginMethod.(string) + ":" + sessionKey
+				loginMethod = claimLoginMethod.(string)
 			}
+
 			// remove older refresh token and rotate it for security
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))
 		}
@@ -202,7 +236,8 @@ func TokenHandler() gin.HandlerFunc {
 			return
 		}
 
-		authToken, err := token.CreateAuthToken(gc, user, roles, scope, loginMethod)
+		nonce := uuid.New().String() + "@@" + code
+		authToken, err := token.CreateAuthToken(gc, user, roles, scope, loginMethod, nonce, code)
 		if err != nil {
 			log.Debug("Error creating auth token: ", err)
 			gc.JSON(http.StatusUnauthorized, gin.H{
@@ -211,6 +246,7 @@ func TokenHandler() gin.HandlerFunc {
 			})
 			return
 		}
+
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 		cookie.SetSession(gc, authToken.FingerPrintHash)

server/handlers/verify_email.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -98,7 +99,30 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		if verificationRequest.Identifier == constants.VerificationTypeMagicLinkLogin {
 			loginMethod = constants.AuthRecipeMethodMagicLinkLogin
 		}
-		authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod)
+
+		code := ""
+		// Not required as /oauth/token cannot be resumed from other tab
+		// codeChallenge := ""
+		nonce := ""
+		if state != "" {
+			// Get state from store
+			authorizeState, _ := memorystore.Provider.GetState(state)
+			if authorizeState != "" {
+				authorizeStateSplit := strings.Split(authorizeState, "@@")
+				if len(authorizeStateSplit) > 1 {
+					code = authorizeStateSplit[0]
+					// Not required as /oauth/token cannot be resumed from other tab
+					// codeChallenge = authorizeStateSplit[1]
+				} else {
+					nonce = authorizeState
+				}
+				go memorystore.Provider.RemoveState(state)
+			}
+		}
+		if nonce == "" {
+			nonce = uuid.New().String()
+		}
+		authToken, err := token.CreateAuthToken(c, user, roles, scope, loginMethod, nonce, code)
 		if err != nil {
 			log.Debug("Error creating auth token: ", err)
 			errorRes["error_description"] = err.Error()
@@ -106,12 +130,27 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			return
 		}
 
+		// Code challenge could be optional if PKCE flow is not used
+		// Not required as /oauth/token cannot be resumed from other tab
+		// if code != "" {
+		// 	if err := memorystore.Provider.SetState(code, codeChallenge+"@@"+authToken.FingerPrintHash); err != nil {
+		// 		log.Debug("Error setting code state ", err)
+		// 		errorRes["error_description"] = err.Error()
+		// 		c.JSON(500, errorRes)
+		// 		return
+		// 	}
+		// }
+
 		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
 		if expiresIn <= 0 {
 			expiresIn = 1
 		}
 
-		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
+		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&nonce=" + nonce
+
+		if code != "" {
+			params += "&code=" + code
+		}
 
 		sessionKey := loginMethod + ":" + user.ID
 		cookie.SetSession(c, authToken.FingerPrintHash)

server/logs/logs.go

@@ -0,0 +1,61 @@
+package logs
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
+)
+
+// LogUTCFormatter hels in setting UTC time format for the logs
+type LogUTCFormatter struct {
+	log.Formatter
+}
+
+// Format helps fomratting time to UTC
+func (u LogUTCFormatter) Format(e *log.Entry) ([]byte, error) {
+	e.Time = e.Time.UTC()
+	return u.Formatter.Format(e)
+}
+
+func InitLog(cliLogLevel string) *log.Logger {
+
+	// log instance for gin server
+	log := logrus.New()
+	log.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
+
+	if cliLogLevel == "" {
+		cliLogLevel = os.Getenv("LOG_LEVEL")
+	}
+
+	var logLevel logrus.Level
+	switch cliLogLevel {
+	case "debug":
+		logLevel = logrus.DebugLevel
+	case "info":
+		logLevel = logrus.InfoLevel
+	case "warn":
+		logLevel = logrus.WarnLevel
+	case "error":
+		logLevel = logrus.ErrorLevel
+	case "fatal":
+		logLevel = logrus.FatalLevel
+	case "panic":
+		logLevel = logrus.PanicLevel
+	default:
+		logLevel = logrus.InfoLevel
+	}
+	// set log level globally
+	logrus.SetLevel(logLevel)
+
+	// set log level for go-gin middleware
+	log.SetLevel(logLevel)
+
+	// show file path in log for debug or other log levels.
+	if logLevel != logrus.InfoLevel {
+		logrus.SetReportCaller(true)
+		log.SetReportCaller(true)
+	}
+
+	return log
+}

server/main.go

@@ -3,78 +3,42 @@ package main
 import (
 	"flag"
 
