fix: add comment for scope

fix: session invalidation

.env.sample

@@ -1,3 +1,4 @@
+ENV=production
 DATABASE_URL=data.db
 DATABASE_TYPE=sqlite
 CUSTOM_ACCESS_TOKEN_SCRIPT="function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}"

.env.test

@@ -0,0 +1,9 @@
+ENV=test
+DATABASE_URL=test.db
+DATABASE_TYPE=sqlite
+CUSTOM_ACCESS_TOKEN_SCRIPT="function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}"
+SMTP_HOST=smtp.mailtrap.io
+SMTP_PORT=2525
+SMTP_USERNAME=test
+SMTP_PASSWORD=test
+SENDER_EMAIL="info@authorizer.dev"

.gitignore

@@ -8,6 +8,7 @@ dashboard/build
 build
 .env
 data.db
+test.db
 .DS_Store
 .env.local
 *.tar.gz

Makefile

@@ -10,7 +10,7 @@ build-dashboard:
 clean:
 	rm -rf build
 test:
-	cd server && go clean --testcache && go test -v ./test
+	rm -rf server/test/test.db && rm -rf test.db && cd server && go clean --testcache && go test -p 1 -v ./test
 generate:
 	cd server && go get github.com/99designs/gqlgen/cmd@v0.14.0 && go run github.com/99designs/gqlgen generate
 	

app/package-lock.json

@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "^0.17.0",
+				"@authorizerdev/authorizer-react": "^0.24.0-beta.1",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -17,16 +17,18 @@
 				"react-dom": "^17.0.2",
 				"react-is": "^17.0.2",
 				"react-router-dom": "^5.2.0",
+				"styled-components": "^5.3.0",
 				"typescript": "^4.3.5"
 			},
 			"devDependencies": {
-				"@types/react-router-dom": "^5.1.8"
+				"@types/react-router-dom": "^5.1.8",
+				"@types/styled-components": "^5.1.11"
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "0.10.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.10.0.tgz",
-			"integrity": "sha512-REM8FLD/Ej9gzA2zDGDAke6QFss33ubePlTDmLDmIYUuQmpHFlO5mCCS6nVsKkN7F/Bcwkmp+eUNQjkdGCaKLg==",
+			"version": "0.13.0-beta.2",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.13.0-beta.2.tgz",
+			"integrity": "sha512-3K3Qew/npD375DQdJnYb43aWVOU7giG2+8sHOjy8aXhZ+GlQQ8cGu54lozFYUMDcM1HjQU2N53xLmneONPepSw==",
 			"dependencies": {
 				"node-fetch": "^2.6.1"
 			},
@@ -35,11 +37,11 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "0.17.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.17.0.tgz",
-			"integrity": "sha512-7WcNCU7hDFkVfFb8LcJXFwWiLYd8aY78z1AbNPxCa2Cw5G85PaRkzjKybP6h01ITVOHO6M03lLwPj8p6Sr6fEg==",
+			"version": "0.24.0-beta.1",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.24.0-beta.1.tgz",
+			"integrity": "sha512-S/Oqc24EfotbrABuv379i/3uCfQPYJQqXrOU9d8AytF++pzG/2dcoIoaMbWZQkATR3m6a5AnhpG6bIB+4NbrUQ==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^0.10.0",
+				"@authorizerdev/authorizer-js": "^0.13.0-beta.2",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -271,6 +273,16 @@
 			"integrity": "sha512-MUc6zSmU3tEVnkQ78q0peeEjKWPUADMlC/t++2bI8WnAG2tvYRPIgHG8lWkXwqc8MsUF6Z2MOf+Mh5sazOmhiQ==",
 			"dev": true
 		},
+		"node_modules/@types/hoist-non-react-statics": {
+			"version": "3.3.1",
+			"resolved": "https://registry.npmjs.org/@types/hoist-non-react-statics/-/hoist-non-react-statics-3.3.1.tgz",
+			"integrity": "sha512-iMIqiko6ooLrTh1joXodJK5X9xeEALT1kM5G3ZLhD3hszxBdIEd5C75U834D9mLcINgD4OyZf5uQXjkuYydWvA==",
+			"dev": true,
+			"dependencies": {
+				"@types/react": "*",
+				"hoist-non-react-statics": "^3.3.0"
+			}
+		},
 		"node_modules/@types/prop-types": {
 			"version": "15.7.4",
 			"resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.4.tgz",
@@ -320,6 +332,17 @@
 			"resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz",
 			"integrity": "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="
 		},
+		"node_modules/@types/styled-components": {
+			"version": "5.1.25",
+			"resolved": "https://registry.npmjs.org/@types/styled-components/-/styled-components-5.1.25.tgz",
+			"integrity": "sha512-fgwl+0Pa8pdkwXRoVPP9JbqF0Ivo9llnmsm+7TCI330kbPIFd9qv1Lrhr37shf4tnxCOSu+/IgqM7uJXLWZZNQ==",
+			"dev": true,
+			"dependencies": {
+				"@types/hoist-non-react-statics": "*",
+				"@types/react": "*",
+				"csstype": "^3.0.2"
+			}
+		},
 		"node_modules/ansi-styles": {
 			"version": "3.2.1",
 			"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
@@ -793,7 +816,7 @@
 		"node_modules/tr46": {
 			"version": "0.0.3",
 			"resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
-			"integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+			"integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
 		},
 		"node_modules/typescript": {
 			"version": "4.3.5",
@@ -815,12 +838,12 @@
 		"node_modules/webidl-conversions": {
 			"version": "3.0.1",
 			"resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
-			"integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+			"integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
 		},
 		"node_modules/whatwg-url": {
 			"version": "5.0.0",
 			"resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
-			"integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+			"integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
 			"dependencies": {
 				"tr46": "~0.0.3",
 				"webidl-conversions": "^3.0.0"
@@ -829,19 +852,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "0.10.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.10.0.tgz",
-			"integrity": "sha512-REM8FLD/Ej9gzA2zDGDAke6QFss33ubePlTDmLDmIYUuQmpHFlO5mCCS6nVsKkN7F/Bcwkmp+eUNQjkdGCaKLg==",
+			"version": "0.13.0-beta.2",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.13.0-beta.2.tgz",
+			"integrity": "sha512-3K3Qew/npD375DQdJnYb43aWVOU7giG2+8sHOjy8aXhZ+GlQQ8cGu54lozFYUMDcM1HjQU2N53xLmneONPepSw==",
 			"requires": {
 				"node-fetch": "^2.6.1"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "0.17.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.17.0.tgz",
-			"integrity": "sha512-7WcNCU7hDFkVfFb8LcJXFwWiLYd8aY78z1AbNPxCa2Cw5G85PaRkzjKybP6h01ITVOHO6M03lLwPj8p6Sr6fEg==",
+			"version": "0.24.0-beta.1",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.24.0-beta.1.tgz",
+			"integrity": "sha512-S/Oqc24EfotbrABuv379i/3uCfQPYJQqXrOU9d8AytF++pzG/2dcoIoaMbWZQkATR3m6a5AnhpG6bIB+4NbrUQ==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^0.10.0",
+				"@authorizerdev/authorizer-js": "^0.13.0-beta.2",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -1016,6 +1039,16 @@
 			"integrity": "sha512-MUc6zSmU3tEVnkQ78q0peeEjKWPUADMlC/t++2bI8WnAG2tvYRPIgHG8lWkXwqc8MsUF6Z2MOf+Mh5sazOmhiQ==",
 			"dev": true
 		},
+		"@types/hoist-non-react-statics": {
+			"version": "3.3.1",
+			"resolved": "https://registry.npmjs.org/@types/hoist-non-react-statics/-/hoist-non-react-statics-3.3.1.tgz",
+			"integrity": "sha512-iMIqiko6ooLrTh1joXodJK5X9xeEALT1kM5G3ZLhD3hszxBdIEd5C75U834D9mLcINgD4OyZf5uQXjkuYydWvA==",
+			"dev": true,
+			"requires": {
+				"@types/react": "*",
+				"hoist-non-react-statics": "^3.3.0"
+			}
+		},
 		"@types/prop-types": {
 			"version": "15.7.4",
 			"resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.4.tgz",
@@ -1065,6 +1098,17 @@
 			"resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz",
 			"integrity": "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="
 		},
+		"@types/styled-components": {
+			"version": "5.1.25",
+			"resolved": "https://registry.npmjs.org/@types/styled-components/-/styled-components-5.1.25.tgz",
+			"integrity": "sha512-fgwl+0Pa8pdkwXRoVPP9JbqF0Ivo9llnmsm+7TCI330kbPIFd9qv1Lrhr37shf4tnxCOSu+/IgqM7uJXLWZZNQ==",
+			"dev": true,
+			"requires": {
+				"@types/hoist-non-react-statics": "*",
+				"@types/react": "*",
+				"csstype": "^3.0.2"
+			}
+		},
 		"ansi-styles": {
 			"version": "3.2.1",
 			"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
@@ -1438,7 +1482,7 @@
 		"tr46": {
 			"version": "0.0.3",
 			"resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
-			"integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+			"integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
 		},
 		"typescript": {
 			"version": "4.3.5",
@@ -1453,12 +1497,12 @@
 		"webidl-conversions": {
 			"version": "3.0.1",
 			"resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
-			"integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+			"integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
 		},
 		"whatwg-url": {
 			"version": "5.0.0",
 			"resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
-			"integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+			"integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
 			"requires": {
 				"tr46": "~0.0.3",
 				"webidl-conversions": "^3.0.0"

app/package.json

@@ -11,7 +11,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^0.17.0",
+		"@authorizerdev/authorizer-react": "^0.24.0-beta.1",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
@@ -19,9 +19,11 @@
 		"react-dom": "^17.0.2",
 		"react-is": "^17.0.2",
 		"react-router-dom": "^5.2.0",
-		"typescript": "^4.3.5"
+		"typescript": "^4.3.5",
+		"styled-components": "^5.3.0"
 	},
 	"devDependencies": {
-		"@types/react-router-dom": "^5.1.8"
+		"@types/react-router-dom": "^5.1.8",
+		"@types/styled-components": "^5.1.11"
 	}
 }

app/src/Root.tsx

@@ -1,11 +1,28 @@
 import React, { useEffect, lazy, Suspense } from 'react';
 import { Switch, Route } from 'react-router-dom';
 import { useAuthorizer } from '@authorizerdev/authorizer-react';
+import styled, { ThemeProvider } from 'styled-components';
 import SetupPassword from './pages/setup-password';
+import { hasWindow, createRandomString } from './utils/common';
+import { theme } from './theme';
 
 const ResetPassword = lazy(() => import('./pages/rest-password'));
 const Login = lazy(() => import('./pages/login'));
 const Dashboard = lazy(() => import('./pages/dashboard'));
+const SignUp = lazy(() => import('./pages/signup'));
+
+const Wrapper = styled.div`
+	font-family: ${(props) => props.theme.fonts.fontStack};
+	color: ${(props) => props.theme.colors.textColor};
+	font-size: ${(props) => props.theme.fonts.mediumText};
+	box-sizing: border-box;
+
+	*,
+	*:before,
+	*:after {
+		box-sizing: inherit;
+	}
+`;
 
 export default function Root({
 	globalState,
@@ -14,6 +31,29 @@ export default function Root({
 }) {
 	const { token, loading, config } = useAuthorizer();
 
+	const searchParams = new URLSearchParams(
+		hasWindow() ? window.location.search : ``
+	);
+	const state = searchParams.get('state') || createRandomString();
+	const scope = searchParams.get('scope')
+		? searchParams.get('scope')?.toString().split(' ')
+		: ['openid', 'profile', 'email'];
+
+	const urlProps: Record<string, any> = {
+		state,
+		scope,
+	};
+
+	const redirectURL =
+		searchParams.get('redirect_uri') || searchParams.get('redirectURL');
+	if (redirectURL) {
+		urlProps.redirectURL = redirectURL;
+	} else {
+		urlProps.redirectURL = hasWindow() ? window.location.origin : redirectURL;
+	}
+
+	urlProps.redirect_uri = urlProps.redirectURL;
+
 	useEffect(() => {
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
@@ -54,9 +94,14 @@ export default function Root({
 
 	return (
 		<Suspense fallback={<></>}>
+			<ThemeProvider theme={theme}>
+				<Wrapper>
 					<Switch>
 						<Route path="/app" exact>
-					<Login />
+							<Login urlProps={urlProps} />
+						</Route>
+						<Route path="/app/signup" exact>
+							<SignUp urlProps={urlProps} />
 						</Route>
 						<Route path="/app/reset-password">
 							<ResetPassword />
@@ -65,6 +110,8 @@ export default function Root({
 							<SetupPassword />
 						</Route>
 					</Switch>
+				</Wrapper>
+			</ThemeProvider>
 		</Suspense>
 	);
 }

app/src/pages/login.tsx

@@ -1,10 +1,84 @@
-import React, { Fragment } from 'react';
-import { Authorizer } from '@authorizerdev/authorizer-react';
+import React, { Fragment, useState } from 'react';
+import {
+	AuthorizerBasicAuthLogin,
+	AuthorizerForgotPassword,
+	AuthorizerMagicLinkLogin,
+	AuthorizerSocialLogin,
+	useAuthorizer,
+} from '@authorizerdev/authorizer-react';
+import styled from 'styled-components';
+import { Link } from 'react-router-dom';
 
-export default function Login() {
+const enum VIEW_TYPES {
+	LOGIN = 'login',
+	FORGOT_PASSWORD = 'forgot-password',
+}
+
+const Footer = styled.div`
+	display: flex;
+	flex-direction: column;
+	justify-content: center;
+	align-items: center;
+	margin-top: 15px;
+`;
+
+const FooterContent = styled.div`
+	display: flex;
+	justify-content: center;
+	align-items: center;
+	margin-top: 10px;
+`;
+
+export default function Login({ urlProps }: { urlProps: Record<string, any> }) {
+	const { config } = useAuthorizer();
+	const [view, setView] = useState<VIEW_TYPES>(VIEW_TYPES.LOGIN);
 	return (
 		<Fragment>
-			<Authorizer />
+			{view === VIEW_TYPES.LOGIN && (
+				<Fragment>
+					<h1 style={{ textAlign: 'center' }}>Login</h1>
+					<br />
+					<AuthorizerSocialLogin urlProps={urlProps} />
+					{config.is_basic_authentication_enabled &&
+						!config.is_magic_link_login_enabled && (
+							<AuthorizerBasicAuthLogin urlProps={urlProps} />
+						)}
+					{config.is_magic_link_login_enabled && (
+						<AuthorizerMagicLinkLogin urlProps={urlProps} />
+					)}
+					<Footer>
+						<Link
+							to="#"
+							onClick={() => setView(VIEW_TYPES.FORGOT_PASSWORD)}
+							style={{ marginBottom: 10 }}
+						>
+							Forgot Password?
+						</Link>
+					</Footer>
+				</Fragment>
+			)}
+			{view === VIEW_TYPES.FORGOT_PASSWORD && (
+				<Fragment>
+					<h1 style={{ textAlign: 'center' }}>Forgot Password</h1>
+					<AuthorizerForgotPassword urlProps={urlProps} />
+					<Footer>
+						<Link
+							to="#"
+							onClick={() => setView(VIEW_TYPES.LOGIN)}
+							style={{ marginBottom: 10 }}
+						>
+							Back
+						</Link>
+					</Footer>
+				</Fragment>
+			)}
+			{config.is_basic_authentication_enabled &&
+				!config.is_magic_link_login_enabled &&
+				config.is_sign_up_enabled && (
+					<FooterContent>
+						Don't have an account? <Link to="/app/signup"> Sign Up</Link>
+					</FooterContent>
+				)}
 		</Fragment>
 	);
 }

app/src/pages/signup.tsx

@@ -0,0 +1,28 @@
+import React, { Fragment } from 'react';
+import { AuthorizerSignup } from '@authorizerdev/authorizer-react';
+import styled from 'styled-components';
+import { Link } from 'react-router-dom';
+
+const FooterContent = styled.div`
+	display: flex;
+	justify-content: center;
+	align-items: center;
+	margin-top: 20px;
+`;
+
+export default function SignUp({
+	urlProps,
+}: {
+	urlProps: Record<string, any>;
+}) {
+	return (
+		<Fragment>
+			<h1 style={{ textAlign: 'center' }}>Sign Up</h1>
+			<br />
+			<AuthorizerSignup urlProps={urlProps} />
+			<FooterContent>
+				Already have an account? <Link to="/app"> Login</Link>
+			</FooterContent>
+		</Fragment>
+	);
+}

app/src/theme.ts

@@ -0,0 +1,28 @@
+// colors: https://tailwindcss.com/docs/customizing-colors
+
+export const theme = {
+  colors: {
+    primary: '#3B82F6',
+    primaryDisabled: '#60A5FA',
+    gray: '#D1D5DB',
+    danger: '#DC2626',
+    success: '#10B981',
+    textColor: '#374151',
+  },
+  fonts: {
+    // typography
+    fontStack: '-apple-system, system-ui, sans-serif',
+
+    // font sizes
+    largeText: '18px',
+    mediumText: '14px',
+    smallText: '12px',
+    tinyText: '10px',
+  },
+
+  radius: {
+    card: '5px',
+    button: '5px',
+    input: '5px',
+  },
+};

app/src/utils/common.ts

@@ -20,3 +20,5 @@ export const createQueryParams = (params: any) => {
 		.map((k) => encodeURIComponent(k) + '=' + encodeURIComponent(params[k]))
 		.join('&');
 };
+
+export const hasWindow = (): boolean => typeof window !== 'undefined';

dashboard/src/App.tsx

@@ -23,7 +23,6 @@ const theme = extendTheme({
 	styles: {
 		global: {
 			'html, body, #root': {
-				fontFamily: 'Avenir, Helvetica, Arial, sans-serif',
 				height: '100%',
 				outline: 'none',
 			},

dashboard/src/components/EnvComponents/DatabaseCredentials.tsx

@@ -1,33 +1,34 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
 
-import InputField from "../../components/InputField";
-import { TextInputType } from "../../constants";
+import InputField from '../../components/InputField';
+import { TextInputType } from '../../constants';
 
 const DatabaseCredentials = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold">
 				Database Credentials
 			</Text>
 			<Stack spacing={6} padding="3% 0">
 				<Text fontStyle="italic" fontSize="sm" color="blackAlpha.500" mt={3}>
 					Note: Database related environment variables cannot be updated from
-          dashboard :(
+					dashboard. Please use .env file or OS environment variables to update
+					it.
 				</Text>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">DataBase Name:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -38,17 +39,17 @@ const DatabaseCredentials = ({ variables, setVariables }: any) => {
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">DataBase Type:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -59,17 +60,17 @@ const DatabaseCredentials = ({ variables, setVariables }: any) => {
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">DataBase URL:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}

dashboard/src/components/EnvComponents/Features.tsx

@@ -3,7 +3,7 @@ import { Flex, Stack, Text } from '@chakra-ui/react';
 import InputField from '../InputField';
 import { SwitchInputType } from '../../constants';
 
-const UICustomization = ({ variables, setVariables }: any) => {
+const Features = ({ variables, setVariables }: any) => {
 	return (
 		<div>
 			{' '}
@@ -76,4 +76,4 @@ const UICustomization = ({ variables, setVariables }: any) => {
 	);
 };
 
-export default UICustomization;
+export default Features;

dashboard/src/components/EnvComponents/OAuthConfig.tsx

@@ -9,7 +9,13 @@ import {
 	Divider,
 	useMediaQuery,
 } from '@chakra-ui/react';
-import { FaGoogle, FaGithub, FaFacebookF } from 'react-icons/fa';
+import {
+	FaGoogle,
+	FaGithub,
+	FaFacebookF,
+	FaLinkedin,
+	FaApple,
+} from 'react-icons/fa';
 import { TextInputType, HiddenInputType } from '../../constants';
 
 const OAuthConfig = ({
@@ -23,7 +29,7 @@ const OAuthConfig = ({
 		<div>
 			<Box>
 				<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={6}>
-					Your instance information
+					Authorizer Config
 				</Text>
 				<Stack spacing={6} padding="2% 0%">
 					<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
@@ -182,6 +188,82 @@ const OAuthConfig = ({
 							/>
 						</Center>
 					</Flex>
+					<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+						<Center
+							w={isNotSmallerScreen ? '55px' : '35px'}
+							h="35px"
+							marginRight="1.5%"
+							border="1px solid #3b5998"
+							borderRadius="5px"
+						>
+							<FaLinkedin style={{ color: '#3b5998' }} />
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '70%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+							marginRight="1.5%"
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								inputType={TextInputType.LINKEDIN_CLIENT_ID}
+								placeholder="LinkedIn Client ID"
+							/>
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '70%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								fieldVisibility={fieldVisibility}
+								setFieldVisibility={setFieldVisibility}
+								inputType={HiddenInputType.LINKEDIN_CLIENT_SECRET}
+								placeholder="LinkedIn Client Secret"
+							/>
+						</Center>
+					</Flex>
+					<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+						<Center
+							w={isNotSmallerScreen ? '55px' : '35px'}
+							h="35px"
+							marginRight="1.5%"
+							border="1px solid #3b5998"
+							borderRadius="5px"
+						>
+							<FaApple style={{ color: '#3b5998' }} />
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '70%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+							marginRight="1.5%"
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								inputType={TextInputType.APPLE_CLIENT_ID}
+								placeholder="Apple Client ID"
+							/>
+						</Center>
+						<Center
+							w={isNotSmallerScreen ? '70%' : '100%'}
+							mt={isNotSmallerScreen ? '0' : '3'}
+						>
+							<InputField
+								borderRadius={5}
+								variables={envVariables}
+								setVariables={setVariables}
+								fieldVisibility={fieldVisibility}
+								setFieldVisibility={setFieldVisibility}
+								inputType={HiddenInputType.APPLE_CLIENT_SECRET}
+								placeholder="Apple CLient Secret"
+							/>
+						</Center>
+					</Flex>
 				</Stack>
 			</Box>
 		</div>

dashboard/src/components/EnvComponents/Roles.tsx

@@ -1,24 +1,25 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import { ArrayInputType } from "../../constants";
-import InputField from "../InputField";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import { ArrayInputType } from '../../constants';
+import InputField from '../InputField';
 
 const Roles = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
+
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Roles
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">Roles:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "2"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '2'}
 						overflow="hidden"
 					>
 						<InputField
@@ -29,13 +30,13 @@ const Roles = ({ variables, setVariables }: any) => {
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">Default Roles:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "2"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '2'}
 					>
 						<InputField
 							variables={variables}
@@ -44,13 +45,13 @@ const Roles = ({ variables, setVariables }: any) => {
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">Protected Roles:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "2"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '2'}
 					>
 						<InputField
 							variables={variables}

dashboard/src/components/EnvComponents/SessionStorage.tsx

@@ -1,25 +1,31 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../InputField";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../InputField';
 
 const SessionStorage = ({ variables, setVariables, RedisURL }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Session Storage
 			</Text>
+			<Text fontStyle="italic" fontSize="sm" color="blackAlpha.500" mt={3}>
+				Note: Redis related environment variables cannot be updated from
+				dashboard. Please use .env file or OS environment variables to update
+				it.
+			</Text>
 			<Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">Redis URL:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
+							disabled
 							borderRadius={5}
 							variables={variables}
 							setVariables={setVariables}

dashboard/src/components/InputField.tsx

@@ -13,6 +13,7 @@ import {
 	Textarea,
 	Switch,
 	Code,
+	Text,
 } from '@chakra-ui/react';
 import {
 	FaRegClone,
@@ -183,7 +184,7 @@ const InputField = ({
 				w="100%"
 				borderRadius={5}
 				paddingTop="0.5%"
-              overflowX={variables[inputType].length > 3 ? "scroll" : "hidden"}
+				overflowX={variables[inputType].length > 3 ? 'scroll' : 'hidden'}
 				overflowY="hidden"
 				justifyContent="start"
 				alignItems="center"
@@ -301,7 +302,9 @@ const InputField = ({
 	if (Object.values(SwitchInputType).includes(inputType)) {
 		return (
 			<Flex w="25%" justifyContent="space-between">
-				<Code h="75%">Off</Code>
+				<Text h="75%" fontWeight="bold" marginRight="2">
+					Off
+				</Text>
 				<Switch
 					size="md"
 					isChecked={variables[inputType]}
@@ -312,7 +315,9 @@ const InputField = ({
 						});
 					}}
 				/>
-				<Code h="75%">On</Code>
+				<Text h="75%" fontWeight="bold" marginLeft="2">
+					On
+				</Text>
 			</Flex>
 		);
 	}

dashboard/src/components/InviteMembersModal.tsx

@@ -22,7 +22,7 @@ import {
 	InputRightElement,
 	Text,
 	Link,
-	Tooltip
+	Tooltip,
 } from '@chakra-ui/react';
 import { useClient } from 'urql';
 import { FaUserPlus, FaMinusCircle, FaPlus, FaUpload } from 'react-icons/fa';
@@ -195,14 +195,14 @@ const InviteMembersModal = ({
 							hasArrow
 							bg="gray.300"
 							color="black"
-                        label="Email verification is disabled, refer to 'UI Customization' tab within 'Environment' to enable it."
+							label="Email verification is disabled, refer to 'Features' tab within 'Environment' to enable it."
 						>
 							Invite Members
 						</Tooltip>
 					) : (
-                    "Invite Members"
+						'Invite Members'
 					)}
-                  </Center>{" "}
+				</Center>{' '}
 			</Button>
 			<Modal isOpen={isOpen} onClose={closeModalHandler} size="xl">
 				<ModalOverlay />

dashboard/src/components/Menu.tsx

@@ -98,9 +98,9 @@ const LinkItems: Array<LinkItemProps> = [
 			},
 			{ name: 'Access Token', icon: SiOpenaccess, route: '/access-token' },
 			{
-				name: 'UI Customization',
+				name: 'Features',
 				icon: BiCustomize,
-				route: '/ui-customization',
+				route: '/features',
 			},
 			{ name: 'Database', icon: RiDatabase2Line, route: '/db-cred' },
 			{
@@ -119,7 +119,7 @@ interface SidebarProps extends BoxProps {
 
 export const Sidebar = ({ onClose, ...rest }: SidebarProps) => {
 	const { pathname } = useLocation();
-	const [{ fetching, data }] = useQuery({ query: MetaQuery });
+	const [{ data }] = useQuery({ query: MetaQuery });
 	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<Box
@@ -127,7 +127,7 @@ export const Sidebar = ({ onClose, ...rest }: SidebarProps) => {
 			bg={useColorModeValue('white', 'gray.900')}
 			borderRight="1px"
 			borderRightColor={useColorModeValue('gray.200', 'gray.700')}
-			w={{ base: 'full', md: 60 }}
+			w={{ base: 'full', md: '64' }}
 			pos="fixed"
 			h="full"
 			{...rest}
@@ -137,7 +137,7 @@ export const Sidebar = ({ onClose, ...rest }: SidebarProps) => {
 				alignItems="center"
 				mx="18"
 				justifyContent="space-between"
-				flexDirection="column"
+				flexDirection="row"
 			>
 				<NavLink to="/">
 					<Flex alignItems="center" mt="6">
@@ -298,7 +298,7 @@ export const MobileNav = ({ onOpen, ...rest }: MobileProps) => {
 
 	return (
 		<Flex
-			ml={{ base: 0, md: 60 }}
+			ml={{ base: 0, md: 64 }}
 			px={{ base: 4, md: 4 }}
 			height="20"
 			position="fixed"

dashboard/src/constants.ts

@@ -7,6 +7,8 @@ export const TextInputType = {
 	GOOGLE_CLIENT_ID: 'GOOGLE_CLIENT_ID',
 	GITHUB_CLIENT_ID: 'GITHUB_CLIENT_ID',
 	FACEBOOK_CLIENT_ID: 'FACEBOOK_CLIENT_ID',
+	LINKEDIN_CLIENT_ID: 'LINKEDIN_CLIENT_ID',
+	APPLE_CLIENT_ID: 'APPLE_CLIENT_ID',
 	JWT_ROLE_CLAIM: 'JWT_ROLE_CLAIM',
 	REDIS_URL: 'REDIS_URL',
 	SMTP_HOST: 'SMTP_HOST',
@@ -31,6 +33,8 @@ export const HiddenInputType = {
 	GOOGLE_CLIENT_SECRET: 'GOOGLE_CLIENT_SECRET',
 	GITHUB_CLIENT_SECRET: 'GITHUB_CLIENT_SECRET',
 	FACEBOOK_CLIENT_SECRET: 'FACEBOOK_CLIENT_SECRET',
+	LINKEDIN_CLIENT_SECRET: 'LINKEDIN_CLIENT_SECRET',
+	APPLE_CLIENT_SECRET: 'APPLE_CLIENT_SECRET',
 	JWT_SECRET: 'JWT_SECRET',
 	SMTP_PASSWORD: 'SMTP_PASSWORD',
 	ADMIN_SECRET: 'ADMIN_SECRET',
@@ -62,6 +66,7 @@ export const SwitchInputType = {
 	DISABLE_EMAIL_VERIFICATION: 'DISABLE_EMAIL_VERIFICATION',
 	DISABLE_BASIC_AUTHENTICATION: 'DISABLE_BASIC_AUTHENTICATION',
 	DISABLE_SIGN_UP: 'DISABLE_SIGN_UP',
+	DISABLE_REDIS_FOR_ENV: 'DISABLE_REDIS_FOR_ENV',
 };
 
 export const DateInputType = {
@@ -98,6 +103,10 @@ export interface envVarTypes {
 	GITHUB_CLIENT_SECRET: string;
 	FACEBOOK_CLIENT_ID: string;
 	FACEBOOK_CLIENT_SECRET: string;
+	LINKEDIN_CLIENT_ID: string;
+	LINKEDIN_CLIENT_SECRET: string;
+	APPLE_CLIENT_ID: string;
+	APPLE_CLIENT_SECRET: string;
 	ROLES: [string] | [];
 	DEFAULT_ROLES: [string] | [];
 	PROTECTED_ROLES: [string] | [];
@@ -138,7 +147,7 @@ export const envSubViews = {
 	WHITELIST_VARIABLES: 'whitelist-variables',
 	ORGANIZATION_INFO: 'organization-info',
 	ACCESS_TOKEN: 'access-token',
-	UI_CUSTOMIZATION: 'ui-customization',
+	FEATURES: 'features',
 	ADMIN_SECRET: 'admin-secret',
 	DB_CRED: 'db-cred',
 };

dashboard/src/graphql/queries/index.ts

@@ -26,9 +26,13 @@ export const EnvVariablesQuery = `
       GITHUB_CLIENT_SECRET,
       FACEBOOK_CLIENT_ID,
       FACEBOOK_CLIENT_SECRET,
-      ROLES,
+      LINKEDIN_CLIENT_ID,
+      LINKEDIN_CLIENT_SECRET,
+      APPLE_CLIENT_ID,
+      APPLE_CLIENT_SECRET,
       DEFAULT_ROLES,
       PROTECTED_ROLES,
+      ROLES,
       JWT_TYPE,
       JWT_SECRET,
       JWT_ROLE_CLAIM,
@@ -49,6 +53,7 @@ export const EnvVariablesQuery = `
       DISABLE_EMAIL_VERIFICATION,
       DISABLE_BASIC_AUTHENTICATION,
       DISABLE_SIGN_UP,
+      DISABLE_REDIS_FOR_ENV,
       CUSTOM_ACCESS_TOKEN_SCRIPT,
       DATABASE_NAME,
       DATABASE_TYPE,

dashboard/src/layouts/AuthLayout.tsx

@@ -20,6 +20,7 @@ export function AuthLayout({ children }: { children: React.ReactNode }) {
 			alignItems="center"
 			justifyContent="center"
 			direction={['column', 'column']}
+			padding={['2%', '2%', '2%', '2%']}
 		>
 			<Flex alignItems="center" maxW="100%">
 				<Image

dashboard/src/layouts/DashboardLayout.tsx

@@ -31,7 +31,7 @@ export function DashboardLayout({ children }: { children: ReactNode }) {
 			</Drawer>
 			{/* mobilenav */}
 			<MobileNav onOpen={onOpen} />
-			<Box ml={{ base: 0, md: 60 }} p="4" pt="24">
+			<Box ml={{ base: 0, md: '64' }} p="4" pt="24">
 				{children}
 			</Box>
 		</Box>

dashboard/src/pages/Auth.tsx

@@ -101,10 +101,10 @@ export default function Auth() {
 					</FormControl>
 					<Button
 						isLoading={signUpResult.fetching || loginResult.fetching}
+						loadingText="Submitting"
 						colorScheme="blue"
 						size="lg"
 						w="100%"
-						d="block"
 						type="submit"
 					>
 						{isLogin ? 'Login' : 'Sign up'}

dashboard/src/pages/Environment.tsx

@@ -25,7 +25,7 @@ import EmailConfigurations from '../components/EnvComponents/EmailConfiguration'
 import DomainWhiteListing from '../components/EnvComponents/DomainWhitelisting';
 import OrganizationInfo from '../components/EnvComponents/OrganizationInfo';
 import AccessToken from '../components/EnvComponents/AccessToken';
-import UICustomization from '../components/EnvComponents/UICustomization';
+import Features from '../components/EnvComponents/Features';
 import SecurityAdminSecret from '../components/EnvComponents/SecurityAdminSecret';
 import DatabaseCredentials from '../components/EnvComponents/DatabaseCredentials';
 
@@ -46,6 +46,10 @@ const Environment = () => {
 		GITHUB_CLIENT_SECRET: '',
 		FACEBOOK_CLIENT_ID: '',
 		FACEBOOK_CLIENT_SECRET: '',
+		LINKEDIN_CLIENT_ID: '',
+		LINKEDIN_CLIENT_SECRET: '',
+		APPLE_CLIENT_ID: '',
+		APPLE_CLIENT_SECRET: '',
 		ROLES: [],
 		DEFAULT_ROLES: [],
 		PROTECTED_ROLES: [],
@@ -83,6 +87,8 @@ const Environment = () => {
 		GOOGLE_CLIENT_SECRET: false,
 		GITHUB_CLIENT_SECRET: false,
 		FACEBOOK_CLIENT_SECRET: false,
+		LINKEDIN_CLIENT_SECRET: false,
+		APPLE_CLIENT_SECRET: false,
 		JWT_SECRET: false,
 		SMTP_PASSWORD: false,
 		ADMIN_SECRET: false,
@@ -259,12 +265,9 @@ const Environment = () => {
 						setVariables={setEnvVariables}
 					/>
 				);
-			case envSubViews.UI_CUSTOMIZATION:
+			case envSubViews.FEATURES:
 				return (
-					<UICustomization
-						variables={envVariables}
-						setVariables={setEnvVariables}
-					/>
+					<Features variables={envVariables} setVariables={setEnvVariables} />
 				);
 			case envSubViews.ADMIN_SECRET:
 				return (

package-lock.json

@@ -0,0 +1,6 @@
+{
+  "name": "authorizer",
+  "lockfileVersion": 2,
+  "requires": true,
+  "packages": {}
+}

server/cli/cli.go

@@ -0,0 +1,14 @@
+package cli
+
+var (
+	// ARG_DB_URL is the cli arg variable for the database url
+	ARG_DB_URL *string
+	// ARG_DB_TYPE is the cli arg variable for the database type
+	ARG_DB_TYPE *string
+	// ARG_ENV_FILE is the cli arg variable for the env file
+	ARG_ENV_FILE *string
+	// ARG_LOG_LEVEL is the cli arg variable for the log level
+	ARG_LOG_LEVEL *string
+	// ARG_REDIS_URL is the cli arg variable for the redis url
+	ARG_REDIS_URL *string
+)

server/constants/cookie.go

@@ -0,0 +1,8 @@
+package constants
+
+const (
+	// AppCookieName is the name of the cookie that is used to store the application token
+	AppCookieName = "cookie"
+	// AdminCookieName is the name of the cookie that is used to store the admin token
+	AdminCookieName = "authorizer-admin"
+)

server/constants/db_types.go

@@ -19,4 +19,8 @@ const (
 	DbTypeMariaDB = "mariadb"
 	// DbTypeCassandra is the cassandra database type
 	DbTypeCassandraDB = "cassandradb"
+	// DbTypeScyllaDB is the scylla database type
+	DbTypeScyllaDB = "scylladb"
+	// DbTypeCockroachDB is the cockroach database type
+	DbTypeCockroachDB = "cockroachdb"
 )

server/constants/env.go

@@ -3,14 +3,8 @@ package constants
 var VERSION = "0.0.1"
 
 const (
-	// Envstore identifier
-	// StringStore string store identifier
-	StringStoreIdentifier = "stringStore"
-	// BoolStore bool store identifier
-	BoolStoreIdentifier = "boolStore"
-	// SliceStore slice store identifier
-	SliceStoreIdentifier = "sliceStore"
-
+	// TestEnv is used for testing
+	TestEnv = "test"
 	// EnvKeyEnv key for env variable ENV
 	EnvKeyEnv = "ENV"
 	// EnvKeyEnvPath key for cli arg variable ENV_PATH
@@ -19,7 +13,6 @@ const (
 	EnvKeyAuthorizerURL = "AUTHORIZER_URL"
 	// EnvKeyPort key for env variable PORT
 	EnvKeyPort = "PORT"
-
 	// EnvKeyAccessTokenExpiryTime key for env variable ACCESS_TOKEN_EXPIRY_TIME
 	EnvKeyAccessTokenExpiryTime = "ACCESS_TOKEN_EXPIRY_TIME"
 	// EnvKeyAdminSecret key for env variable ADMIN_SECRET
@@ -62,34 +55,12 @@ const (
 	EnvKeyJwtPrivateKey = "JWT_PRIVATE_KEY"
 	// EnvKeyJwtPublicKey key for env variable JWT_PUBLIC_KEY
 	EnvKeyJwtPublicKey = "JWT_PUBLIC_KEY"
-	// EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS
-	EnvKeyAllowedOrigins = "ALLOWED_ORIGINS"
 	// EnvKeyAppURL key for env variable APP_URL
 	EnvKeyAppURL = "APP_URL"
 	// EnvKeyRedisURL key for env variable REDIS_URL
 	EnvKeyRedisURL = "REDIS_URL"
-	// EnvKeyCookieName key for env variable COOKIE_NAME
-	EnvKeyCookieName = "COOKIE_NAME"
-	// EnvKeyAdminCookieName key for env variable ADMIN_COOKIE_NAME
-	EnvKeyAdminCookieName = "ADMIN_COOKIE_NAME"
 	// EnvKeyResetPasswordURL key for env variable RESET_PASSWORD_URL
 	EnvKeyResetPasswordURL = "RESET_PASSWORD_URL"
-	// EnvKeyDisableEmailVerification key for env variable DISABLE_EMAIL_VERIFICATION
-	EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION"
-	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH
-	EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION"
-	// EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN
-	EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN"
-	// EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE
-	EnvKeyDisableLoginPage = "DISABLE_LOGIN_PAGE"
-	// EnvKeyDisableSignUp key for env variable DISABLE_SIGN_UP
-	EnvKeyDisableSignUp = "DISABLE_SIGN_UP"
-	// EnvKeyRoles key for env variable ROLES
-	EnvKeyRoles = "ROLES"
-	// EnvKeyProtectedRoles key for env variable PROTECTED_ROLES
-	EnvKeyProtectedRoles = "PROTECTED_ROLES"
-	// EnvKeyDefaultRoles key for env variable DEFAULT_ROLES
-	EnvKeyDefaultRoles = "DEFAULT_ROLES"
 	// EnvKeyJwtRoleClaim key for env variable JWT_ROLE_CLAIM
 	EnvKeyJwtRoleClaim = "JWT_ROLE_CLAIM"
 	// EnvKeyGoogleClientID key for env variable GOOGLE_CLIENT_ID
@@ -104,6 +75,14 @@ const (
 	EnvKeyFacebookClientID = "FACEBOOK_CLIENT_ID"
 	// EnvKeyFacebookClientSecret key for env variable FACEBOOK_CLIENT_SECRET
 	EnvKeyFacebookClientSecret = "FACEBOOK_CLIENT_SECRET"
+	// EnvKeyLinkedinClientID key for env variable LINKEDIN_CLIENT_ID
+	EnvKeyLinkedInClientID = "LINKEDIN_CLIENT_ID"
+	// EnvKeyLinkedinClientSecret key for env variable LINKEDIN_CLIENT_SECRET
+	EnvKeyLinkedInClientSecret = "LINKEDIN_CLIENT_SECRET"
+	// EnvKeyAppleClientID key for env variable APPLE_CLIENT_ID
+	EnvKeyAppleClientID = "APPLE_CLIENT_ID"
+	// EnvKeyAppleClientSecret key for env variable APPLE_CLIENT_SECRET
+	EnvKeyAppleClientSecret = "APPLE_CLIENT_SECRET"
 	// EnvKeyOrganizationName key for env variable ORGANIZATION_NAME
 	EnvKeyOrganizationName = "ORGANIZATION_NAME"
 	// EnvKeyOrganizationLogo key for env variable ORGANIZATION_LOGO
@@ -120,6 +99,30 @@ const (
 	EnvKeyEncryptionKey = "ENCRYPTION_KEY"
 	// EnvKeyJWK key for env variable JWK
 	EnvKeyJWK = "JWK"
+
+	// Boolean variables
 	// EnvKeyIsProd key for env variable IS_PROD
 	EnvKeyIsProd = "IS_PROD"
+	// EnvKeyDisableEmailVerification key for env variable DISABLE_EMAIL_VERIFICATION
+	EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION"
+	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH
+	EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION"
+	// EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN
+	EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN"
+	// EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE
+	EnvKeyDisableLoginPage = "DISABLE_LOGIN_PAGE"
+	// EnvKeyDisableSignUp key for env variable DISABLE_SIGN_UP
+	EnvKeyDisableSignUp = "DISABLE_SIGN_UP"
+	// EnvKeyDisableRedisForEnv key for env variable DISABLE_REDIS_FOR_ENV
+	EnvKeyDisableRedisForEnv = "DISABLE_REDIS_FOR_ENV"
+
+	// Slice variables
+	// EnvKeyRoles key for env variable ROLES
+	EnvKeyRoles = "ROLES"
+	// EnvKeyProtectedRoles key for env variable PROTECTED_ROLES
+	EnvKeyProtectedRoles = "PROTECTED_ROLES"
+	// EnvKeyDefaultRoles key for env variable DEFAULT_ROLES
+	EnvKeyDefaultRoles = "DEFAULT_ROLES"
+	// EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS
+	EnvKeyAllowedOrigins = "ALLOWED_ORIGINS"
 )

server/constants/oauth_info_urls.go

@@ -8,4 +8,7 @@ const (
 	FacebookUserInfoURL = "https://graph.facebook.com/me?fields=id,first_name,last_name,name,email,picture&access_token="
 	// Ref: https://docs.github.com/en/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps#3-your-github-app-accesses-the-api-with-the-users-access-token
 	GithubUserInfoURL = "https://api.github.com/user"
+	// Ref: https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
+	LinkedInUserInfoURL = "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName,emailAddress,profilePicture(displayImage~:playableStreams))"
+	LinkedInEmailURL    = "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))"
 )

server/constants/signup_methods.go

@@ -11,4 +11,8 @@ const (
 	SignupMethodGithub = "github"
 	// SignupMethodFacebook is the facebook signup method
 	SignupMethodFacebook = "facebook"
+	// SignupMethodLinkedin is the linkedin signup method
+	SignupMethodLinkedIn = "linkedin"
+	// SignupMethodApple is the apple signup method
+	SignupMethodApple = "apple"
 )

server/constants/token_types.go

@@ -7,4 +7,6 @@ const (
 	TokenTypeAccessToken = "access_token"
 	// TokenTypeIdentityToken is the identity_token token type
 	TokenTypeIdentityToken = "id_token"
+	// TokenTypeSessionToken is the session_token type used for browser session
+	TokenTypeSessionToken = "session_token"
 )

server/cookie/admin_cookie.go

@@ -4,8 +4,7 @@ import (
 	"net/url"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/gin-gonic/gin"
 )
 