-	"github.com/sirupsen/logrus"
-	log "github.com/sirupsen/logrus"
-
 	"github.com/authorizerdev/authorizer/server/cli"
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/env"
+	"github.com/authorizerdev/authorizer/server/logs"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/routes"
+	"github.com/sirupsen/logrus"
 )
 
+// VERSION is used to define the version of authorizer from build tags
 var VERSION string
 
-type LogUTCFormatter struct {
-	log.Formatter
-}
-
-func (u LogUTCFormatter) Format(e *log.Entry) ([]byte, error) {
-	e.Time = e.Time.UTC()
-	return u.Formatter.Format(e)
-}
-
 func main() {
 	cli.ARG_DB_URL = flag.String("database_url", "", "Database connection string")
 	cli.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
 	cli.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
-	cli.ARG_LOG_LEVEL = flag.String("log_level", "info", "Log level, possible values are debug,info,warn,error,fatal,panic")
+	cli.ARG_LOG_LEVEL = flag.String("log_level", "", "Log level, possible values are debug,info,warn,error,fatal,panic")
 	cli.ARG_REDIS_URL = flag.String("redis_url", "", "Redis connection string")
 	flag.Parse()
 
 	// global log level
-	logrus.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
-
-	// log instance for gin server
-	log := logrus.New()
-	log.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
-
-	var logLevel logrus.Level
-	switch *cli.ARG_LOG_LEVEL {
-	case "debug":
-		logLevel = logrus.DebugLevel
-	case "info":
-		logLevel = logrus.InfoLevel
-	case "warn":
-		logLevel = logrus.WarnLevel
-	case "error":
-		logLevel = logrus.ErrorLevel
-	case "fatal":
-		logLevel = logrus.FatalLevel
-	case "panic":
-		logLevel = logrus.PanicLevel
-	default:
-		logLevel = logrus.InfoLevel
-	}
-	logrus.SetLevel(logLevel)
-	log.SetLevel(logLevel)
-
-	// show file path in log for debug or other log levels.
-	if logLevel != logrus.InfoLevel {
-		logrus.SetReportCaller(true)
-		log.SetReportCaller(true)
-	}
+	logrus.SetFormatter(logs.LogUTCFormatter{&logrus.JSONFormatter{}})
 
 	constants.VERSION = VERSION
 
 	// initialize required envs (mainly db, env file path and redis)
 	err := memorystore.InitRequiredEnv()
 	if err != nil {
-		log.Fatal("Error while initializing required envs: ", err)
+		logrus.Fatal("Error while initializing required envs: ", err)
 	}
 
+	log := logs.InitLog(refs.StringValue(cli.ARG_LOG_LEVEL))
+
 	// initialize memory store
 	err = memorystore.InitMemStore()
 	if err != nil {

server/memorystore/memory_store.go

@@ -34,6 +34,8 @@ func InitMemStore() error {
 		constants.EnvKeyIsEmailServiceEnabled:            false,
 		constants.EnvKeyEnforceMultiFactorAuthentication: false,
 		constants.EnvKeyDisableMultiFactorAuthentication: false,
+		constants.EnvKeyAppCookieSecure:                  true,
+		constants.EnvKeyAdminCookieSecure:                true,
 	}
 
 	requiredEnvs := RequiredEnvStoreObj.GetRequiredEnv()
@@ -55,7 +57,7 @@ func InitMemStore() error {
 	}
 
 	redisURL := requiredEnvs.RedisURL
-	if redisURL != "" && !requiredEnvs.disableRedisForEnv {
+	if redisURL != "" && !requiredEnvs.DisableRedisForEnv {
 		log.Info("Initializing Redis memory store")
 		Provider, err = redis.NewRedisProvider(redisURL)
 		if err != nil {