@@ -13,15 +12,14 @@ import (
 func SetAdminCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
-	hostname := utils.GetHost(gc)
-	host, _ := utils.GetHostParts(hostname)
-
-	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), token, 3600, "/", host, secure, httpOnly)
+	hostname := parsers.GetHost(gc)
+	host, _ := parsers.GetHostParts(hostname)
+	gc.SetCookie(constants.AdminCookieName, token, 3600, "/", host, secure, httpOnly)
 }
 
 // GetAdminCookie gets the admin cookie from the request
 func GetAdminCookie(gc *gin.Context) (string, error) {
-	cookie, err := gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName))
+	cookie, err := gc.Request.Cookie(constants.AdminCookieName)
 	if err != nil {
 		return "", err
 	}
@@ -39,8 +37,7 @@ func GetAdminCookie(gc *gin.Context) (string, error) {
 func DeleteAdminCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true
-	hostname := utils.GetHost(gc)
-	host, _ := utils.GetHostParts(hostname)
-
-	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), "", -1, "/", host, secure, httpOnly)
+	hostname := parsers.GetHost(gc)
+	host, _ := parsers.GetHostParts(hostname)
+	gc.SetCookie(constants.AdminCookieName, "", -1, "/", host, secure, httpOnly)
 }

server/cookie/cookie.go

@@ -5,8 +5,7 @@ import (
 	"net/url"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/gin-gonic/gin"
 )
 
@@ -14,9 +13,9 @@ import (
 func SetSession(gc *gin.Context, sessionID string) {
 	secure := true
 	httpOnly := true
-	hostname := utils.GetHost(gc)
-	host, _ := utils.GetHostParts(hostname)
-	domain := utils.GetDomainName(hostname)
+	hostname := parsers.GetHost(gc)
+	host, _ := parsers.GetHostParts(hostname)
+	domain := parsers.GetDomainName(hostname)
 	if domain != "localhost" {
 		domain = "." + domain
 	}
@@ -25,33 +24,33 @@ func SetSession(gc *gin.Context, sessionID string) {
 	year := 60 * 60 * 24 * 365
 
 	gc.SetSameSite(http.SameSiteNoneMode)
-	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", sessionID, year, "/", host, secure, httpOnly)
-	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)
+	gc.SetCookie(constants.AppCookieName+"_session", sessionID, year, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.AppCookieName+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)
 }
 
 // DeleteSession sets session cookies to expire
 func DeleteSession(gc *gin.Context) {
 	secure := true
 	httpOnly := true
-	hostname := utils.GetHost(gc)
-	host, _ := utils.GetHostParts(hostname)
-	domain := utils.GetDomainName(hostname)
+	hostname := parsers.GetHost(gc)
+	host, _ := parsers.GetHostParts(hostname)
+	domain := parsers.GetDomainName(hostname)
 	if domain != "localhost" {
 		domain = "." + domain
 	}
 
 	gc.SetSameSite(http.SameSiteNoneMode)
-	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", "", -1, "/", host, secure, httpOnly)
-	gc.SetCookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session_domain", "", -1, "/", domain, secure, httpOnly)
+	gc.SetCookie(constants.AppCookieName+"_session", "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.AppCookieName+"_session_domain", "", -1, "/", domain, secure, httpOnly)
 }
 
 // GetSession gets the session cookie from context
 func GetSession(gc *gin.Context) (string, error) {
 	var cookie *http.Cookie
 	var err error
-	cookie, err = gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName) + "_session")
+	cookie, err = gc.Request.Cookie(constants.AppCookieName + "_session")
 	if err != nil {
-		cookie, err = gc.Request.Cookie(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName) + "_session_domain")
+		cookie, err = gc.Request.Cookie(constants.AppCookieName + "_session_domain")
 		if err != nil {
 			return "", err
 		}

server/crypto/aes.go

@@ -7,14 +7,18 @@ import (
 	"io"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 var bytes = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 0o5}
 
 // EncryptAES method is to encrypt or hide any classified text
 func EncryptAES(text string) (string, error) {
-	key := []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey))
+	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
+	if err != nil {
+		return "", err
+	}
+	key := []byte(k)
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return "", err
@@ -28,7 +32,11 @@ func EncryptAES(text string) (string, error) {
 
 // DecryptAES method is to extract back the encrypted text
 func DecryptAES(text string) (string, error) {
-	key := []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey))
+	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
+	if err != nil {
+		return "", err
+	}
+	key := []byte(k)
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return "", err
@@ -46,9 +54,13 @@ func DecryptAES(text string) (string, error) {
 // EncryptAESEnv encrypts data using AES algorithm
 // kept for the backward compatibility of env data encryption
 func EncryptAESEnv(text []byte) ([]byte, error) {
-	key := []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey))
-	c, err := aes.NewCipher(key)
 	var res []byte
+	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
+	if err != nil {
+		return res, err
+	}
+	key := []byte(k)
+	c, err := aes.NewCipher(key)
 	if err != nil {
 		return res, err
 	}
@@ -81,9 +93,13 @@ func EncryptAESEnv(text []byte) ([]byte, error) {
 // DecryptAES decrypts data using AES algorithm
 // Kept for the backward compatibility of env data decryption
 func DecryptAESEnv(ciphertext []byte) ([]byte, error) {
-	key := []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey))
-	c, err := aes.NewCipher(key)
 	var res []byte
+	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
+	if err != nil {
+		return res, err
+	}
+	key := []byte(k)
+	c, err := aes.NewCipher(key)
 	if err != nil {
 		return res, err
 	}

server/crypto/common.go

@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"golang.org/x/crypto/bcrypt"
 	"gopkg.in/square/go-jose.v2"
 )
@@ -37,20 +37,35 @@ func GetPubJWK(algo, keyID string, publicKey interface{}) (string, error) {
 // this is called while initializing app / when env is updated
 func GenerateJWKBasedOnEnv() (string, error) {
 	jwk := ""
-	algo := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
-	clientID := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	algo, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
+	if err != nil {
+		return jwk, err
+	}
+	clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	if err != nil {
+		return jwk, err
+	}
+
+	jwtSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)
+	if err != nil {
+		return jwk, err
+	}
 
-	var err error
 	// check if jwt secret is provided
 	if IsHMACA(algo) {
-		jwk, err = GetPubJWK(algo, clientID, []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
+		jwk, err = GetPubJWK(algo, clientID, []byte(jwtSecret))
 		if err != nil {
 			return "", err
 		}
 	}
 
+	jwtPublicKey, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)
+	if err != nil {
+		return jwk, err
+	}
+
 	if IsRSA(algo) {
-		publicKeyInstance, err := ParseRsaPublicKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
+		publicKeyInstance, err := ParseRsaPublicKeyFromPemStr(jwtPublicKey)
 		if err != nil {
 			return "", err
 		}
@@ -62,7 +77,11 @@ func GenerateJWKBasedOnEnv() (string, error) {
 	}
 
 	if IsECDSA(algo) {
-		publicKeyInstance, err := ParseEcdsaPublicKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
+		jwtPublicKey, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)
+		if err != nil {
+			return jwk, err
+		}
+		publicKeyInstance, err := ParseEcdsaPublicKeyFromPemStr(jwtPublicKey)
 		if err != nil {
 			return "", err
 		}
@@ -77,13 +96,16 @@ func GenerateJWKBasedOnEnv() (string, error) {
 }
 
 // EncryptEnvData is used to encrypt the env data
-func EncryptEnvData(data envstore.Store) (string, error) {
+func EncryptEnvData(data map[string]interface{}) (string, error) {
 	jsonBytes, err := json.Marshal(data)
 	if err != nil {
 		return "", err
 	}
 
-	storeData := envstore.EnvStoreObj.GetEnvStoreClone()
+	storeData, err := memorystore.Provider.GetEnvStore()
+	if err != nil {
+		return "", err
+	}
 
 	err = json.Unmarshal(jsonBytes, &storeData)
 	if err != nil {

server/db/db.go

@@ -9,7 +9,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/providers/cassandradb"
 	"github.com/authorizerdev/authorizer/server/db/providers/mongodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/sql"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // Provider returns the current database provider
@@ -18,13 +18,15 @@ var Provider providers.Provider
 func InitDB() error {
 	var err error
 
-	isSQL := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) != constants.DbTypeArangodb && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) != constants.DbTypeMongodb && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) != constants.DbTypeCassandraDB
-	isArangoDB := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) == constants.DbTypeArangodb
-	isMongoDB := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) == constants.DbTypeMongodb
-	isCassandra := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) == constants.DbTypeCassandraDB
+	envs := memorystore.RequiredEnvStoreObj.GetRequiredEnv()
+
+	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB
+	isArangoDB := envs.DatabaseType == constants.DbTypeArangodb
+	isMongoDB := envs.DatabaseType == constants.DbTypeMongodb
+	isCassandra := envs.DatabaseType == constants.DbTypeCassandraDB || envs.DatabaseType == constants.DbTypeScyllaDB
 
 	if isSQL {
-		log.Info("Initializing SQL Driver for: ", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType))
+		log.Info("Initializing SQL Driver for: ", envs.DatabaseType)
 		Provider, err = sql.NewProvider()
 		if err != nil {
 			log.Fatal("Failed to initialize SQL driver: ", err)

server/db/models/user.go

@@ -38,7 +38,6 @@ func (user *User) AsAPIUser() *model.User {
 	email := user.Email
 	createdAt := user.CreatedAt
 	updatedAt := user.UpdatedAt
-	revokedTimestamp := user.RevokedTimestamp
 	return &model.User{
 		ID:                  user.ID,
 		Email:               user.Email,
@@ -55,7 +54,7 @@ func (user *User) AsAPIUser() *model.User {
 		PhoneNumberVerified: &isPhoneVerified,
 		Picture:             user.Picture,
 		Roles:               strings.Split(user.Roles, ","),
-		RevokedTimestamp:    revokedTimestamp,
+		RevokedTimestamp:    user.RevokedTimestamp,
 		CreatedAt:           &createdAt,
 		UpdatedAt:           &updatedAt,
 	}

server/db/providers/arangodb/provider.go

@@ -6,9 +6,8 @@ import (
 	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/arangodb/go-driver/http"
-	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 type provider struct {
@@ -22,8 +21,9 @@ type provider struct {
 // NewProvider to initialize arangodb connection
 func NewProvider() (*provider, error) {
 	ctx := context.Background()
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
 	conn, err := http.NewConnection(http.ConnectionConfig{
-		Endpoints: []string{envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)},
+		Endpoints: []string{dbURL},
 	})
 	if err != nil {
 		return nil, err
@@ -37,16 +37,16 @@ func NewProvider() (*provider, error) {
 	}
 
 	var arangodb driver.Database
-
-	arangodb_exists, err := arangoClient.DatabaseExists(nil, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName))
+	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
+	arangodb_exists, err := arangoClient.DatabaseExists(nil, dbName)
 
 	if arangodb_exists {
-		arangodb, err = arangoClient.Database(nil, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName))
+		arangodb, err = arangoClient.Database(nil, dbName)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		arangodb, err = arangoClient.CreateDatabase(nil, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName), nil)
+		arangodb, err = arangoClient.CreateDatabase(nil, dbName, nil)
 		if err != nil {
 			return nil, err
 		}

server/db/providers/arangodb/user.go

@@ -3,15 +3,14 @@ package arangodb
 import (
 	"context"
 	"fmt"
-	"strings"
 	"time"
 
 	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/google/uuid"
 )
 
@@ -22,7 +21,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		user.Roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/db/providers/cassandradb/provider.go

@@ -9,7 +9,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/gocql/gocql"
 	cansandraDriver "github.com/gocql/gocql"
 )
@@ -23,15 +23,21 @@ var KeySpace string
 
 // NewProvider to initialize arangodb connection
 func NewProvider() (*provider, error) {
-	dbURL := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
 	if dbURL == "" {
-		dbURL = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseHost)
-		if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabasePort) != "" {
-			dbURL = fmt.Sprintf("%s:%s", dbURL, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabasePort))
+		dbHost := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseHost
+		dbPort := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePort
+		if dbPort != "" && dbHost != "" {
+			dbURL = fmt.Sprintf("%s:%s", dbHost, dbPort)
+		} else if dbHost != "" {
+			dbURL = dbHost
 		}
 	}
 
-	KeySpace = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName)
+	KeySpace = memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
+	if KeySpace == "" {
+		KeySpace = constants.EnvKeyDatabaseName
+	}
 	clusterURL := []string{}
 	if strings.Contains(dbURL, ",") {
 		clusterURL = strings.Split(dbURL, ",")
@@ -39,25 +45,31 @@ func NewProvider() (*provider, error) {
 		clusterURL = append(clusterURL, dbURL)
 	}
 	cassandraClient := cansandraDriver.NewCluster(clusterURL...)
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseUsername) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabasePassword) != "" {
+	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+
+	if dbUsername != "" && dbPassword != "" {
 		cassandraClient.Authenticator = &cansandraDriver.PasswordAuthenticator{
-			Username: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseUsername),
-			Password: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabasePassword),
+			Username: dbUsername,
+			Password: dbPassword,
 		}
 	}
 
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCert) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCACert) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCertKey) != "" {
-		certString, err := crypto.DecryptB64(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCert))
+	dbCert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCert
+	dbCACert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert
+	dbCertKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCertKey
+	if dbCert != "" && dbCACert != "" && dbCertKey != "" {
+		certString, err := crypto.DecryptB64(dbCert)
 		if err != nil {
 			return nil, err
 		}
 
-		keyString, err := crypto.DecryptB64(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCertKey))
+		keyString, err := crypto.DecryptB64(dbCertKey)
 		if err != nil {
 			return nil, err
 		}
 
-		caString, err := crypto.DecryptB64(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCACert))
+		caString, err := crypto.DecryptB64(dbCACert)
 		if err != nil {
 			return nil, err
 		}

server/db/providers/cassandradb/user.go

@@ -9,8 +9,8 @@ import (
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/gocql/gocql"
 	"github.com/google/uuid"
 )
@@ -22,7 +22,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		user.Roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/db/providers/mongodb/provider.go

@@ -4,9 +4,8 @@ import (
 	"context"
 	"time"
 
-	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
@@ -19,7 +18,8 @@ type provider struct {
 
 // NewProvider to initialize mongodb connection
 func NewProvider() (*provider, error) {
-	mongodbOptions := options.Client().ApplyURI(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL))
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	mongodbOptions := options.Client().ApplyURI(dbURL)
 	maxWait := time.Duration(5 * time.Second)
 	mongodbOptions.ConnectTimeout = &maxWait
 	mongoClient, err := mongo.NewClient(mongodbOptions)
@@ -37,18 +37,19 @@ func NewProvider() (*provider, error) {
 		return nil, err
 	}
 
-	mongodb := mongoClient.Database(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName), options.Database())
+	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
+	mongodb := mongoClient.Database(dbName, options.Database())
 
 	mongodb.CreateCollection(ctx, models.Collections.User, options.CreateCollection())
 	userCollection := mongodb.Collection(models.Collections.User, options.Collection())
 	userCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
-		mongo.IndexModel{
+		{
 			Keys:    bson.M{"email": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true),
 		},
 	}, options.CreateIndexes())
 	userCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
-		mongo.IndexModel{
+		{
 			Keys: bson.M{"phone_number": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true).SetPartialFilterExpression(map[string]interface{}{
 				"phone_number": map[string]string{"$type": "string"},
@@ -59,13 +60,13 @@ func NewProvider() (*provider, error) {
 	mongodb.CreateCollection(ctx, models.Collections.VerificationRequest, options.CreateCollection())
 	verificationRequestCollection := mongodb.Collection(models.Collections.VerificationRequest, options.Collection())
 	verificationRequestCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
-		mongo.IndexModel{
+		{
 			Keys:    bson.M{"email": 1, "identifier": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true),
 		},
 	}, options.CreateIndexes())
 	verificationRequestCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
-		mongo.IndexModel{
+		{
 			Keys:    bson.M{"token": 1},
 			Options: options.Index().SetSparse(true),
 		},
@@ -74,7 +75,7 @@ func NewProvider() (*provider, error) {
 	mongodb.CreateCollection(ctx, models.Collections.Session, options.CreateCollection())
 	sessionCollection := mongodb.Collection(models.Collections.Session, options.Collection())
 	sessionCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
-		mongo.IndexModel{
+		{
 			Keys:    bson.M{"user_id": 1},
 			Options: options.Index().SetSparse(true),
 		},

server/db/providers/mongodb/user.go

@@ -1,13 +1,12 @@
 package mongodb
 
 import (
-	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/google/uuid"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/mongo/options"
@@ -20,7 +19,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		user.Roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
 	}
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()
@@ -65,7 +68,6 @@ func (p *provider) ListUsers(pagination model.Pagination) (*model.Users, error)
 	opts.SetSort(bson.M{"created_at": -1})
 
 	paginationClone := pagination
-	// TODO add pagination total
 
 	userCollection := p.db.Collection(models.Collections.User, options.Collection())
 	count, err := userCollection.CountDocuments(nil, bson.M{}, options.Count())

server/db/providers/provider_template/user.go

@@ -1,13 +1,12 @@
 package provider_template
 
 import (
-	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/google/uuid"
 )
 
@@ -18,7 +17,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		user.Roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/db/providers/sql/provider.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/postgres"
 	"gorm.io/driver/sqlite"
@@ -41,15 +41,19 @@ func NewProvider() (*provider, error) {
 			TablePrefix: models.Prefix,
 		},
 	}
-	switch envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) {
-	case constants.DbTypePostgres, constants.DbTypeYugabyte:
-		sqlDB, err = gorm.Open(postgres.Open(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)), ormConfig)
+
+	dbType := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseType
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+
+	switch dbType {
+	case constants.DbTypePostgres, constants.DbTypeYugabyte, constants.DbTypeCockroachDB:
+		sqlDB, err = gorm.Open(postgres.Open(dbURL), ormConfig)
 	case constants.DbTypeSqlite:
-		sqlDB, err = gorm.Open(sqlite.Open(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)), ormConfig)
+		sqlDB, err = gorm.Open(sqlite.Open(dbURL), ormConfig)
 	case constants.DbTypeMysql, constants.DbTypeMariaDB:
-		sqlDB, err = gorm.Open(mysql.Open(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)), ormConfig)
+		sqlDB, err = gorm.Open(mysql.Open(dbURL), ormConfig)
 	case constants.DbTypeSqlserver:
-		sqlDB, err = gorm.Open(sqlserver.Open(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)), ormConfig)
+		sqlDB, err = gorm.Open(sqlserver.Open(dbURL), ormConfig)
 	}
 
 	if err != nil {

server/db/providers/sql/user.go

@@ -1,13 +1,12 @@
 package sql
 
 import (
-	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/google/uuid"
 	"gorm.io/gorm/clause"
 )
@@ -19,7 +18,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		user.Roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()
@@ -94,7 +97,6 @@ func (p *provider) ListUsers(pagination model.Pagination) (*model.Users, error)
 func (p *provider) GetUserByEmail(email string) (models.User, error) {
 	var user models.User
 	result := p.db.Where("email = ?", email).First(&user)
-
 	if result.Error != nil {
 		return user, result.Error
 	}
@@ -107,7 +109,6 @@ func (p *provider) GetUserByID(id string) (models.User, error) {
 	var user models.User
 
 	result := p.db.Where("id = ?", id).First(&user)
-
 	if result.Error != nil {
 		return user, result.Error
 	}

server/email/email.go

@@ -11,7 +11,7 @@ import (
 	gomail "gopkg.in/mail.v2"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // addEmailTemplate is used to add html template in email body
@@ -33,17 +33,57 @@ func addEmailTemplate(a string, b map[string]interface{}, templateName string) s
 // SendMail function to send mail
 func SendMail(to []string, Subject, bodyMessage string) error {
 	// dont trigger email sending in case of test
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEnv) == "test" {
+	envKey, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEnv)
+	if err != nil {
+		return err
+	}
+	if envKey == constants.TestEnv {
 		return nil
 	}
 	m := gomail.NewMessage()
-	m.SetHeader("From", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeySenderEmail))
+	senderEmail, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySenderEmail)
+	if err != nil {
+		log.Errorf("Error while getting sender email from env variable: %v", err)
+		return err
+	}
+
+	smtpPort, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySmtpPort)
+	if err != nil {
+		log.Errorf("Error while getting smtp port from env variable: %v", err)
+		return err
+	}
+
+	smtpHost, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySmtpHost)
+	if err != nil {
+		log.Errorf("Error while getting smtp host from env variable: %v", err)
+		return err
+	}
+
+	smtpUsername, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySmtpUsername)
+	if err != nil {
+		log.Errorf("Error while getting smtp username from env variable: %v", err)
+		return err
+	}
+
+	smtpPassword, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySmtpPassword)
+	if err != nil {
+		log.Errorf("Error while getting smtp password from env variable: %v", err)
+		return err
+	}
+
+	isProd, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsProd)
+	if err != nil {
+		log.Errorf("Error while getting env variable: %v", err)
+		return err
+	}
+
+	m.SetHeader("From", senderEmail)
 	m.SetHeader("To", to...)
 	m.SetHeader("Subject", Subject)
 	m.SetBody("text/html", bodyMessage)
-	port, _ := strconv.Atoi(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeySmtpPort))
-	d := gomail.NewDialer(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeySmtpHost), port, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeySmtpUsername), envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeySmtpPassword))
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEnv) == "development" {
+	port, _ := strconv.Atoi(smtpPort)
+	d := gomail.NewDialer(smtpHost, port, smtpUsername, smtpPassword)
+	if !isProd {
 		d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	if err := d.DialAndSend(m); err != nil {

server/email/forgot_password_email.go

@@ -2,14 +2,19 @@ package email
 
 import (
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // SendForgotPasswordMail to send forgot password email
 func SendForgotPasswordMail(toEmail, token, hostname string) error {
-	resetPasswordUrl := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
+	resetPasswordUrl, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
+	if err != nil {
+		return err
+	}
 	if resetPasswordUrl == "" {
-		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password")
+		if err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password"); err != nil {
+			return err
+		}
 	}
 
 	// The receiver needs to be in slice as the receive supports multiple receiver
@@ -103,8 +108,14 @@ func SendForgotPasswordMail(toEmail, token, hostname string) error {
 	`
 
 	data := make(map[string]interface{}, 3)
-	data["org_logo"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
-	data["org_name"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+	data["org_logo"], err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
+	if err != nil {
+		return err
+	}
+	data["org_name"], err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+	if err != nil {
+		return err
+	}
 	data["verification_url"] = resetPasswordUrl + "?token=" + token
 	message = addEmailTemplate(message, data, "reset_password_email.tmpl")
 

server/email/invite_email.go

@@ -4,7 +4,7 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // InviteEmail to send invite email
@@ -99,13 +99,20 @@ func InviteEmail(toEmail, token, verificationURL, redirectURI string) error {
     </html>
 	`
 	data := make(map[string]interface{}, 3)
-	data["org_logo"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
-	data["org_name"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+	var err error
+	data["org_logo"], err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
+	if err != nil {
+		return err
+	}
+	data["org_name"], err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+	if err != nil {
+		return err
+	}
 	data["verification_url"] = verificationURL + "?token=" + token + "&redirect_uri=" + redirectURI
 	message = addEmailTemplate(message, data, "invite_email.tmpl")
 	// bodyMessage := sender.WriteHTMLEmail(Receiver, Subject, message)
 
-	err := SendMail(Receiver, Subject, message)
+	err = SendMail(Receiver, Subject, message)
 	if err != nil {
 		log.Warn("error sending email: ", err)
 	}

server/email/verification_email.go

@@ -4,7 +4,7 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // SendVerificationMail to send verification email
@@ -99,13 +99,20 @@ func SendVerificationMail(toEmail, token, hostname string) error {
     </html>
 	`
 	data := make(map[string]interface{}, 3)
-	data["org_logo"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
-	data["org_name"] = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+	var err error
+	data["org_logo"], err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
+	if err != nil {
+		return err
+	}
+	data["org_name"], err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+	if err != nil {
+		return err
+	}
 	data["verification_url"] = hostname + "/verify_email?token=" + token
 	message = addEmailTemplate(message, data, "verify_email.tmpl")
 	// bodyMessage := sender.WriteHTMLEmail(Receiver, Subject, message)
 
-	err := SendMail(Receiver, Subject, message)
+	err = SendMail(Receiver, Subject, message)
 	if err != nil {
 		log.Warn("error sending email: ", err)
 	}

server/env/env.go

@@ -2,212 +2,246 @@ package env
 
 import (
 	"errors"
+	"fmt"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/google/uuid"
-	"github.com/joho/godotenv"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
-// InitRequiredEnv to initialize EnvData and through error if required env are not present
-func InitRequiredEnv() error {
-	envPath := os.Getenv(constants.EnvKeyEnvPath)
-
-	if envPath == "" {
-		envPath = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyEnvPath)
-		if envPath == "" {
-			envPath = `.env`
-		}
-	}
-
-	if envstore.ARG_ENV_FILE != nil && *envstore.ARG_ENV_FILE != "" {
-		envPath = *envstore.ARG_ENV_FILE
-	}
-	log.Info("env path: ", envPath)
-
-	err := godotenv.Load(envPath)
-	if err != nil {
-		log.Info("using OS env instead of %s file", envPath)
-	}
-
-	dbURL := os.Getenv(constants.EnvKeyDatabaseURL)
-	dbType := os.Getenv(constants.EnvKeyDatabaseType)
-	dbName := os.Getenv(constants.EnvKeyDatabaseName)
-	dbPort := os.Getenv(constants.EnvKeyDatabasePort)
-	dbHost := os.Getenv(constants.EnvKeyDatabaseHost)
-	dbUsername := os.Getenv(constants.EnvKeyDatabaseUsername)
-	dbPassword := os.Getenv(constants.EnvKeyDatabasePassword)
-	dbCert := os.Getenv(constants.EnvKeyDatabaseCert)
-	dbCertKey := os.Getenv(constants.EnvKeyDatabaseCertKey)
-	dbCACert := os.Getenv(constants.EnvKeyDatabaseCACert)
-
-	if strings.TrimSpace(dbType) == "" {
-		if envstore.ARG_DB_TYPE != nil && *envstore.ARG_DB_TYPE != "" {
-			dbType = strings.TrimSpace(*envstore.ARG_DB_TYPE)
-		}
-
-		if dbType == "" {
-			log.Debug("DATABASE_TYPE is not set")
-			return errors.New("invalid database type. DATABASE_TYPE is empty")
-		}
-	}
-
-	if strings.TrimSpace(dbURL) == "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL) == "" {
-		if envstore.ARG_DB_URL != nil && *envstore.ARG_DB_URL != "" {
-			dbURL = strings.TrimSpace(*envstore.ARG_DB_URL)
-		}
-
-		if dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
-			log.Debug("DATABASE_URL is not set")
-			return errors.New("invalid database url. DATABASE_URL is required")
-		}
-	}
-
-	if dbName == "" {
-		if dbName == "" {
-			dbName = "authorizer"
-		}
-	}
-
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, envPath)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseURL, dbURL)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseType, dbType)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseName, dbName)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseHost, dbHost)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabasePort, dbPort)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseUsername, dbUsername)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabasePassword, dbPassword)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseCert, dbCert)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseCertKey, dbCertKey)
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseCACert, dbCACert)
-
-	return nil
-}
-
 // InitEnv to initialize EnvData and through error if required env are not present
 func InitAllEnv() error {
 	envData, err := GetEnvData()
 	if err != nil {
 		log.Info("No env data found in db, using local clone of env data")
 		// get clone of current store
-		envData = envstore.EnvStoreObj.GetEnvStoreClone()
+		envData, err = memorystore.Provider.GetEnvStore()
+		if err != nil {
+			log.Debug("Error while getting env data from memorystore: ", err)
+			return err
+		}
 	}
 
-	clientID := envData.StringEnv[constants.EnvKeyClientID]
 	// unique client id for each instance
-	if clientID == "" {
+	cid, ok := envData[constants.EnvKeyClientID]
+	clientID := ""
+	if !ok || cid == "" {
 		clientID = uuid.New().String()
-		envData.StringEnv[constants.EnvKeyClientID] = clientID
-	}
-
-	clientSecret := envData.StringEnv[constants.EnvKeyClientSecret]
-	// unique client id for each instance
-	if clientSecret == "" {
-		clientSecret = uuid.New().String()
-		envData.StringEnv[constants.EnvKeyClientSecret] = clientSecret
-	}
-
-	if envData.StringEnv[constants.EnvKeyEnv] == "" {
-		envData.StringEnv[constants.EnvKeyEnv] = os.Getenv(constants.EnvKeyEnv)
-		if envData.StringEnv[constants.EnvKeyEnv] == "" {
-			envData.StringEnv[constants.EnvKeyEnv] = "production"
-		}
-
-		if envData.StringEnv[constants.EnvKeyEnv] == "production" {
-			envData.BoolEnv[constants.EnvKeyIsProd] = true
+		envData[constants.EnvKeyClientID] = clientID
 	} else {
-			envData.BoolEnv[constants.EnvKeyIsProd] = false
-		}
+		clientID = cid.(string)
 	}
 
-	if envData.StringEnv[constants.EnvKeyAppURL] == "" {
-		envData.StringEnv[constants.EnvKeyAppURL] = os.Getenv(constants.EnvKeyAppURL)
+	// unique client secret for each instance
+	if val, ok := envData[constants.EnvKeyClientSecret]; !ok || val != "" {
+		envData[constants.EnvKeyClientSecret] = uuid.New().String()
 	}
 
-	if envData.StringEnv[constants.EnvKeyAuthorizerURL] == "" {
-		envData.StringEnv[constants.EnvKeyAuthorizerURL] = os.Getenv(constants.EnvKeyAuthorizerURL)
+	// os string envs
+	osEnv := os.Getenv(constants.EnvKeyEnv)
+	osAppURL := os.Getenv(constants.EnvKeyAppURL)
+	osAuthorizerURL := os.Getenv(constants.EnvKeyAuthorizerURL)
+	osPort := os.Getenv(constants.EnvKeyPort)
+	osAccessTokenExpiryTime := os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
+	osAdminSecret := os.Getenv(constants.EnvKeyAdminSecret)
+	osSmtpHost := os.Getenv(constants.EnvKeySmtpHost)
+	osSmtpPort := os.Getenv(constants.EnvKeySmtpPort)
+	osSmtpUsername := os.Getenv(constants.EnvKeySmtpUsername)
+	osSmtpPassword := os.Getenv(constants.EnvKeySmtpPassword)
+	osSenderEmail := os.Getenv(constants.EnvKeySenderEmail)
+	osJwtType := os.Getenv(constants.EnvKeyJwtType)
+	osJwtSecret := os.Getenv(constants.EnvKeyJwtSecret)
+	osJwtPrivateKey := os.Getenv(constants.EnvKeyJwtPrivateKey)
+	osJwtPublicKey := os.Getenv(constants.EnvKeyJwtPublicKey)
+	osJwtRoleClaim := os.Getenv(constants.EnvKeyJwtRoleClaim)
+	osCustomAccessTokenScript := os.Getenv(constants.EnvKeyCustomAccessTokenScript)
+	osGoogleClientID := os.Getenv(constants.EnvKeyGoogleClientID)
+	osGoogleClientSecret := os.Getenv(constants.EnvKeyGoogleClientSecret)
+	osGithubClientID := os.Getenv(constants.EnvKeyGithubClientID)
+	osGithubClientSecret := os.Getenv(constants.EnvKeyGithubClientSecret)
+	osFacebookClientID := os.Getenv(constants.EnvKeyFacebookClientID)
+	osFacebookClientSecret := os.Getenv(constants.EnvKeyFacebookClientSecret)
+	osLinkedInClientID := os.Getenv(constants.EnvKeyLinkedInClientID)
+	osLinkedInClientSecret := os.Getenv(constants.EnvKeyLinkedInClientSecret)
+	osAppleClientID := os.Getenv(constants.EnvKeyAppleClientID)
+	osAppleClientSecret := os.Getenv(constants.EnvKeyAppleClientSecret)
+	osResetPasswordURL := os.Getenv(constants.EnvKeyResetPasswordURL)
+	osOrganizationName := os.Getenv(constants.EnvKeyOrganizationName)
+	osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo)
+
+	// os bool vars
+	osDisableBasicAuthentication := os.Getenv(constants.EnvKeyDisableBasicAuthentication)
+	osDisableEmailVerification := os.Getenv(constants.EnvKeyDisableEmailVerification)
+	osDisableMagicLinkLogin := os.Getenv(constants.EnvKeyDisableMagicLinkLogin)
+	osDisableLoginPage := os.Getenv(constants.EnvKeyDisableLoginPage)
+	osDisableSignUp := os.Getenv(constants.EnvKeyDisableSignUp)
+	osDisableRedisForEnv := os.Getenv(constants.EnvKeyDisableRedisForEnv)
+
+	// os slice vars
+	osAllowedOrigins := os.Getenv(constants.EnvKeyAllowedOrigins)
+	osRoles := os.Getenv(constants.EnvKeyRoles)
+	osDefaultRoles := os.Getenv(constants.EnvKeyDefaultRoles)
+	osProtectedRoles := os.Getenv(constants.EnvKeyProtectedRoles)
+
+	ienv, ok := envData[constants.EnvKeyEnv]
+	if !ok || ienv == "" {
+		envData[constants.EnvKeyEnv] = osEnv
+		if envData[constants.EnvKeyEnv] == "" {
+			envData[constants.EnvKeyEnv] = "production"
 		}
 
-	if envData.StringEnv[constants.EnvKeyPort] == "" {
-		envData.StringEnv[constants.EnvKeyPort] = os.Getenv(constants.EnvKeyPort)
-		if envData.StringEnv[constants.EnvKeyPort] == "" {
-			envData.StringEnv[constants.EnvKeyPort] = "8080"
-		}
-	}
-
-	if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
-		envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
-		if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
-			envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = "30m"
-		}
-	}
-
-	if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {
-		envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)
-	}
-
-	if envData.StringEnv[constants.EnvKeySmtpHost] == "" {
-		envData.StringEnv[constants.EnvKeySmtpHost] = os.Getenv(constants.EnvKeySmtpHost)
-	}
-
-	if envData.StringEnv[constants.EnvKeySmtpPort] == "" {
-		envData.StringEnv[constants.EnvKeySmtpPort] = os.Getenv(constants.EnvKeySmtpPort)
-	}
-
-	if envData.StringEnv[constants.EnvKeySmtpUsername] == "" {
-		envData.StringEnv[constants.EnvKeySmtpUsername] = os.Getenv(constants.EnvKeySmtpUsername)
-	}
-
-	if envData.StringEnv[constants.EnvKeySmtpPassword] == "" {
-		envData.StringEnv[constants.EnvKeySmtpPassword] = os.Getenv(constants.EnvKeySmtpPassword)
-	}
-
-	if envData.StringEnv[constants.EnvKeySenderEmail] == "" {
-		envData.StringEnv[constants.EnvKeySenderEmail] = os.Getenv(constants.EnvKeySenderEmail)
-	}
-
-	algo := envData.StringEnv[constants.EnvKeyJwtType]
-	if algo == "" {
-		envData.StringEnv[constants.EnvKeyJwtType] = os.Getenv(constants.EnvKeyJwtType)
-		if envData.StringEnv[constants.EnvKeyJwtType] == "" {
-			envData.StringEnv[constants.EnvKeyJwtType] = "RS256"
-			algo = envData.StringEnv[constants.EnvKeyJwtType]
+		if envData[constants.EnvKeyEnv] == "production" {
+			envData[constants.EnvKeyIsProd] = true
 		} else {
-			algo = envData.StringEnv[constants.EnvKeyJwtType]
+			envData[constants.EnvKeyIsProd] = false
+		}
+	}
+	if osEnv != "" && osEnv != envData[constants.EnvKeyEnv] {
+		envData[constants.EnvKeyEnv] = osEnv
+		if envData[constants.EnvKeyEnv] == "production" {
+			envData[constants.EnvKeyIsProd] = true
+		} else {
+			envData[constants.EnvKeyIsProd] = false
+		}
+	}
+
+	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
+		envData[constants.EnvKeyAppURL] = osAppURL
+	}
+	if osAppURL != "" && envData[constants.EnvKeyAppURL] != osAppURL {
+		envData[constants.EnvKeyAppURL] = osAppURL
+	}
+
+	if val, ok := envData[constants.EnvKeyAuthorizerURL]; !ok || val == "" {
+		envData[constants.EnvKeyAuthorizerURL] = osAuthorizerURL
+	}
+	if osAuthorizerURL != "" && envData[constants.EnvKeyAuthorizerURL] != osAuthorizerURL {
+		envData[constants.EnvKeyAuthorizerURL] = osAuthorizerURL
+	}
+
+	if val, ok := envData[constants.EnvKeyPort]; !ok || val == "" {
+		envData[constants.EnvKeyPort] = osPort
+		if envData[constants.EnvKeyPort] == "" {
+			envData[constants.EnvKeyPort] = "8080"
+		}
+	}
+	if osPort != "" && envData[constants.EnvKeyPort] != osPort {
+		envData[constants.EnvKeyPort] = osPort
+	}
+
+	if val, ok := envData[constants.EnvKeyAccessTokenExpiryTime]; !ok || val == "" {
+		envData[constants.EnvKeyAccessTokenExpiryTime] = osAccessTokenExpiryTime
+		if envData[constants.EnvKeyAccessTokenExpiryTime] == "" {
+			envData[constants.EnvKeyAccessTokenExpiryTime] = "30m"
+		}
+	}
+	if osAccessTokenExpiryTime != "" && envData[constants.EnvKeyAccessTokenExpiryTime] != osAccessTokenExpiryTime {
+		envData[constants.EnvKeyAccessTokenExpiryTime] = osAccessTokenExpiryTime
+	}
+
+	if val, ok := envData[constants.EnvKeyAdminSecret]; !ok || val == "" {
+		envData[constants.EnvKeyAdminSecret] = osAdminSecret
+	}
+	if osAdminSecret != "" && envData[constants.EnvKeyAdminSecret] != osAdminSecret {
+		envData[constants.EnvKeyAdminSecret] = osAdminSecret
+	}
+
+	if val, ok := envData[constants.EnvKeySmtpHost]; !ok || val == "" {
+		envData[constants.EnvKeySmtpHost] = osSmtpHost
+	}
+	if osSmtpHost != "" && envData[constants.EnvKeySmtpHost] != osSmtpHost {
+		envData[constants.EnvKeySmtpHost] = osSmtpHost
+	}
+
+	if val, ok := envData[constants.EnvKeySmtpPort]; !ok || val == "" {
+		envData[constants.EnvKeySmtpPort] = osSmtpPort
+	}
+	if osSmtpPort != "" && envData[constants.EnvKeySmtpPort] != osSmtpPort {
+		envData[constants.EnvKeySmtpPort] = osSmtpPort
+	}
+
+	if val, ok := envData[constants.EnvKeySmtpUsername]; !ok || val == "" {
+		envData[constants.EnvKeySmtpUsername] = osSmtpUsername
+	}
+	if osSmtpUsername != "" && envData[constants.EnvKeySmtpUsername] != osSmtpUsername {
+		envData[constants.EnvKeySmtpUsername] = osSmtpUsername
+	}
+
+	if val, ok := envData[constants.EnvKeySmtpPassword]; !ok || val == "" {
+		envData[constants.EnvKeySmtpPassword] = osSmtpPassword
+	}
+	if osSmtpPassword != "" && envData[constants.EnvKeySmtpPassword] != osSmtpPassword {
+		envData[constants.EnvKeySmtpPassword] = osSmtpPassword
+	}
+
+	if val, ok := envData[constants.EnvKeySenderEmail]; !ok || val == "" {
+		envData[constants.EnvKeySenderEmail] = osSenderEmail
+	}
+	if osSenderEmail != "" && envData[constants.EnvKeySenderEmail] != osSenderEmail {
+		envData[constants.EnvKeySenderEmail] = osSenderEmail
+	}
+
+	algoVal, ok := envData[constants.EnvKeyJwtType]
+	algo := ""
+	if !ok || algoVal == "" {
+		envData[constants.EnvKeyJwtType] = osJwtType
+		if envData[constants.EnvKeyJwtType] == "" {
+			envData[constants.EnvKeyJwtType] = "RS256"
+			algo = envData[constants.EnvKeyJwtType].(string)
+		}
+	} else {
+		algo = algoVal.(string)
 		if !crypto.IsHMACA(algo) && !crypto.IsRSA(algo) && !crypto.IsECDSA(algo) {
 			log.Debug("Invalid JWT Algorithm")
 			return errors.New("invalid JWT_TYPE")
 		}
 	}
+	if osJwtType != "" && osJwtType != algo {
+		if !crypto.IsHMACA(osJwtType) && !crypto.IsRSA(osJwtType) && !crypto.IsECDSA(osJwtType) {
+			log.Debug("Invalid JWT Algorithm")
+			return errors.New("invalid JWT_TYPE")
+		}
+		algo = osJwtType
+		envData[constants.EnvKeyJwtType] = osJwtType
 	}
 
 	if crypto.IsHMACA(algo) {
-		if envData.StringEnv[constants.EnvKeyJwtSecret] == "" {
-			envData.StringEnv[constants.EnvKeyJwtSecret] = os.Getenv(constants.EnvKeyJwtSecret)
-			if envData.StringEnv[constants.EnvKeyJwtSecret] == "" {
-				envData.StringEnv[constants.EnvKeyJwtSecret], _, err = crypto.NewHMACKey(algo, clientID)
+		if val, ok := envData[constants.EnvKeyJwtSecret]; !ok || val == "" {
+			envData[constants.EnvKeyJwtSecret] = osJwtSecret
+			if envData[constants.EnvKeyJwtSecret] == "" {
+				envData[constants.EnvKeyJwtSecret], _, err = crypto.NewHMACKey(algo, clientID)
 				if err != nil {
 					return err
 				}
 			}
 		}
+		if osJwtSecret != "" && envData[constants.EnvKeyJwtSecret] != osJwtSecret {
+			envData[constants.EnvKeyJwtSecret] = osJwtSecret
+		}
 	}
 
 	if crypto.IsRSA(algo) || crypto.IsECDSA(algo) {
 		privateKey, publicKey := "", ""
 
-		if envData.StringEnv[constants.EnvKeyJwtPrivateKey] == "" {
-			privateKey = os.Getenv(constants.EnvKeyJwtPrivateKey)
+		if val, ok := envData[constants.EnvKeyJwtPrivateKey]; !ok || val == "" {
+			privateKey = osJwtPrivateKey
+		}
+		if osJwtPrivateKey != "" && privateKey != osJwtPrivateKey {
+			privateKey = osJwtPrivateKey
 		}
 
-		if envData.StringEnv[constants.EnvKeyJwtPublicKey] == "" {
-			publicKey = os.Getenv(constants.EnvKeyJwtPublicKey)
+		if val, ok := envData[constants.EnvKeyJwtPublicKey]; !ok || val == "" {
+			publicKey = osJwtPublicKey
+		}
+		if osJwtPublicKey != "" && publicKey != osJwtPublicKey {
+			publicKey = osJwtPublicKey
 		}
 