server/memorystore/providers/redis/store.go

@@ -161,7 +161,7 @@ func (c *provider) GetEnvStore() (map[string]interface{}, error) {
 		return nil, err
 	}
 	for key, value := range data {
-		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication {
+		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp || key == constants.EnvKeyDisableStrongPassword || key == constants.EnvKeyIsEmailServiceEnabled || key == constants.EnvKeyEnforceMultiFactorAuthentication || key == constants.EnvKeyDisableMultiFactorAuthentication || key == constants.EnvKeyAppCookieSecure || key == constants.EnvKeyAdminCookieSecure {
 			boolValue, err := strconv.ParseBool(value)
 			if err != nil {
 				return res, err

server/memorystore/required_env_store.go

@@ -27,7 +27,11 @@ type RequiredEnv struct {
 	DatabaseCertKey    string `json:"DATABASE_CERT_KEY"`
 	DatabaseCACert     string `json:"DATABASE_CA_CERT"`
 	RedisURL           string `json:"REDIS_URL"`
-	disableRedisForEnv bool   `json:"DISABLE_REDIS_FOR_ENV"`
+	DisableRedisForEnv bool   `json:"DISABLE_REDIS_FOR_ENV"`
+	// AWS Related Envs
+	AwsRegion          string `json:"AWS_REGION"`
+	AwsAccessKeyID     string `json:"AWS_ACCESS_KEY_ID"`
+	AwsSecretAccessKey string `json:"AWS_SECRET_ACCESS_KEY"`
 }
 
 // RequiredEnvObj is a simple in-memory store for sessions.
@@ -53,7 +57,8 @@ func (r *RequiredEnvStore) SetRequiredEnv(requiredEnv RequiredEnv) {
 
 var RequiredEnvStoreObj *RequiredEnvStore
 
-// InitRequiredEnv to initialize EnvData and through error if required env are not present
+// InitRequiredEnv to initialize EnvData and throw error if required env are not present
+// This includes env that only configurable via env vars and not the ui
 func InitRequiredEnv() error {
 	envPath := os.Getenv(constants.EnvKeyEnvPath)
 
@@ -85,6 +90,9 @@ func InitRequiredEnv() error {
 	dbCACert := os.Getenv(constants.EnvKeyDatabaseCACert)
 	redisURL := os.Getenv(constants.EnvKeyRedisURL)
 	disableRedisForEnv := os.Getenv(constants.EnvKeyDisableRedisForEnv) == "true"
+	awsRegion := os.Getenv(constants.EnvAwsRegion)
+	awsAccessKeyID := os.Getenv(constants.EnvAwsAccessKeyID)
+	awsSecretAccessKey := os.Getenv(constants.EnvAwsSecretAccessKey)
 
 	if strings.TrimSpace(redisURL) == "" {
 		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
@@ -113,7 +121,8 @@ func InitRequiredEnv() error {
 			dbURL = strings.TrimSpace(*cli.ARG_DB_URL)
 		}
 
-		if dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
+		// In dynamoDB these field are not always mandatory
+		if dbType != constants.DbTypeDynamoDB && dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
 			log.Debug("DATABASE_URL is not set")
 			return errors.New("invalid database url. DATABASE_URL is required")
 		}
@@ -138,7 +147,10 @@ func InitRequiredEnv() error {
 		DatabaseCertKey:    dbCertKey,
 		DatabaseCACert:     dbCACert,
 		RedisURL:           redisURL,
-		disableRedisForEnv: disableRedisForEnv,
+		DisableRedisForEnv: disableRedisForEnv,
+		AwsRegion:          awsRegion,
+		AwsAccessKeyID:     awsAccessKeyID,
+		AwsSecretAccessKey: awsSecretAccessKey,
 	}
 
 	RequiredEnvStoreObj = &RequiredEnvStore{

server/parsers/url.go

@@ -11,8 +11,8 @@ import (
 )
 
 // GetHost returns hostname from request context
-// if X-Authorizer-URL header is set it is given highest priority
-// if EnvKeyAuthorizerURL is set it is given second highest priority.
+// if EnvKeyAuthorizerURL is set it is given highest priority.
+// if X-Authorizer-URL header is set it is given second highest priority
 // if above 2 are not set the requesting host name is used
 func GetHost(c *gin.Context) string {
 	authorizerURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)
@@ -91,7 +91,7 @@ func GetDomainName(uri string) string {
 	return host
 }
 
-// GetAppURL to get /app/ url if not configured by user
+// GetAppURL to get /app url if not configured by user
 func GetAppURL(gc *gin.Context) string {
 	envAppURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
 	if envAppURL == "" || err != nil {