 		// if algo is RSA / ECDSA, then we need to have both private and public key
@@ -250,159 +284,260 @@ func InitAllEnv() error {
 			}
 		}
 
-		envData.StringEnv[constants.EnvKeyJwtPrivateKey] = privateKey
-		envData.StringEnv[constants.EnvKeyJwtPublicKey] = publicKey
+		envData[constants.EnvKeyJwtPrivateKey] = privateKey
+		envData[constants.EnvKeyJwtPublicKey] = publicKey
 
 	}
 
-	if envData.StringEnv[constants.EnvKeyJwtRoleClaim] == "" {
-		envData.StringEnv[constants.EnvKeyJwtRoleClaim] = os.Getenv(constants.EnvKeyJwtRoleClaim)
+	if val, ok := envData[constants.EnvKeyJwtRoleClaim]; !ok || val == "" {
+		envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim
 
-		if envData.StringEnv[constants.EnvKeyJwtRoleClaim] == "" {
-			envData.StringEnv[constants.EnvKeyJwtRoleClaim] = "role"
+		if envData[constants.EnvKeyJwtRoleClaim] == "" {
+			envData[constants.EnvKeyJwtRoleClaim] = "role"
+		}
+	}
+	if osJwtRoleClaim != "" && envData[constants.EnvKeyJwtRoleClaim] != osJwtRoleClaim {
+		envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim
+	}
+
+	if val, ok := envData[constants.EnvKeyCustomAccessTokenScript]; !ok || val == "" {
+		envData[constants.EnvKeyCustomAccessTokenScript] = osCustomAccessTokenScript
+	}
+	if osCustomAccessTokenScript != "" && envData[constants.EnvKeyCustomAccessTokenScript] != osCustomAccessTokenScript {
+		envData[constants.EnvKeyCustomAccessTokenScript] = osCustomAccessTokenScript
+	}
+
+	if val, ok := envData[constants.EnvKeyGoogleClientID]; !ok || val == "" {
+		envData[constants.EnvKeyGoogleClientID] = osGoogleClientID
+	}
+	if osGoogleClientID != "" && envData[constants.EnvKeyGoogleClientID] != osGoogleClientID {
+		envData[constants.EnvKeyGoogleClientID] = osGoogleClientID
+	}
+
+	if val, ok := envData[constants.EnvKeyGoogleClientSecret]; !ok || val == "" {
+		envData[constants.EnvKeyGoogleClientSecret] = osGoogleClientSecret
+	}
+	if osGoogleClientSecret != "" && envData[constants.EnvKeyGoogleClientSecret] != osGoogleClientSecret {
+		envData[constants.EnvKeyGoogleClientSecret] = osGoogleClientSecret
+	}
+
+	if val, ok := envData[constants.EnvKeyGithubClientID]; !ok || val == "" {
+		envData[constants.EnvKeyGithubClientID] = osGithubClientID
+	}
+	if osGithubClientID != "" && envData[constants.EnvKeyGithubClientID] != osGithubClientID {
+		envData[constants.EnvKeyGithubClientID] = osGithubClientID
+	}
+
+	if val, ok := envData[constants.EnvKeyGithubClientSecret]; !ok || val == "" {
+		envData[constants.EnvKeyGithubClientSecret] = osGithubClientSecret
+	}
+	if osGithubClientSecret != "" && envData[constants.EnvKeyGithubClientSecret] != osGithubClientSecret {
+		envData[constants.EnvKeyGithubClientSecret] = osGithubClientSecret
+	}
+
+	if val, ok := envData[constants.EnvKeyFacebookClientID]; !ok || val == "" {
+		envData[constants.EnvKeyFacebookClientID] = osFacebookClientID
+	}
+	if osFacebookClientID != "" && envData[constants.EnvKeyFacebookClientID] != osFacebookClientID {
+		envData[constants.EnvKeyFacebookClientID] = osFacebookClientID
+	}
+
+	if val, ok := envData[constants.EnvKeyFacebookClientSecret]; !ok || val == "" {
+		envData[constants.EnvKeyFacebookClientSecret] = osFacebookClientSecret
+	}
+	if osFacebookClientSecret != "" && envData[constants.EnvKeyFacebookClientSecret] != osFacebookClientSecret {
+		envData[constants.EnvKeyFacebookClientSecret] = osFacebookClientSecret
+	}
+
+	if val, ok := envData[constants.EnvKeyLinkedInClientID]; !ok || val == "" {
+		envData[constants.EnvKeyLinkedInClientID] = osLinkedInClientID
+	}
+	if osFacebookClientID != "" && envData[constants.EnvKeyLinkedInClientID] != osFacebookClientID {
+		envData[constants.EnvKeyLinkedInClientID] = osLinkedInClientID
+	}
+
+	if val, ok := envData[constants.EnvKeyLinkedInClientSecret]; !ok || val == "" {
+		envData[constants.EnvKeyLinkedInClientSecret] = osLinkedInClientSecret
+	}
+	if osFacebookClientSecret != "" && envData[constants.EnvKeyLinkedInClientSecret] != osFacebookClientSecret {
+		envData[constants.EnvKeyLinkedInClientSecret] = osLinkedInClientSecret
+	}
+
+	if val, ok := envData[constants.EnvKeyAppleClientID]; !ok || val == "" {
+		envData[constants.EnvKeyAppleClientID] = osAppleClientID
+	}
+	if osFacebookClientID != "" && envData[constants.EnvKeyAppleClientID] != osFacebookClientID {
+		envData[constants.EnvKeyAppleClientID] = osAppleClientID
+	}
+
+	if val, ok := envData[constants.EnvKeyAppleClientSecret]; !ok || val == "" {
+		envData[constants.EnvKeyAppleClientSecret] = osAppleClientSecret
+	}
+	if osFacebookClientSecret != "" && envData[constants.EnvKeyAppleClientSecret] != osFacebookClientSecret {
+		envData[constants.EnvKeyAppleClientSecret] = osAppleClientSecret
+	}
+
+	if val, ok := envData[constants.EnvKeyResetPasswordURL]; !ok || val == "" {
+		envData[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(osResetPasswordURL, "/")
+	}
+	if osResetPasswordURL != "" && envData[constants.EnvKeyResetPasswordURL] != osResetPasswordURL {
+		envData[constants.EnvKeyResetPasswordURL] = osResetPasswordURL
+	}
+
+	if val, ok := envData[constants.EnvKeyOrganizationName]; !ok || val == "" {
+		envData[constants.EnvKeyOrganizationName] = osOrganizationName
+	}
+	if osOrganizationName != "" && envData[constants.EnvKeyOrganizationName] != osOrganizationName {
+		envData[constants.EnvKeyOrganizationName] = osOrganizationName
+	}
+
+	if val, ok := envData[constants.EnvKeyOrganizationLogo]; !ok || val == "" {
+		envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo
+	}
+	if osOrganizationLogo != "" && envData[constants.EnvKeyOrganizationLogo] != osOrganizationLogo {
+		envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo
+	}
+
+	if _, ok := envData[constants.EnvKeyDisableBasicAuthentication]; !ok {
+		envData[constants.EnvKeyDisableBasicAuthentication] = osDisableBasicAuthentication == "true"
+	}
+	if osDisableBasicAuthentication != "" {
+		boolValue, err := strconv.ParseBool(osDisableBasicAuthentication)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableBasicAuthentication].(bool) {
+			envData[constants.EnvKeyDisableBasicAuthentication] = boolValue
 		}
 	}
 
-	if envData.StringEnv[constants.EnvKeyCustomAccessTokenScript] == "" {
-		envData.StringEnv[constants.EnvKeyCustomAccessTokenScript] = os.Getenv(constants.EnvKeyCustomAccessTokenScript)
+	if _, ok := envData[constants.EnvKeyDisableEmailVerification]; !ok {
+		envData[constants.EnvKeyDisableEmailVerification] = osDisableEmailVerification == "true"
 	}
-
-	if envData.StringEnv[constants.EnvKeyRedisURL] == "" {
-		envData.StringEnv[constants.EnvKeyRedisURL] = os.Getenv(constants.EnvKeyRedisURL)
+	if osDisableEmailVerification != "" {
+		boolValue, err := strconv.ParseBool(osDisableEmailVerification)
+		if err != nil {
+			return err
 		}
-
-	if envData.StringEnv[constants.EnvKeyCookieName] == "" {
-		envData.StringEnv[constants.EnvKeyCookieName] = os.Getenv(constants.EnvKeyCookieName)
-		if envData.StringEnv[constants.EnvKeyCookieName] == "" {
-			envData.StringEnv[constants.EnvKeyCookieName] = "authorizer"
+		if boolValue != envData[constants.EnvKeyDisableEmailVerification].(bool) {
+			envData[constants.EnvKeyDisableEmailVerification] = boolValue
 		}
 	}
 
-	if envData.StringEnv[constants.EnvKeyGoogleClientID] == "" {
-		envData.StringEnv[constants.EnvKeyGoogleClientID] = os.Getenv(constants.EnvKeyGoogleClientID)
+	if _, ok := envData[constants.EnvKeyDisableMagicLinkLogin]; !ok {
+		envData[constants.EnvKeyDisableMagicLinkLogin] = osDisableMagicLinkLogin == "true"
+	}
+	if osDisableMagicLinkLogin != "" {
+		boolValue, err := strconv.ParseBool(osDisableMagicLinkLogin)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableMagicLinkLogin].(bool) {
+			envData[constants.EnvKeyDisableMagicLinkLogin] = boolValue
+		}
 	}
 
-	if envData.StringEnv[constants.EnvKeyGoogleClientSecret] == "" {
-		envData.StringEnv[constants.EnvKeyGoogleClientSecret] = os.Getenv(constants.EnvKeyGoogleClientSecret)
+	if _, ok := envData[constants.EnvKeyDisableLoginPage]; !ok {
+		envData[constants.EnvKeyDisableLoginPage] = osDisableLoginPage == "true"
+	}
+	if osDisableLoginPage != "" {
+		boolValue, err := strconv.ParseBool(osDisableLoginPage)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableLoginPage].(bool) {
+			envData[constants.EnvKeyDisableLoginPage] = boolValue
+		}
 	}
 
-	if envData.StringEnv[constants.EnvKeyGithubClientID] == "" {
-		envData.StringEnv[constants.EnvKeyGithubClientID] = os.Getenv(constants.EnvKeyGithubClientID)
+	if _, ok := envData[constants.EnvKeyDisableSignUp]; !ok {
+		envData[constants.EnvKeyDisableSignUp] = osDisableSignUp == "true"
+	}
+	if osDisableSignUp != "" {
+		boolValue, err := strconv.ParseBool(osDisableSignUp)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableSignUp].(bool) {
+			envData[constants.EnvKeyDisableSignUp] = boolValue
+		}
 	}
 
-	if envData.StringEnv[constants.EnvKeyGithubClientSecret] == "" {
-		envData.StringEnv[constants.EnvKeyGithubClientSecret] = os.Getenv(constants.EnvKeyGithubClientSecret)
+	if _, ok := envData[constants.EnvKeyDisableRedisForEnv]; !ok {
+		envData[constants.EnvKeyDisableRedisForEnv] = osDisableRedisForEnv == "true"
 	}
-
-	if envData.StringEnv[constants.EnvKeyFacebookClientID] == "" {
-		envData.StringEnv[constants.EnvKeyFacebookClientID] = os.Getenv(constants.EnvKeyFacebookClientID)
+	if osDisableRedisForEnv != "" {
+		boolValue, err := strconv.ParseBool(osDisableRedisForEnv)
+		if err != nil {
+			return err
 		}
-
-	if envData.StringEnv[constants.EnvKeyFacebookClientSecret] == "" {
-		envData.StringEnv[constants.EnvKeyFacebookClientSecret] = os.Getenv(constants.EnvKeyFacebookClientSecret)
+		if boolValue != envData[constants.EnvKeyDisableRedisForEnv].(bool) {
+			envData[constants.EnvKeyDisableRedisForEnv] = boolValue
 		}
-
-	if envData.StringEnv[constants.EnvKeyResetPasswordURL] == "" {
-		envData.StringEnv[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv(constants.EnvKeyResetPasswordURL), "/")
 	}
 
-	envData.BoolEnv[constants.EnvKeyDisableBasicAuthentication] = os.Getenv(constants.EnvKeyDisableBasicAuthentication) == "true"
-	envData.BoolEnv[constants.EnvKeyDisableEmailVerification] = os.Getenv(constants.EnvKeyDisableEmailVerification) == "true"
-	envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv(constants.EnvKeyDisableMagicLinkLogin) == "true"
-	envData.BoolEnv[constants.EnvKeyDisableLoginPage] = os.Getenv(constants.EnvKeyDisableLoginPage) == "true"
-	envData.BoolEnv[constants.EnvKeyDisableSignUp] = os.Getenv(constants.EnvKeyDisableSignUp) == "true"
-
 	// no need to add nil check as its already done above
-	if envData.StringEnv[constants.EnvKeySmtpHost] == "" || envData.StringEnv[constants.EnvKeySmtpUsername] == "" || envData.StringEnv[constants.EnvKeySmtpPassword] == "" || envData.StringEnv[constants.EnvKeySenderEmail] == "" && envData.StringEnv[constants.EnvKeySmtpPort] == "" {
-		envData.BoolEnv[constants.EnvKeyDisableEmailVerification] = true
-		envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
+	if envData[constants.EnvKeySmtpHost] == "" || envData[constants.EnvKeySmtpUsername] == "" || envData[constants.EnvKeySmtpPassword] == "" || envData[constants.EnvKeySenderEmail] == "" && envData[constants.EnvKeySmtpPort] == "" {
+		envData[constants.EnvKeyDisableEmailVerification] = true
+		envData[constants.EnvKeyDisableMagicLinkLogin] = true
 	}
 
-	if envData.BoolEnv[constants.EnvKeyDisableEmailVerification] {
-		envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
+	if envData[constants.EnvKeyDisableEmailVerification].(bool) {
+		envData[constants.EnvKeyDisableMagicLinkLogin] = true
 	}
 
-	allowedOriginsSplit := strings.Split(os.Getenv(constants.EnvKeyAllowedOrigins), ",")
-	allowedOrigins := []string{}
-	hasWildCard := false
-
-	for _, val := range allowedOriginsSplit {
-		trimVal := strings.TrimSpace(val)
-		if trimVal != "" {
-			if trimVal != "*" {
-				host, port := utils.GetHostParts(trimVal)
-				allowedOrigins = append(allowedOrigins, host+":"+port)
-			} else {
-				hasWildCard = true
-				allowedOrigins = append(allowedOrigins, trimVal)
-				break
+	if val, ok := envData[constants.EnvKeyAllowedOrigins]; !ok || val == "" {
+		envData[constants.EnvKeyAllowedOrigins] = osAllowedOrigins
+		if envData[constants.EnvKeyAllowedOrigins] == "" {
+			envData[constants.EnvKeyAllowedOrigins] = "*"
 		}
 	}
+	if osAllowedOrigins != "" && envData[constants.EnvKeyAllowedOrigins] != osAllowedOrigins {
+		envData[constants.EnvKeyAllowedOrigins] = osAllowedOrigins
 	}
 
-	if len(allowedOrigins) > 1 && hasWildCard {
-		allowedOrigins = []string{"*"}
+	if val, ok := envData[constants.EnvKeyRoles]; !ok || val == "" {
+		envData[constants.EnvKeyRoles] = osRoles
+		if envData[constants.EnvKeyRoles] == "" {
+			envData[constants.EnvKeyRoles] = "user"
+		}
+	}
+	if osRoles != "" && envData[constants.EnvKeyRoles] != osRoles {
+		envData[constants.EnvKeyRoles] = osRoles
+	}
+	roles := strings.Split(envData[constants.EnvKeyRoles].(string), ",")
+
+	if val, ok := envData[constants.EnvKeyDefaultRoles]; !ok || val == "" {
+		envData[constants.EnvKeyDefaultRoles] = osDefaultRoles
+		if envData[constants.EnvKeyDefaultRoles] == "" {
+			envData[constants.EnvKeyDefaultRoles] = "user"
+		}
+	}
+	if osDefaultRoles != "" && envData[constants.EnvKeyDefaultRoles] != osDefaultRoles {
+		envData[constants.EnvKeyDefaultRoles] = osDefaultRoles
+	}
+	defaultRoles := strings.Split(envData[constants.EnvKeyDefaultRoles].(string), ",")
+	if len(defaultRoles) == 0 {
+		defaultRoles = []string{roles[0]}
 	}
 
-	if len(allowedOrigins) == 0 {
-		allowedOrigins = []string{"*"}
-	}
-
-	envData.SliceEnv[constants.EnvKeyAllowedOrigins] = allowedOrigins
-
-	rolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyRoles))
-	rolesSplit := strings.Split(rolesEnv, ",")
-	roles := []string{}
-	if len(rolesEnv) == 0 {
-		roles = []string{"user"}
-	}
-
-	defaultRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyDefaultRoles))
-	defaultRoleSplit := strings.Split(defaultRolesEnv, ",")
-	defaultRoles := []string{}
-
-	if len(defaultRolesEnv) == 0 {
-		defaultRoles = []string{"user"}
-	}
-
-	protectedRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyProtectedRoles))
-	protectedRolesSplit := strings.Split(protectedRolesEnv, ",")
-	protectedRoles := []string{}
-
-	if len(protectedRolesEnv) > 0 {
-		for _, val := range protectedRolesSplit {
-			trimVal := strings.TrimSpace(val)
-			protectedRoles = append(protectedRoles, trimVal)
+	for _, role := range defaultRoles {
+		if !utils.StringSliceContains(roles, role) {
+			return fmt.Errorf("Default role %s is not defined in roles", role)
 		}
 	}
 
-	for _, val := range rolesSplit {
-		trimVal := strings.TrimSpace(val)
-		if trimVal != "" {
-			roles = append(roles, trimVal)
-			if utils.StringSliceContains(defaultRoleSplit, trimVal) {
-				defaultRoles = append(defaultRoles, trimVal)
-			}
+	if val, ok := envData[constants.EnvKeyProtectedRoles]; !ok || val == "" {
+		envData[constants.EnvKeyProtectedRoles] = osProtectedRoles
 	}
+	if osProtectedRoles != "" && envData[constants.EnvKeyProtectedRoles] != osProtectedRoles {
+		envData[constants.EnvKeyProtectedRoles] = osProtectedRoles
 	}
 
-	if len(roles) > 0 && len(defaultRoles) == 0 && len(defaultRolesEnv) > 0 {
-		log.Debug("Default roles not found in roles list. It can be one from ROLES only")
-		return errors.New(`invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`)
+	err = memorystore.Provider.UpdateEnvStore(envData)
+	if err != nil {
+		log.Debug("Error while updating env store: ", err)
+		return err
 	}
-
-	envData.SliceEnv[constants.EnvKeyRoles] = roles
-	envData.SliceEnv[constants.EnvKeyDefaultRoles] = defaultRoles
-	envData.SliceEnv[constants.EnvKeyProtectedRoles] = protectedRoles
-
-	if os.Getenv(constants.EnvKeyOrganizationName) != "" {
-		envData.StringEnv[constants.EnvKeyOrganizationName] = os.Getenv(constants.EnvKeyOrganizationName)
-	}
-
-	if os.Getenv(constants.EnvKeyOrganizationLogo) != "" {
-		envData.StringEnv[constants.EnvKeyOrganizationLogo] = os.Getenv(constants.EnvKeyOrganizationLogo)
-	}
-
-	envstore.EnvStoreObj.UpdateEnvStore(envData)
 	return nil
 }

server/env/persist_env.go

@@ -3,6 +3,7 @@ package env
 import (
 	"encoding/json"
 	"os"
+	"reflect"
 	"strconv"
 	"strings"
 
@@ -13,13 +14,50 @@ import (
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
+func fixBackwardCompatibility(data map[string]interface{}) (bool, map[string]interface{}) {
+	result := data
+	// check if env data is stored in older format
+	hasOlderFormat := false
+	if _, ok := result["bool_env"]; ok {
+		for key, value := range result["bool_env"].(map[string]interface{}) {
+			result[key] = value
+		}
+		hasOlderFormat = true
+		delete(result, "bool_env")
+	}
+
+	if _, ok := result["string_env"]; ok {
+		for key, value := range result["string_env"].(map[string]interface{}) {
+			result[key] = value
+		}
+		hasOlderFormat = true
+		delete(result, "string_env")
+	}
+
+	if _, ok := result["slice_env"]; ok {
+		for key, value := range result["slice_env"].(map[string]interface{}) {
+			typeOfValue := reflect.TypeOf(value)
+			if strings.Contains(typeOfValue.String(), "[]string") {
+				result[key] = strings.Join(value.([]string), ",")
+			}
+			if strings.Contains(typeOfValue.String(), "[]interface") {
+				result[key] = strings.Join(utils.ConvertInterfaceToStringSlice(value), ",")
+			}
+		}
+		hasOlderFormat = true
+		delete(result, "slice_env")
+	}
+
+	return hasOlderFormat, result
+}
+
 // GetEnvData returns the env data from database
-func GetEnvData() (envstore.Store, error) {
-	var result envstore.Store
+func GetEnvData() (map[string]interface{}, error) {
+	var result map[string]interface{}
 	env, err := db.Provider.GetEnv()
 	// config not found in db
 	if err != nil {
@@ -34,7 +72,7 @@ func GetEnvData() (envstore.Store, error) {
 		return result, err
 	}
 
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
+	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
 
 	b64DecryptedConfig, err := crypto.DecryptB64(env.EnvData)
 	if err != nil {
@@ -54,6 +92,17 @@ func GetEnvData() (envstore.Store, error) {
 		return result, err
 	}
 
+	hasOlderFormat, result := fixBackwardCompatibility(result)
+
+	if hasOlderFormat {
+		err = memorystore.Provider.UpdateEnvStore(result)
+		if err != nil {
+			log.Debug("Error while updating env store: ", err)
+			return result, err
+		}
+
+	}
+
 	return result, err
 }
 
@@ -64,10 +113,20 @@ func PersistEnv() error {
 	if err != nil {
 		// AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid
 		hash := uuid.New().String()[:36-4]
-		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, hash)
+		err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, hash)
+		if err != nil {
+			log.Debug("Error while updating encryption env variable: ", err)
+			return err
+		}
 		encodedHash := crypto.EncryptB64(hash)
 
-		encryptedConfig, err := crypto.EncryptEnvData(envstore.EnvStoreObj.GetEnvStoreClone())
+		res, err := memorystore.Provider.GetEnvStore()
+		if err != nil {
+			log.Debug("Error while getting env store: ", err)
+			return err
+		}
+
+		encryptedConfig, err := crypto.EncryptEnvData(res)
 		if err != nil {
 			log.Debug("Error while encrypting env data: ", err)
 			return err
@@ -93,7 +152,7 @@ func PersistEnv() error {
 			return err
 		}
 
-		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
+		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
 
 		b64DecryptedConfig, err := crypto.DecryptB64(env.EnvData)
 		if err != nil {
@@ -108,7 +167,7 @@ func PersistEnv() error {
 		}
 
 		// temp store variable
-		var storeData envstore.Store
+		storeData := map[string]interface{}{}
 
 		err = json.Unmarshal(decryptedConfigs, &storeData)
 		if err != nil {
@@ -116,75 +175,73 @@ func PersistEnv() error {
 			return err
 		}
 
+		hasOlderFormat, result := fixBackwardCompatibility(storeData)
+		if hasOlderFormat {
+			err = memorystore.Provider.UpdateEnvStore(result)
+			if err != nil {
+				log.Debug("Error while updating env store: ", err)
+				return err
+			}
+
+		}
+
 		// if env is changed via env file or OS env
 		// give that higher preference and update db, but we don't recommend it
 
 		hasChanged := false
-
-		for key, value := range storeData.StringEnv {
+		for key, value := range storeData {
 			// don't override unexposed envs
-			if key != constants.EnvKeyEncryptionKey {
 			// check only for derivative keys
 			// No need to check for ENCRYPTION_KEY which special key we use for encrypting config data
 			// as we have removed it from json
+			if key != constants.EnvKeyEncryptionKey {
 				envValue := strings.TrimSpace(os.Getenv(key))
-
-				// env is not empty
 				if envValue != "" {
-					if value != envValue {
-						storeData.StringEnv[key] = envValue
+					switch key {
+					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp, constants.EnvKeyDisableRedisForEnv:
+						if envValueBool, err := strconv.ParseBool(envValue); err == nil {
+							if value.(bool) != envValueBool {
+								storeData[key] = envValueBool
 								hasChanged = true
 							}
 						}
-			}
-		}
-
-		for key, value := range storeData.BoolEnv {
-			envValue := strings.TrimSpace(os.Getenv(key))
-			// env is not empty
-			if envValue != "" {
-				envValueBool, _ := strconv.ParseBool(envValue)
-				if value != envValueBool {
-					storeData.BoolEnv[key] = envValueBool
+					default:
+						if value != nil && value.(string) != envValue {
+							storeData[key] = envValue
 							hasChanged = true
 						}
 					}
 				}
-
-		for key, value := range storeData.SliceEnv {
-			envValue := strings.TrimSpace(os.Getenv(key))
-			// env is not empty
-			if envValue != "" {
-				envStringArr := strings.Split(envValue, ",")
-				if !utils.IsStringArrayEqual(value, envStringArr) {
-					storeData.SliceEnv[key] = envStringArr
-					hasChanged = true
-				}
 			}
 		}
 
 		// handle derivative cases like disabling email verification & magic login
 		// in case SMTP is off but env is set to true
-		if storeData.StringEnv[constants.EnvKeySmtpHost] == "" || storeData.StringEnv[constants.EnvKeySmtpUsername] == "" || storeData.StringEnv[constants.EnvKeySmtpPassword] == "" || storeData.StringEnv[constants.EnvKeySenderEmail] == "" && storeData.StringEnv[constants.EnvKeySmtpPort] == "" {
-			if !storeData.BoolEnv[constants.EnvKeyDisableEmailVerification] {
-				storeData.BoolEnv[constants.EnvKeyDisableEmailVerification] = true
+		if storeData[constants.EnvKeySmtpHost] == "" || storeData[constants.EnvKeySmtpUsername] == "" || storeData[constants.EnvKeySmtpPassword] == "" || storeData[constants.EnvKeySenderEmail] == "" && storeData[constants.EnvKeySmtpPort] == "" {
+			if !storeData[constants.EnvKeyDisableEmailVerification].(bool) {
+				storeData[constants.EnvKeyDisableEmailVerification] = true
 				hasChanged = true
 			}
 
-			if !storeData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] {
-				storeData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
+			if !storeData[constants.EnvKeyDisableMagicLinkLogin].(bool) {
+				storeData[constants.EnvKeyDisableMagicLinkLogin] = true
 				hasChanged = true
 			}
 		}
 
-		envstore.EnvStoreObj.UpdateEnvStore(storeData)
+		err = memorystore.Provider.UpdateEnvStore(storeData)
+		if err != nil {
+			log.Debug("Error while updating env store: ", err)
+			return err
+		}
+
 		jwk, err := crypto.GenerateJWKBasedOnEnv()
 		if err != nil {
 			log.Debug("Error while generating JWK: ", err)
 			return err
 		}
 		// updating jwk
-		envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJWK, jwk)
+		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyJWK, jwk)
 
 		if hasChanged {
 			encryptedConfig, err := crypto.EncryptEnvData(storeData)

server/envstore/store.go

@@ -1,122 +0,0 @@
-package envstore
-
-import (
-	"sync"
-
-	"github.com/authorizerdev/authorizer/server/constants"
-)
-
-var (
-	// ARG_DB_URL is the cli arg variable for the database url
-	ARG_DB_URL *string
-	// ARG_DB_TYPE is the cli arg variable for the database type
-	ARG_DB_TYPE *string
-	// ARG_ENV_FILE is the cli arg variable for the env file
-	ARG_ENV_FILE *string
-	// ARG_LOG_LEVEL is the cli arg variable for the log level
-	ARG_LOG_LEVEL *string
-)
-
-// Store data structure
-type Store struct {
-	StringEnv map[string]string   `json:"string_env"`
-	BoolEnv   map[string]bool     `json:"bool_env"`
-	SliceEnv  map[string][]string `json:"slice_env"`
-}
-
-// EnvStore struct
-type EnvStore struct {
-	mutex sync.Mutex
-	store *Store
-}
-
-var defaultStore = &EnvStore{
-	store: &Store{
-		StringEnv: map[string]string{
-			constants.EnvKeyAdminCookieName:  "authorizer-admin",
-			constants.EnvKeyJwtRoleClaim:     "role",
-			constants.EnvKeyOrganizationName: "Authorizer",
-			constants.EnvKeyOrganizationLogo: "https://www.authorizer.dev/images/logo.png",
-		},
-		BoolEnv: map[string]bool{
-			constants.EnvKeyDisableBasicAuthentication: false,
-			constants.EnvKeyDisableMagicLinkLogin:      false,
-			constants.EnvKeyDisableEmailVerification:   false,
-			constants.EnvKeyDisableLoginPage:           false,
-			constants.EnvKeyDisableSignUp:              false,
-		},
-		SliceEnv: map[string][]string{},
-	},
-}
-
-// EnvStoreObj.GetBoolStoreEnvVariable global variable for EnvStore
-var EnvStoreObj = defaultStore
-
-// UpdateEnvStore to update the whole env store object
-func (e *EnvStore) UpdateEnvStore(store Store) {
-	e.mutex.Lock()
-	defer e.mutex.Unlock()
-	// just override the keys + new keys
-
-	for key, value := range store.StringEnv {
-		e.store.StringEnv[key] = value
-	}
-
-	for key, value := range store.BoolEnv {
-		e.store.BoolEnv[key] = value
-	}
-
-	for key, value := range store.SliceEnv {
-		e.store.SliceEnv[key] = value
-	}
-}
-
-// UpdateEnvVariable to update the particular env variable
-func (e *EnvStore) UpdateEnvVariable(storeIdentifier, key string, value interface{}) {
-	e.mutex.Lock()
-	defer e.mutex.Unlock()
-	switch storeIdentifier {
-	case constants.StringStoreIdentifier:
-		e.store.StringEnv[key] = value.(string)
-	case constants.BoolStoreIdentifier:
-		e.store.BoolEnv[key] = value.(bool)
-	case constants.SliceStoreIdentifier:
-		e.store.SliceEnv[key] = value.([]string)
-	}
-}
-
-// GetStringStoreEnvVariable to get the env variable from string store object
-func (e *EnvStore) GetStringStoreEnvVariable(key string) string {
-	// e.mutex.Lock()
-	// defer e.mutex.Unlock()
-	return e.store.StringEnv[key]
-}
-
-// GetBoolStoreEnvVariable to get the env variable from bool store object
-func (e *EnvStore) GetBoolStoreEnvVariable(key string) bool {
-	// e.mutex.Lock()
-	// defer e.mutex.Unlock()
-	return e.store.BoolEnv[key]
-}
-
-// GetSliceStoreEnvVariable to get the env variable from slice store object
-func (e *EnvStore) GetSliceStoreEnvVariable(key string) []string {
-	// e.mutex.Lock()
-	// defer e.mutex.Unlock()
-	return e.store.SliceEnv[key]
-}
-
-// GetEnvStoreClone to get clone of current env store object
-func (e *EnvStore) GetEnvStoreClone() Store {
-	e.mutex.Lock()
-	defer e.mutex.Unlock()
-
-	result := *e.store
-	return result
-}
-
-func (e *EnvStore) ResetStore() {
-	e.mutex.Lock()
-	defer e.mutex.Unlock()
-	e.store = defaultStore.store
-}

server/go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.0
 	github.com/ugorji/go v1.2.6 // indirect
 	github.com/vektah/gqlparser/v2 v2.2.0

server/graph/generated/generated.go

@@ -57,9 +57,10 @@ type ComplexityRoot struct {
 		AdminSecret                func(childComplexity int) int
 		AllowedOrigins             func(childComplexity int) int
 		AppURL                     func(childComplexity int) int
+		AppleClientID              func(childComplexity int) int
+		AppleClientSecret          func(childComplexity int) int
 		ClientID                   func(childComplexity int) int
 		ClientSecret               func(childComplexity int) int
-		CookieName                 func(childComplexity int) int
 		CustomAccessTokenScript    func(childComplexity int) int
 		DatabaseHost               func(childComplexity int) int
 		DatabaseName               func(childComplexity int) int
@@ -73,6 +74,7 @@ type ComplexityRoot struct {
 		DisableEmailVerification   func(childComplexity int) int
 		DisableLoginPage           func(childComplexity int) int
 		DisableMagicLinkLogin      func(childComplexity int) int
+		DisableRedisForEnv         func(childComplexity int) int
 		DisableSignUp              func(childComplexity int) int
 		FacebookClientID           func(childComplexity int) int
 		FacebookClientSecret       func(childComplexity int) int
@@ -85,6 +87,8 @@ type ComplexityRoot struct {
 		JwtRoleClaim               func(childComplexity int) int
 		JwtSecret                  func(childComplexity int) int
 		JwtType                    func(childComplexity int) int
+		LinkedinClientID           func(childComplexity int) int
+		LinkedinClientSecret       func(childComplexity int) int
 		OrganizationLogo           func(childComplexity int) int
 		OrganizationName           func(childComplexity int) int
 		ProtectedRoles             func(childComplexity int) int
@@ -111,11 +115,13 @@ type ComplexityRoot struct {
 
 	Meta struct {
 		ClientID                     func(childComplexity int) int
+		IsAppleLoginEnabled          func(childComplexity int) int
 		IsBasicAuthenticationEnabled func(childComplexity int) int
 		IsEmailVerificationEnabled   func(childComplexity int) int
 		IsFacebookLoginEnabled       func(childComplexity int) int
 		IsGithubLoginEnabled         func(childComplexity int) int
 		IsGoogleLoginEnabled         func(childComplexity int) int
+		IsLinkedinLoginEnabled       func(childComplexity int) int
 		IsMagicLinkLoginEnabled      func(childComplexity int) int
 		IsSignUpEnabled              func(childComplexity int) int
 		Version                      func(childComplexity int) int
@@ -332,6 +338,20 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.AppURL(childComplexity), true
 
+	case "Env.APPLE_CLIENT_ID":
+		if e.complexity.Env.AppleClientID == nil {
+			break
+		}
+
+		return e.complexity.Env.AppleClientID(childComplexity), true
+
+	case "Env.APPLE_CLIENT_SECRET":
+		if e.complexity.Env.AppleClientSecret == nil {
+			break
+		}
+
+		return e.complexity.Env.AppleClientSecret(childComplexity), true
+
 	case "Env.CLIENT_ID":
 		if e.complexity.Env.ClientID == nil {
 			break
@@ -346,13 +366,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.ClientSecret(childComplexity), true
 
-	case "Env.COOKIE_NAME":
-		if e.complexity.Env.CookieName == nil {
-			break
-		}
-
-		return e.complexity.Env.CookieName(childComplexity), true
-
 	case "Env.CUSTOM_ACCESS_TOKEN_SCRIPT":
 		if e.complexity.Env.CustomAccessTokenScript == nil {
 			break
@@ -444,6 +457,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.DisableMagicLinkLogin(childComplexity), true
 
+	case "Env.DISABLE_REDIS_FOR_ENV":
+		if e.complexity.Env.DisableRedisForEnv == nil {
+			break
+		}
+
+		return e.complexity.Env.DisableRedisForEnv(childComplexity), true
+
 	case "Env.DISABLE_SIGN_UP":
 		if e.complexity.Env.DisableSignUp == nil {
 			break
@@ -528,6 +548,20 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.JwtType(childComplexity), true
 
+	case "Env.LINKEDIN_CLIENT_ID":
+		if e.complexity.Env.LinkedinClientID == nil {
+			break
+		}
+
+		return e.complexity.Env.LinkedinClientID(childComplexity), true
+
+	case "Env.LINKEDIN_CLIENT_SECRET":
+		if e.complexity.Env.LinkedinClientSecret == nil {
+			break
+		}
+
+		return e.complexity.Env.LinkedinClientSecret(childComplexity), true
+
 	case "Env.ORGANIZATION_LOGO":
 		if e.complexity.Env.OrganizationLogo == nil {
 			break
@@ -647,6 +681,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Meta.ClientID(childComplexity), true
 
+	case "Meta.is_apple_login_enabled":
+		if e.complexity.Meta.IsAppleLoginEnabled == nil {
+			break
+		}
+
+		return e.complexity.Meta.IsAppleLoginEnabled(childComplexity), true
+
 	case "Meta.is_basic_authentication_enabled":
 		if e.complexity.Meta.IsBasicAuthenticationEnabled == nil {
 			break
@@ -682,6 +723,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Meta.IsGoogleLoginEnabled(childComplexity), true
 
+	case "Meta.is_linkedin_login_enabled":
+		if e.complexity.Meta.IsLinkedinLoginEnabled == nil {
+			break
+		}
+
+		return e.complexity.Meta.IsLinkedinLoginEnabled(childComplexity), true
+
 	case "Meta.is_magic_link_login_enabled":
 		if e.complexity.Meta.IsMagicLinkLoginEnabled == nil {
 			break
@@ -1352,6 +1400,8 @@ type Meta {
 	is_google_login_enabled: Boolean!
 	is_facebook_login_enabled: Boolean!
 	is_github_login_enabled: Boolean!
+	is_linkedin_login_enabled: Boolean!
+	is_apple_login_enabled: Boolean!
 	is_email_verification_enabled: Boolean!
 	is_basic_authentication_enabled: Boolean!
 	is_magic_link_login_enabled: Boolean!
@@ -1423,13 +1473,13 @@ type Response {
 type Env {
 	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
-	DATABASE_NAME: String!
-	DATABASE_URL: String!
-	DATABASE_TYPE: String!
-	DATABASE_USERNAME: String!
-	DATABASE_PASSWORD: String!
-	DATABASE_HOST: String!
-	DATABASE_PORT: String!
+	DATABASE_NAME: String
+	DATABASE_URL: String
+	DATABASE_TYPE: String
+	DATABASE_USERNAME: String
+	DATABASE_PASSWORD: String
+	DATABASE_HOST: String
+	DATABASE_PORT: String
 	CLIENT_ID: String!
 	CLIENT_SECRET: String!
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
@@ -1445,13 +1495,13 @@ type Env {
 	ALLOWED_ORIGINS: [String!]
 	APP_URL: String
 	REDIS_URL: String
-	COOKIE_NAME: String
 	RESET_PASSWORD_URL: String
-	DISABLE_EMAIL_VERIFICATION: Boolean
-	DISABLE_BASIC_AUTHENTICATION: Boolean
-	DISABLE_MAGIC_LINK_LOGIN: Boolean
-	DISABLE_LOGIN_PAGE: Boolean
-	DISABLE_SIGN_UP: Boolean
+	DISABLE_EMAIL_VERIFICATION: Boolean!
+	DISABLE_BASIC_AUTHENTICATION: Boolean!
+	DISABLE_MAGIC_LINK_LOGIN: Boolean!
+	DISABLE_LOGIN_PAGE: Boolean!
+	DISABLE_SIGN_UP: Boolean!
+	DISABLE_REDIS_FOR_ENV: Boolean!
 	ROLES: [String!]
 	PROTECTED_ROLES: [String!]
 	DEFAULT_ROLES: [String!]
@@ -1462,6 +1512,10 @@ type Env {
 	GITHUB_CLIENT_SECRET: String
 	FACEBOOK_CLIENT_ID: String
 	FACEBOOK_CLIENT_SECRET: String
+	LINKEDIN_CLIENT_ID: String
+	LINKEDIN_CLIENT_SECRET: String
+	APPLE_CLIENT_ID: String
+	APPLE_CLIENT_SECRET: String
 	ORGANIZATION_NAME: String
 	ORGANIZATION_LOGO: String
 }
@@ -1492,14 +1546,13 @@ input UpdateEnvInput {
 	JWT_PUBLIC_KEY: String
 	ALLOWED_ORIGINS: [String!]
 	APP_URL: String
-	REDIS_URL: String
-	COOKIE_NAME: String
 	RESET_PASSWORD_URL: String
 	DISABLE_EMAIL_VERIFICATION: Boolean
 	DISABLE_BASIC_AUTHENTICATION: Boolean
 	DISABLE_MAGIC_LINK_LOGIN: Boolean
 	DISABLE_LOGIN_PAGE: Boolean
 	DISABLE_SIGN_UP: Boolean
+	DISABLE_REDIS_FOR_ENV: Boolean
 	ROLES: [String!]
 	PROTECTED_ROLES: [String!]
 	DEFAULT_ROLES: [String!]
@@ -1510,6 +1563,10 @@ input UpdateEnvInput {
 	GITHUB_CLIENT_SECRET: String
 	FACEBOOK_CLIENT_ID: String
 	FACEBOOK_CLIENT_SECRET: String
+	LINKEDIN_CLIENT_ID: String
+	LINKEDIN_CLIENT_SECRET: String
+	APPLE_CLIENT_ID: String
+	APPLE_CLIENT_SECRET: String
 	ORGANIZATION_NAME: String
 	ORGANIZATION_LOGO: String
 }
@@ -2356,14 +2413,11 @@ func (ec *executionContext) _Env_DATABASE_NAME(ctx context.Context, field graphq
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DATABASE_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -2391,14 +2445,11 @@ func (ec *executionContext) _Env_DATABASE_URL(ctx context.Context, field graphql
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DATABASE_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -2426,14 +2477,11 @@ func (ec *executionContext) _Env_DATABASE_TYPE(ctx context.Context, field graphq
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DATABASE_USERNAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -2461,14 +2509,11 @@ func (ec *executionContext) _Env_DATABASE_USERNAME(ctx context.Context, field gr
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DATABASE_PASSWORD(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -2496,14 +2541,11 @@ func (ec *executionContext) _Env_DATABASE_PASSWORD(ctx context.Context, field gr
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DATABASE_HOST(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -2531,14 +2573,11 @@ func (ec *executionContext) _Env_DATABASE_HOST(ctx context.Context, field graphq
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DATABASE_PORT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -2566,14 +2605,11 @@ func (ec *executionContext) _Env_DATABASE_PORT(ctx context.Context, field graphq
 		return graphql.Null
 	}
 	if resTmp == nil {
-		if !graphql.HasFieldError(ctx, fc) {
-			ec.Errorf(ctx, "must not be null")
-		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -3062,38 +3098,6 @@ func (ec *executionContext) _Env_REDIS_URL(ctx context.Context, field graphql.Co
 	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
-func (ec *executionContext) _Env_COOKIE_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
-	defer func() {
-		if r := recover(); r != nil {
-			ec.Error(ctx, ec.Recover(ctx, r))
-			ret = graphql.Null
-		}
-	}()
-	fc := &graphql.FieldContext{
-		Object:     "Env",
-		Field:      field,
-		Args:       nil,
-		IsMethod:   false,
-		IsResolver: false,
-	}
-
-	ctx = graphql.WithFieldContext(ctx, fc)
-	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
-		ctx = rctx // use context from middleware stack in children
-		return obj.CookieName, nil
-	})
-	if err != nil {
-		ec.Error(ctx, err)
-		return graphql.Null
-	}
-	if resTmp == nil {
-		return graphql.Null
-	}
-	res := resTmp.(*string)
-	fc.Result = res
-	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
-}
-
 func (ec *executionContext) _Env_RESET_PASSWORD_URL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
 	defer func() {
 		if r := recover(); r != nil {
@@ -3151,11 +3155,14 @@ func (ec *executionContext) _Env_DISABLE_EMAIL_VERIFICATION(ctx context.Context,
 		return graphql.Null
 	}
 	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
 		return graphql.Null
 	}
-	res := resTmp.(*bool)
+	res := resTmp.(bool)
 	fc.Result = res
-	return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res)
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DISABLE_BASIC_AUTHENTICATION(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -3183,11 +3190,14 @@ func (ec *executionContext) _Env_DISABLE_BASIC_AUTHENTICATION(ctx context.Contex
 		return graphql.Null
 	}
 	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
 		return graphql.Null
 	}
-	res := resTmp.(*bool)
+	res := resTmp.(bool)
 	fc.Result = res
-	return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res)
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DISABLE_MAGIC_LINK_LOGIN(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -3215,11 +3225,14 @@ func (ec *executionContext) _Env_DISABLE_MAGIC_LINK_LOGIN(ctx context.Context, f
 		return graphql.Null
 	}
 	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
 		return graphql.Null
 	}
-	res := resTmp.(*bool)
+	res := resTmp.(bool)
 	fc.Result = res
-	return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res)
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DISABLE_LOGIN_PAGE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -3247,11 +3260,14 @@ func (ec *executionContext) _Env_DISABLE_LOGIN_PAGE(ctx context.Context, field g
 		return graphql.Null
 	}
 	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
 		return graphql.Null
 	}
-	res := resTmp.(*bool)
+	res := resTmp.(bool)
 	fc.Result = res
-	return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res)
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_DISABLE_SIGN_UP(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -3279,11 +3295,49 @@ func (ec *executionContext) _Env_DISABLE_SIGN_UP(ctx context.Context, field grap
 		return graphql.Null
 	}
 	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
 		return graphql.Null
 	}
-	res := resTmp.(*bool)
+	res := resTmp.(bool)
 	fc.Result = res
-	return ec.marshalOBoolean2ᚖbool(ctx, field.Selections, res)
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) _Env_DISABLE_REDIS_FOR_ENV(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.DisableRedisForEnv, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(bool)
+	fc.Result = res
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
 }
 
 func (ec *executionContext) _Env_ROLES(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
@@ -3606,6 +3660,134 @@ func (ec *executionContext) _Env_FACEBOOK_CLIENT_SECRET(ctx context.Context, fie
 	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 
+func (ec *executionContext) _Env_LINKEDIN_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.LinkedinClientID, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(*string)
+	fc.Result = res
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) _Env_LINKEDIN_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.LinkedinClientSecret, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(*string)
+	fc.Result = res
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) _Env_APPLE_CLIENT_ID(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.AppleClientID, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(*string)
+	fc.Result = res
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) _Env_APPLE_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.AppleClientSecret, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(*string)
+	fc.Result = res
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
+}
+
 func (ec *executionContext) _Env_ORGANIZATION_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
 	defer func() {
 		if r := recover(); r != nil {
@@ -4011,6 +4193,76 @@ func (ec *executionContext) _Meta_is_github_login_enabled(ctx context.Context, f
 	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
 }
 
+func (ec *executionContext) _Meta_is_linkedin_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Meta",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.IsLinkedinLoginEnabled, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(bool)
+	fc.Result = res
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) _Meta_is_apple_login_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Meta",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.IsAppleLoginEnabled, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(bool)
+	fc.Result = res
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
+}
+
 func (ec *executionContext) _Meta_is_email_verification_enabled(ctx context.Context, field graphql.CollectedField, obj *model.Meta) (ret graphql.Marshaler) {
 	defer func() {
 		if r := recover(); r != nil {
@@ -8431,22 +8683,6 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 			if err != nil {
 				return it, err
 			}
-		case "REDIS_URL":
-			var err error
-
-			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("REDIS_URL"))
-			it.RedisURL, err = ec.unmarshalOString2ᚖstring(ctx, v)
-			if err != nil {
-				return it, err
-			}
-		case "COOKIE_NAME":
-			var err error
-
-			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("COOKIE_NAME"))
-			it.CookieName, err = ec.unmarshalOString2ᚖstring(ctx, v)
-			if err != nil {
-				return it, err
-			}
 		case "RESET_PASSWORD_URL":
 			var err error
 
@@ -8495,6 +8731,14 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 			if err != nil {
 				return it, err
 			}
+		case "DISABLE_REDIS_FOR_ENV":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DISABLE_REDIS_FOR_ENV"))
+			it.DisableRedisForEnv, err = ec.unmarshalOBoolean2ᚖbool(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		case "ROLES":
 			var err error
 
@@ -8575,6 +8819,38 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 			if err != nil {
 				return it, err
 			}
+		case "LINKEDIN_CLIENT_ID":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("LINKEDIN_CLIENT_ID"))
+			it.LinkedinClientID, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		case "LINKEDIN_CLIENT_SECRET":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("LINKEDIN_CLIENT_SECRET"))
+			it.LinkedinClientSecret, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		case "APPLE_CLIENT_ID":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APPLE_CLIENT_ID"))
+			it.AppleClientID, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		case "APPLE_CLIENT_SECRET":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APPLE_CLIENT_SECRET"))
+			it.AppleClientSecret, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		case "ORGANIZATION_NAME":
 			var err error
 
@@ -8943,39 +9219,18 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 			out.Values[i] = ec._Env_ADMIN_SECRET(ctx, field, obj)
 		case "DATABASE_NAME":
 			out.Values[i] = ec._Env_DATABASE_NAME(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "DATABASE_URL":
 			out.Values[i] = ec._Env_DATABASE_URL(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "DATABASE_TYPE":
 			out.Values[i] = ec._Env_DATABASE_TYPE(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "DATABASE_USERNAME":
 			out.Values[i] = ec._Env_DATABASE_USERNAME(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "DATABASE_PASSWORD":
 			out.Values[i] = ec._Env_DATABASE_PASSWORD(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "DATABASE_HOST":
 			out.Values[i] = ec._Env_DATABASE_HOST(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "DATABASE_PORT":
 			out.Values[i] = ec._Env_DATABASE_PORT(ctx, field, obj)
-			if out.Values[i] == graphql.Null {
-				invalids++
-			}
 		case "CLIENT_ID":
 			out.Values[i] = ec._Env_CLIENT_ID(ctx, field, obj)
 			if out.Values[i] == graphql.Null {
@@ -9012,20 +9267,38 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 			out.Values[i] = ec._Env_APP_URL(ctx, field, obj)
 		case "REDIS_URL":
 			out.Values[i] = ec._Env_REDIS_URL(ctx, field, obj)
-		case "COOKIE_NAME":
-			out.Values[i] = ec._Env_COOKIE_NAME(ctx, field, obj)
 		case "RESET_PASSWORD_URL":
 			out.Values[i] = ec._Env_RESET_PASSWORD_URL(ctx, field, obj)
 		case "DISABLE_EMAIL_VERIFICATION":
 			out.Values[i] = ec._Env_DISABLE_EMAIL_VERIFICATION(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		case "DISABLE_BASIC_AUTHENTICATION":
 			out.Values[i] = ec._Env_DISABLE_BASIC_AUTHENTICATION(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		case "DISABLE_MAGIC_LINK_LOGIN":
 			out.Values[i] = ec._Env_DISABLE_MAGIC_LINK_LOGIN(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		case "DISABLE_LOGIN_PAGE":
 			out.Values[i] = ec._Env_DISABLE_LOGIN_PAGE(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		case "DISABLE_SIGN_UP":
 			out.Values[i] = ec._Env_DISABLE_SIGN_UP(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
+		case "DISABLE_REDIS_FOR_ENV":
+			out.Values[i] = ec._Env_DISABLE_REDIS_FOR_ENV(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		case "ROLES":
 			out.Values[i] = ec._Env_ROLES(ctx, field, obj)
 		case "PROTECTED_ROLES":
@@ -9046,6 +9319,14 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 			out.Values[i] = ec._Env_FACEBOOK_CLIENT_ID(ctx, field, obj)
 		case "FACEBOOK_CLIENT_SECRET":
 			out.Values[i] = ec._Env_FACEBOOK_CLIENT_SECRET(ctx, field, obj)
+		case "LINKEDIN_CLIENT_ID":
+			out.Values[i] = ec._Env_LINKEDIN_CLIENT_ID(ctx, field, obj)
+		case "LINKEDIN_CLIENT_SECRET":
+			out.Values[i] = ec._Env_LINKEDIN_CLIENT_SECRET(ctx, field, obj)
+		case "APPLE_CLIENT_ID":
+			out.Values[i] = ec._Env_APPLE_CLIENT_ID(ctx, field, obj)
+		case "APPLE_CLIENT_SECRET":
+			out.Values[i] = ec._Env_APPLE_CLIENT_SECRET(ctx, field, obj)
 		case "ORGANIZATION_NAME":
 			out.Values[i] = ec._Env_ORGANIZATION_NAME(ctx, field, obj)
 		case "ORGANIZATION_LOGO":
@@ -9157,6 +9438,16 @@ func (ec *executionContext) _Meta(ctx context.Context, sel ast.SelectionSet, obj
 			if out.Values[i] == graphql.Null {
 				invalids++
 			}
+		case "is_linkedin_login_enabled":
+			out.Values[i] = ec._Meta_is_linkedin_login_enabled(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
+		case "is_apple_login_enabled":
+			out.Values[i] = ec._Meta_is_apple_login_enabled(ctx, field, obj)
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		case "is_email_verification_enabled":
 			out.Values[i] = ec._Meta_is_email_verification_enabled(ctx, field, obj)
 			if out.Values[i] == graphql.Null {

server/graph/model/models_gen.go

@@ -26,13 +26,13 @@ type DeleteUserInput struct {
 type Env struct {
 	AccessTokenExpiryTime      *string  `json:"ACCESS_TOKEN_EXPIRY_TIME"`
 	AdminSecret                *string  `json:"ADMIN_SECRET"`
-	DatabaseName               string   `json:"DATABASE_NAME"`
-	DatabaseURL                string   `json:"DATABASE_URL"`
-	DatabaseType               string   `json:"DATABASE_TYPE"`
-	DatabaseUsername           string   `json:"DATABASE_USERNAME"`
-	DatabasePassword           string   `json:"DATABASE_PASSWORD"`
-	DatabaseHost               string   `json:"DATABASE_HOST"`
-	DatabasePort               string   `json:"DATABASE_PORT"`
+	DatabaseName               *string  `json:"DATABASE_NAME"`
+	DatabaseURL                *string  `json:"DATABASE_URL"`
+	DatabaseType               *string  `json:"DATABASE_TYPE"`
+	DatabaseUsername           *string  `json:"DATABASE_USERNAME"`
+	DatabasePassword           *string  `json:"DATABASE_PASSWORD"`
+	DatabaseHost               *string  `json:"DATABASE_HOST"`
+	DatabasePort               *string  `json:"DATABASE_PORT"`
 	ClientID                   string   `json:"CLIENT_ID"`
 	ClientSecret               string   `json:"CLIENT_SECRET"`
 	CustomAccessTokenScript    *string  `json:"CUSTOM_ACCESS_TOKEN_SCRIPT"`
@@ -48,13 +48,13 @@ type Env struct {
 	AllowedOrigins             []string `json:"ALLOWED_ORIGINS"`
 	AppURL                     *string  `json:"APP_URL"`
 	RedisURL                   *string  `json:"REDIS_URL"`
-	CookieName                 *string  `json:"COOKIE_NAME"`
 	ResetPasswordURL           *string  `json:"RESET_PASSWORD_URL"`
-	DisableEmailVerification   *bool    `json:"DISABLE_EMAIL_VERIFICATION"`
-	DisableBasicAuthentication *bool    `json:"DISABLE_BASIC_AUTHENTICATION"`
-	DisableMagicLinkLogin      *bool    `json:"DISABLE_MAGIC_LINK_LOGIN"`
-	DisableLoginPage           *bool    `json:"DISABLE_LOGIN_PAGE"`
-	DisableSignUp              *bool    `json:"DISABLE_SIGN_UP"`
+	DisableEmailVerification   bool     `json:"DISABLE_EMAIL_VERIFICATION"`
+	DisableBasicAuthentication bool     `json:"DISABLE_BASIC_AUTHENTICATION"`
+	DisableMagicLinkLogin      bool     `json:"DISABLE_MAGIC_LINK_LOGIN"`
+	DisableLoginPage           bool     `json:"DISABLE_LOGIN_PAGE"`
+	DisableSignUp              bool     `json:"DISABLE_SIGN_UP"`
+	DisableRedisForEnv         bool     `json:"DISABLE_REDIS_FOR_ENV"`
 	Roles                      []string `json:"ROLES"`
 	ProtectedRoles             []string `json:"PROTECTED_ROLES"`
 	DefaultRoles               []string `json:"DEFAULT_ROLES"`
@@ -65,6 +65,10 @@ type Env struct {
 	GithubClientSecret         *string  `json:"GITHUB_CLIENT_SECRET"`
 	FacebookClientID           *string  `json:"FACEBOOK_CLIENT_ID"`
 	FacebookClientSecret       *string  `json:"FACEBOOK_CLIENT_SECRET"`
+	LinkedinClientID           *string  `json:"LINKEDIN_CLIENT_ID"`
+	LinkedinClientSecret       *string  `json:"LINKEDIN_CLIENT_SECRET"`
+	AppleClientID              *string  `json:"APPLE_CLIENT_ID"`
+	AppleClientSecret          *string  `json:"APPLE_CLIENT_SECRET"`
 	OrganizationName           *string  `json:"ORGANIZATION_NAME"`
 	OrganizationLogo           *string  `json:"ORGANIZATION_LOGO"`
 }
@@ -116,6 +120,8 @@ type Meta struct {
 	IsGoogleLoginEnabled         bool   `json:"is_google_login_enabled"`
 	IsFacebookLoginEnabled       bool   `json:"is_facebook_login_enabled"`
 	IsGithubLoginEnabled         bool   `json:"is_github_login_enabled"`
+	IsLinkedinLoginEnabled       bool   `json:"is_linkedin_login_enabled"`
+	IsAppleLoginEnabled          bool   `json:"is_apple_login_enabled"`
 	IsEmailVerificationEnabled   bool   `json:"is_email_verification_enabled"`
 	IsBasicAuthenticationEnabled bool   `json:"is_basic_authentication_enabled"`
 	IsMagicLinkLoginEnabled      bool   `json:"is_magic_link_login_enabled"`
@@ -199,14 +205,13 @@ type UpdateEnvInput struct {
 	JwtPublicKey               *string  `json:"JWT_PUBLIC_KEY"`
 	AllowedOrigins             []string `json:"ALLOWED_ORIGINS"`
 	AppURL                     *string  `json:"APP_URL"`
-	RedisURL                   *string  `json:"REDIS_URL"`
-	CookieName                 *string  `json:"COOKIE_NAME"`
 	ResetPasswordURL           *string  `json:"RESET_PASSWORD_URL"`
 	DisableEmailVerification   *bool    `json:"DISABLE_EMAIL_VERIFICATION"`
 	DisableBasicAuthentication *bool    `json:"DISABLE_BASIC_AUTHENTICATION"`
 	DisableMagicLinkLogin      *bool    `json:"DISABLE_MAGIC_LINK_LOGIN"`
 	DisableLoginPage           *bool    `json:"DISABLE_LOGIN_PAGE"`
 	DisableSignUp              *bool    `json:"DISABLE_SIGN_UP"`
+	DisableRedisForEnv         *bool    `json:"DISABLE_REDIS_FOR_ENV"`
 	Roles                      []string `json:"ROLES"`
 	ProtectedRoles             []string `json:"PROTECTED_ROLES"`
 	DefaultRoles               []string `json:"DEFAULT_ROLES"`
@@ -217,6 +222,10 @@ type UpdateEnvInput struct {
 	GithubClientSecret         *string  `json:"GITHUB_CLIENT_SECRET"`
 	FacebookClientID           *string  `json:"FACEBOOK_CLIENT_ID"`
 	FacebookClientSecret       *string  `json:"FACEBOOK_CLIENT_SECRET"`
+	LinkedinClientID           *string  `json:"LINKEDIN_CLIENT_ID"`
+	LinkedinClientSecret       *string  `json:"LINKEDIN_CLIENT_SECRET"`
+	AppleClientID              *string  `json:"APPLE_CLIENT_ID"`
+	AppleClientSecret          *string  `json:"APPLE_CLIENT_SECRET"`
 	OrganizationName           *string  `json:"ORGANIZATION_NAME"`
 	OrganizationLogo           *string  `json:"ORGANIZATION_LOGO"`
 }

server/graph/schema.graphqls

@@ -18,6 +18,8 @@ type Meta {
 	is_google_login_enabled: Boolean!
 	is_facebook_login_enabled: Boolean!
 	is_github_login_enabled: Boolean!
+	is_linkedin_login_enabled: Boolean!
+	is_apple_login_enabled: Boolean!
 	is_email_verification_enabled: Boolean!
 	is_basic_authentication_enabled: Boolean!
 	is_magic_link_login_enabled: Boolean!
@@ -89,13 +91,13 @@ type Response {
 type Env {
 	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
-	DATABASE_NAME: String!
-	DATABASE_URL: String!
-	DATABASE_TYPE: String!
-	DATABASE_USERNAME: String!
-	DATABASE_PASSWORD: String!
-	DATABASE_HOST: String!
-	DATABASE_PORT: String!
+	DATABASE_NAME: String
+	DATABASE_URL: String
+	DATABASE_TYPE: String
+	DATABASE_USERNAME: String
+	DATABASE_PASSWORD: String
+	DATABASE_HOST: String
+	DATABASE_PORT: String
 	CLIENT_ID: String!
 	CLIENT_SECRET: String!
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
@@ -111,13 +113,13 @@ type Env {
 	ALLOWED_ORIGINS: [String!]
 	APP_URL: String
 	REDIS_URL: String
-	COOKIE_NAME: String
 	RESET_PASSWORD_URL: String
-	DISABLE_EMAIL_VERIFICATION: Boolean
-	DISABLE_BASIC_AUTHENTICATION: Boolean
-	DISABLE_MAGIC_LINK_LOGIN: Boolean
-	DISABLE_LOGIN_PAGE: Boolean
-	DISABLE_SIGN_UP: Boolean
+	DISABLE_EMAIL_VERIFICATION: Boolean!
+	DISABLE_BASIC_AUTHENTICATION: Boolean!
+	DISABLE_MAGIC_LINK_LOGIN: Boolean!
+	DISABLE_LOGIN_PAGE: Boolean!
+	DISABLE_SIGN_UP: Boolean!
+	DISABLE_REDIS_FOR_ENV: Boolean!
 	ROLES: [String!]
 	PROTECTED_ROLES: [String!]
 	DEFAULT_ROLES: [String!]
@@ -128,6 +130,10 @@ type Env {
 	GITHUB_CLIENT_SECRET: String
 	FACEBOOK_CLIENT_ID: String
 	FACEBOOK_CLIENT_SECRET: String
+	LINKEDIN_CLIENT_ID: String
+	LINKEDIN_CLIENT_SECRET: String
+	APPLE_CLIENT_ID: String
+	APPLE_CLIENT_SECRET: String
 	ORGANIZATION_NAME: String
 	ORGANIZATION_LOGO: String
 }
@@ -158,14 +164,13 @@ input UpdateEnvInput {
 	JWT_PUBLIC_KEY: String
 	ALLOWED_ORIGINS: [String!]
 	APP_URL: String
-	REDIS_URL: String
-	COOKIE_NAME: String
 	RESET_PASSWORD_URL: String
 	DISABLE_EMAIL_VERIFICATION: Boolean
 	DISABLE_BASIC_AUTHENTICATION: Boolean
 	DISABLE_MAGIC_LINK_LOGIN: Boolean
 	DISABLE_LOGIN_PAGE: Boolean
 	DISABLE_SIGN_UP: Boolean
+	DISABLE_REDIS_FOR_ENV: Boolean
 	ROLES: [String!]
 	PROTECTED_ROLES: [String!]
 	DEFAULT_ROLES: [String!]
@@ -176,6 +181,10 @@ input UpdateEnvInput {
 	GITHUB_CLIENT_SECRET: String
 	FACEBOOK_CLIENT_ID: String
 	FACEBOOK_CLIENT_SECRET: String
+	LINKEDIN_CLIENT_ID: String
+	LINKEDIN_CLIENT_SECRET: String
+	APPLE_CLIENT_ID: String
+	APPLE_CLIENT_SECRET: String
 	ORGANIZATION_NAME: String
 	ORGANIZATION_LOGO: String
 }

server/handlers/app.go

@@ -8,8 +8,9 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // State is the struct that holds authorizer url and redirect url
@@ -22,8 +23,8 @@ type State struct {
 // AppHandler is the handler for the /app route
 func AppHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		hostname := utils.GetHost(c)
-		if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage) {
+		hostname := parsers.GetHost(c)
+		if isLoginPageDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage); err != nil || isLoginPageDisabled {
 			log.Debug("Login page is disabled")
 			c.JSON(400, gin.H{"error": "login page is not enabled"})
 			return
@@ -44,7 +45,7 @@ func AppHandler() gin.HandlerFunc {
 			redirect_uri = hostname + "/app"
 		} else {
 			// validate redirect url with allowed origins
-			if !utils.IsValidOrigin(redirect_uri) {
+			if !validators.IsValidOrigin(redirect_uri) {
 				log.Debug("Invalid redirect_uri")
 				c.JSON(400, gin.H{"error": "invalid redirect url"})
 				return
@@ -58,14 +59,27 @@ func AppHandler() gin.HandlerFunc {
 				log.Debug("Failed to push file path: ", err)
 			}
 		}
+
+		orgName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
+		if err != nil {
+			log.Debug("Failed to get organization name")
+			c.JSON(400, gin.H{"error": "failed to get organization name"})
+			return
+		}
+		orgLogo, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
+		if err != nil {
+			log.Debug("Failed to get organization logo")
+			c.JSON(400, gin.H{"error": "failed to get organization logo"})
+			return
+		}
 		c.HTML(http.StatusOK, "app.tmpl", gin.H{
 			"data": map[string]interface{}{
 				"authorizerURL":    hostname,
 				"redirectURL":      redirect_uri,
 				"scope":            scope,
 				"state":            state,
-				"organizationName": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName),
-				"organizationLogo": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo),
+				"organizationName": orgName,
+				"organizationLogo": orgLogo,
 			},
 		})
 	}

server/handlers/authorize.go

@@ -13,8 +13,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 )
 
@@ -80,7 +79,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			return
 		}
 
-		if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
+		if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
 			if isQuery {
 				gc.Redirect(http.StatusFound, loginURL)
 			} else {
@@ -223,7 +222,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 		// based on the response type, generate the response
 		if isResponseTypeCode {
 			// rollover the session for security
-			sessionstore.RemoveState(sessionToken)
+			go memorystore.Provider.DeleteUserSession(user.ID, claims.Nonce)
 			nonce := uuid.New().String()
 			newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope)
 			if err != nil {
@@ -244,10 +243,10 @@ func AuthorizeHandler() gin.HandlerFunc {
 				return
 			}
 
-			sessionstore.SetState(newSessionToken, newSessionTokenData.Nonce+"@"+user.ID)
+			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken)
 			cookie.SetSession(gc, newSessionToken)
 			code := uuid.New().String()
-			sessionstore.SetState(codeChallenge, code+"@"+newSessionToken)
+			memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken)
 			gc.HTML(http.StatusOK, template, gin.H{
 				"target_origin": redirectURI,
 				"authorization_response": map[string]interface{}{
@@ -281,9 +280,9 @@ func AuthorizeHandler() gin.HandlerFunc {
 				}
 				return
 			}
-			sessionstore.RemoveState(sessionToken)
-			sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
-			sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
+			go memorystore.Provider.DeleteUserSession(user.ID, claims.Nonce)
+			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 			cookie.SetSession(gc, authToken.FingerPrintHash)
 
 			expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
@@ -306,7 +305,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			if authToken.RefreshToken != nil {
 				res["refresh_token"] = authToken.RefreshToken.Token
 				params += "&refresh_token=" + authToken.RefreshToken.Token
-				sessionstore.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
+				memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 			}
 
 			if isQuery {

server/handlers/dashboard.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/gin-gonic/gin"
 )
 
@@ -12,8 +12,8 @@ import (
 func DashboardHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		isOnboardingCompleted := false
-
-		if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret) != "" {
+		adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+		if err != nil || adminSecret != "" {
 			isOnboardingCompleted = true
 		}
 

server/handlers/jwks.go

@@ -7,14 +7,21 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 func JWKsHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		var data map[string]string
-		jwk := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJWK)
-		err := json.Unmarshal([]byte(jwk), &data)
+		jwk, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJWK)
+		if err != nil {
+			log.Debug("Error getting JWK from memorystore: ", err)
+			c.JSON(500, gin.H{
+				"error": err.Error(),
+			})
+			return
+		}
+		err = json.Unmarshal([]byte(jwk), &data)
 		if err != nil {
 			log.Debug("Failed to parse JWK: ", err)
 			c.JSON(500, gin.H{

server/handlers/logout.go

@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	"encoding/json"
 	"net/http"
 	"strings"
 
@@ -9,7 +10,8 @@ import (
 
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/token"
 )
 
 // Handler to logout user
@@ -35,9 +37,17 @@ func LogoutHandler() gin.HandlerFunc {
 			return
 		}
 
-		fingerPrint := string(decryptedFingerPrint)
+		var sessionData token.SessionData
+		err = json.Unmarshal([]byte(decryptedFingerPrint), &sessionData)
+		if err != nil {
+			log.Debug("Failed to decrypt fingerprint: ", err)
+			gc.JSON(http.StatusUnauthorized, gin.H{
+				"error": err.Error(),
+			})
+			return
+		}
 
-		sessionstore.RemoveState(fingerPrint)
+		memorystore.Provider.DeleteUserSession(sessionData.Subject, sessionData.Nonce)
 		cookie.DeleteSession(gc)
 
 		if redirectURL != "" {

server/handlers/oauth_callback.go

@@ -17,11 +17,11 @@ import (
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
+	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -32,12 +32,11 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		provider := c.Param("oauth_provider")
 		state := c.Request.FormValue("state")
 
-		sessionState := sessionstore.GetState(state)
-		if sessionState == "" {
+		sessionState, err := memorystore.Provider.GetState(state)
+		if sessionState == "" || err != nil {
 			log.Debug("Invalid oauth state: ", state)
 			c.JSON(400, gin.H{"error": "invalid oauth state"})
 		}
-		sessionstore.GetState(state)
 		// contains random token, redirect url, role
 		sessionSplit := strings.Split(state, "___")
 
@@ -47,12 +46,14 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			return
 		}
 
+		// remove state from store
+		go memorystore.Provider.RemoveState(state)
+
 		stateValue := sessionSplit[0]
 		redirectURL := sessionSplit[1]
 		inputRoles := strings.Split(sessionSplit[2], ",")
 		scopes := strings.Split(sessionSplit[3], ",")
 
-		var err error
 		user := models.User{}
 		code := c.Request.FormValue("code")
 		switch provider {
@@ -62,6 +63,10 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			user, err = processGithubUserInfo(code)
 		case constants.SignupMethodFacebook:
 			user, err = processFacebookUserInfo(code)
+		case constants.SignupMethodLinkedIn:
+			user, err = processLinkedInUserInfo(code)
+		case constants.SignupMethodApple:
+			user, err = processAppleUserInfo(code)
 		default:
 			log.Info("Invalid oauth provider")
 			err = fmt.Errorf(`invalid oauth provider`)
@@ -77,7 +82,13 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		log := log.WithField("user", user.Email)
 
 		if err != nil {
-			if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
+			isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+			if err != nil {
+				log.Debug("Failed to get signup disabled env variable: ", err)
+				c.JSON(400, gin.H{"error": err.Error()})
+				return
+			}
+			if isSignupDisabled {
 				log.Debug("Failed to signup as disabled")
 				c.JSON(400, gin.H{"error": "signup is disabled for this instance"})
 				return
@@ -87,7 +98,15 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			// make sure inputRoles don't include protected roles
 			hasProtectedRole := false
 			for _, ir := range inputRoles {
-				if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ir) {
+				protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+				protectedRoles := []string{}
+				if err != nil {
+					log.Debug("Failed to get protected roles: ", err)
+					protectedRolesString = ""
+				} else {
+					protectedRoles = strings.Split(protectedRolesString, ",")
+				}
+				if utils.StringSliceContains(protectedRoles, ir) {
 					hasProtectedRole = true
 				}
 			}
@@ -103,9 +122,11 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			user.EmailVerifiedAt = &now
 			user, _ = db.Provider.AddUser(user)
 		} else {
+			user = existingUser
 			if user.RevokedTimestamp != nil {
 				log.Debug("User access revoked at: ", user.RevokedTimestamp)
 				c.JSON(400, gin.H{"error": "user access has been revoked"})
+				return
 			}
 
 			// user exists in db, check if method was google
@@ -114,7 +135,6 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			if !strings.Contains(signupMethod, provider) {
 				signupMethod = signupMethod + "," + provider
 			}
-			user = existingUser
 			user.SignupMethods = signupMethod
 
 			if user.EmailVerifiedAt == nil {
@@ -140,7 +160,15 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 				// check if it contains protected unassigned role
 				hasProtectedRole := false
 				for _, ur := range unasignedRoles {
-					if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ur) {
+					protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+					protectedRoles := []string{}
+					if err != nil {
+						log.Debug("Failed to get protected roles: ", err)
+						protectedRolesString = ""
+					} else {
+						protectedRoles = strings.Split(protectedRolesString, ",")
+					}
+					if utils.StringSliceContains(protectedRoles, ur) {
 						hasProtectedRole = true
 					}
 				}
@@ -178,12 +206,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token
 
 		cookie.SetSession(c, authToken.FingerPrintHash)
-		sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
-		sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 
 		if authToken.RefreshToken != nil {
 			params = params + `&refresh_token=` + authToken.RefreshToken.Token
-			sessionstore.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
+			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 		}
 
 		go db.Provider.AddSession(models.Session{
@@ -194,10 +222,10 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		if strings.Contains(redirectURL, "?") {
 			redirectURL = redirectURL + "&" + params
 		} else {
-			redirectURL = redirectURL + "?" + params
+			redirectURL = redirectURL + "?" + strings.TrimPrefix(params, "&")
 		}
 
-		c.Redirect(http.StatusTemporaryRedirect, redirectURL)
+		c.Redirect(http.StatusFound, redirectURL)
 	}
 }
 
@@ -236,7 +264,7 @@ func processGoogleUserInfo(code string) (models.User, error) {
 
 func processGithubUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
 	if err != nil {
 		log.Debug("Failed to exchange code for token: ", err)
 		return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
@@ -248,7 +276,7 @@ func processGithubUserInfo(code string) (models.User, error) {
 		return user, fmt.Errorf("error creating github user info request: %s", err.Error())
 	}
 	req.Header = http.Header{
-		"Authorization": []string{fmt.Sprintf("token %s", token.AccessToken)},
+		"Authorization": []string{fmt.Sprintf("token %s", oauth2Token.AccessToken)},
 	}
 
 	response, err := client.Do(req)
@@ -263,6 +291,10 @@ func processGithubUserInfo(code string) (models.User, error) {
 		log.Debug("Failed to read github user info response body: ", err)
 		return user, fmt.Errorf("failed to read github response body: %s", err.Error())
 	}
+	if response.StatusCode >= 400 {
+		log.Debug("Failed to request github user info: ", string(body))
+		return user, fmt.Errorf("failed to request github user info: %s", string(body))
+	}
 
 	userRawData := make(map[string]string)
 	json.Unmarshal(body, &userRawData)
@@ -291,13 +323,13 @@ func processGithubUserInfo(code string) (models.User, error) {
 
 func processFacebookUserInfo(code string) (models.User, error) {
 	user := models.User{}
-	token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
+	oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
 	if err != nil {
 		log.Debug("Invalid facebook exchange code: ", err)
 		return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
 	}
 	client := http.Client{}
-	req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil)
+	req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+oauth2Token.AccessToken, nil)
 	if err != nil {
 		log.Debug("Error creating facebook user info request: ", err)
 		return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
@@ -315,7 +347,10 @@ func processFacebookUserInfo(code string) (models.User, error) {
 		log.Debug("Failed to read facebook response: ", err)
 		return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
 	}
-
+	if response.StatusCode >= 400 {
+		log.Debug("Failed to request facebook user info: ", string(body))
+		return user, fmt.Errorf("failed to request facebook user info: %s", string(body))
+	}
 	userRawData := make(map[string]interface{})
 	json.Unmarshal(body, &userRawData)
 
@@ -336,3 +371,138 @@ func processFacebookUserInfo(code string) (models.User, error) {
 
 	return user, nil
 }
+
+func processLinkedInUserInfo(code string) (models.User, error) {
+	user := models.User{}
+	oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(oauth2.NoContext, code)
+	if err != nil {
+		log.Debug("Failed to exchange code for token: ", err)
+		return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
+	}
+
+	client := http.Client{}
+	req, err := http.NewRequest("GET", constants.LinkedInUserInfoURL, nil)
+	if err != nil {
+		log.Debug("Failed to create linkedin user info request: ", err)
+		return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
+	}
+	req.Header = http.Header{
+		"Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
+	}
+
+	response, err := client.Do(req)
+	if err != nil {
+		log.Debug("Failed to request linkedin user info: ", err)
+		return user, err
+	}
+
+	defer response.Body.Close()
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		log.Debug("Failed to read linkedin user info response body: ", err)
+		return user, fmt.Errorf("failed to read linkedin response body: %s", err.Error())
+	}
+
+	if response.StatusCode >= 400 {
+		log.Debug("Failed to request linkedin user info: ", string(body))
+		return user, fmt.Errorf("failed to request linkedin user info: %s", string(body))
+	}
+
+	userRawData := make(map[string]interface{})
+	json.Unmarshal(body, &userRawData)
+
+	req, err = http.NewRequest("GET", constants.LinkedInEmailURL, nil)
+	if err != nil {
+		log.Debug("Failed to create linkedin email info request: ", err)
+		return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
+	}
+	req.Header = http.Header{
+		"Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
+	}
+
+	response, err = client.Do(req)
+	if err != nil {
+		log.Debug("Failed to request linkedin email info: ", err)
+		return user, err
+	}
+
+	defer response.Body.Close()
+	body, err = ioutil.ReadAll(response.Body)
+	if err != nil {
+		log.Debug("Failed to read linkedin email info response body: ", err)
+		return user, fmt.Errorf("failed to read linkedin email response body: %s", err.Error())
+	}
+	if response.StatusCode >= 400 {
+		log.Debug("Failed to request linkedin user info: ", string(body))
+		return user, fmt.Errorf("failed to request linkedin user info: %s", string(body))
+	}
+	emailRawData := make(map[string]interface{})
+	json.Unmarshal(body, &emailRawData)
+
+	firstName := userRawData["localizedFirstName"].(string)
+	lastName := userRawData["localizedLastName"].(string)
+	profilePicture := userRawData["profilePicture"].(map[string]interface{})["displayImage~"].(map[string]interface{})["elements"].([]interface{})[0].(map[string]interface{})["identifiers"].([]interface{})[0].(map[string]interface{})["identifier"].(string)
+	emailAddress := emailRawData["elements"].([]interface{})[0].(map[string]interface{})["handle~"].(map[string]interface{})["emailAddress"].(string)
+
+	user = models.User{
+		GivenName:  &firstName,
+		FamilyName: &lastName,
+		Picture:    &profilePicture,
+		Email:      emailAddress,
+	}
+
+	return user, nil
+}
+
+func processAppleUserInfo(code string) (models.User, error) {
+	user := models.User{}
+	oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(oauth2.NoContext, code)
+	if err != nil {
+		log.Debug("Failed to exchange code for token: ", err)
+		return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
+	}
+
+	// Extract the ID Token from OAuth2 token.
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+	if !ok {
+		log.Debug("Failed to extract ID Token from OAuth2 token")
+		return user, fmt.Errorf("unable to extract id_token")
+	}
+
+	tokenSplit := strings.Split(rawIDToken, ".")
+	claimsData := tokenSplit[1]
+	decodedClaimsData, err := crypto.DecryptB64(claimsData)
+	if err != nil {
+		log.Debug("Failed to decrypt claims data: ", err)
+		return user, fmt.Errorf("failed to decrypt claims data: %s", err.Error())
+	}
+
+	claims := make(map[string]interface{})
+	err = json.Unmarshal([]byte(decodedClaimsData), &claims)
+	if err != nil {
+		log.Debug("Failed to unmarshal claims data: ", err)
+		return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error())
+	}
+
+	if val, ok := claims["email"]; !ok {
+		log.Debug("Failed to extract email from claims.")
+		return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
+	} else {
+		user.Email = val.(string)
+	}
+
+	if val, ok := claims["name"]; ok {
+		nameData := val.(map[string]interface{})
+		if nameVal, ok := nameData["firstName"]; ok {
+			givenName := nameVal.(string)
+			user.GivenName = &givenName
+		}
+
+		if nameVal, ok := nameData["lastName"]; ok {
+			familyName := nameVal.(string)
+			user.FamilyName = &familyName
+		}
+	}
+
+	return user, err
+}

server/handlers/oauth_login.go

@@ -6,18 +6,19 @@ import (
 
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/oauth2"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/parsers"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback
 func OAuthLoginHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		hostname := utils.GetHost(c)
+		hostname := parsers.GetHost(c)
 		// deprecating redirectURL instead use redirect_uri
 		redirectURI := strings.TrimSpace(c.Query("redirectURL"))
 		if redirectURI == "" {
@@ -56,7 +57,25 @@ func OAuthLoginHandler() gin.HandlerFunc {
 
 			// use protected roles verification for admin login only.
 			// though if not associated with user, it will be rejected from oauth_callback
-			if !utils.IsValidRoles(rolesSplit, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) {
+			rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+			roles := []string{}
+			if err != nil {
+				log.Debug("Error getting roles: ", err)
+				rolesString = ""
+			} else {
+				roles = strings.Split(rolesString, ",")
+			}
+
+			protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+			protectedRoles := []string{}
+			if err != nil {
+				log.Debug("Error getting protected roles: ", err)
+				protectedRolesString = ""
+			} else {
+				protectedRoles = strings.Split(protectedRolesString, ",")
+			}
+
+			if !validators.IsValidRoles(rolesSplit, append([]string{}, append(roles, protectedRoles...)...)) {
 				log.Debug("Invalid roles: ", roles)
 				c.JSON(400, gin.H{
 					"error": "invalid role",
@@ -64,7 +83,16 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				return
 			}
 		} else {
-			roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
+			defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			if err != nil {
+				log.Debug("Error getting default roles: ", err)
+				c.JSON(400, gin.H{
+					"error": "invalid role",
+				})
+				return
+			}
+			roles = defaultRoles
+
 		}
 
 		oauthStateString := state + "___" + redirectURI + "___" + roles + "___" + strings.Join(scope, ",")
@@ -78,9 +106,16 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				isProviderConfigured = false
 				break
 			}
-			sessionstore.SetState(oauthStateString, constants.SignupMethodGoogle)
+			err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodGoogle)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
 			// during the init of OAuthProvider authorizer url might be empty
-			oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/google"
+			oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodGoogle
 			url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
 			c.Redirect(http.StatusTemporaryRedirect, url)
 		case constants.SignupMethodGithub:
@@ -89,8 +124,15 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				isProviderConfigured = false
 				break
 			}
-			sessionstore.SetState(oauthStateString, constants.SignupMethodGithub)
-			oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/github"
+			err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodGithub)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
+			oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodGithub
 			url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
 			c.Redirect(http.StatusTemporaryRedirect, url)
 		case constants.SignupMethodFacebook:
@@ -99,10 +141,53 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				isProviderConfigured = false
 				break
 			}
-			sessionstore.SetState(oauthStateString, constants.SignupMethodFacebook)
-			oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/facebook"
+			err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodFacebook)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
+			oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodFacebook
 			url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
 			c.Redirect(http.StatusTemporaryRedirect, url)
+		case constants.SignupMethodLinkedIn:
+			if oauth.OAuthProviders.LinkedInConfig == nil {
+				log.Debug("Linkedin OAuth provider is not configured")
+				isProviderConfigured = false
+				break
+			}
+			err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodLinkedIn)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
+			oauth.OAuthProviders.LinkedInConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodLinkedIn
+			url := oauth.OAuthProviders.LinkedInConfig.AuthCodeURL(oauthStateString)
+			c.Redirect(http.StatusTemporaryRedirect, url)
+		case constants.SignupMethodApple:
+			if oauth.OAuthProviders.AppleConfig == nil {
+				log.Debug("Apple OAuth provider is not configured")
+				isProviderConfigured = false
+				break
+			}
+			err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodApple)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
+			oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodApple
+			// there is scope encoding issue with oauth2 and how apple expects, hence added scope manually
+			// check: https://github.com/golang/oauth2/issues/449
+			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post")) + "&scope=name email"
+			c.Redirect(http.StatusTemporaryRedirect, url)
 		default:
 			log.Debug("Invalid oauth provider: ", provider)
 			c.JSON(422, gin.H{

server/handlers/openid_config.go

@@ -4,15 +4,15 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
 )
 
 // OpenIDConfigurationHandler handler for open-id configurations
 func OpenIDConfigurationHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		issuer := utils.GetHost(c)
-		jwtType := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
+		issuer := parsers.GetHost(c)
+		jwtType, _ := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
 
 		c.JSON(200, gin.H{
 			"issuer":                                issuer,

server/handlers/revoke.go

@@ -8,8 +8,8 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/token"
 )
 
 // Revoke handler to revoke refresh token
@@ -37,7 +37,7 @@ func RevokeHandler() gin.HandlerFunc {
 			return
 		}
 
-		if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
+		if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
 			log.Debug("Client ID is invalid: ", clientID)
 			gc.JSON(http.StatusBadRequest, gin.H{
 				"error":             "invalid_client_id",
@@ -46,7 +46,17 @@ func RevokeHandler() gin.HandlerFunc {
 			return
 		}
 
-		sessionstore.RemoveState(refreshToken)
+		claims, err := token.ParseJWTToken(refreshToken)
+		if err != nil {
+			log.Debug("Client ID is invalid: ", clientID)
+			gc.JSON(http.StatusBadRequest, gin.H{
+				"error":             err.Error(),
+				"error_description": "Failed to parse jwt",
+			})
+			return
+		}
+
+		memorystore.Provider.DeleteUserSession(claims["sub"].(string), claims["nonce"].(string))
 
 		gc.JSON(http.StatusOK, gin.H{
 			"message": "Token revoked successfully",

server/handlers/token.go

@@ -13,8 +13,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 )
 
@@ -62,7 +61,7 @@ func TokenHandler() gin.HandlerFunc {
 			return
 		}
 
-		if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
+		if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); clientID != client || err != nil {
 			log.Debug("Client ID is invalid: ", clientID)
 			gc.JSON(http.StatusBadRequest, gin.H{
 				"error":             "invalid_client_id",
@@ -98,8 +97,8 @@ func TokenHandler() gin.HandlerFunc {
 			encryptedCode := strings.ReplaceAll(base64.URLEncoding.EncodeToString(hash.Sum(nil)), "+", "-")
 			encryptedCode = strings.ReplaceAll(encryptedCode, "/", "_")
 			encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
-			sessionData := sessionstore.GetState(encryptedCode)
-			if sessionData == "" {
+			sessionData, err := memorystore.Provider.GetState(encryptedCode)
+			if sessionData == "" || err != nil {
 				log.Debug("Session data is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
 					"error":             "invalid_code_verifier",
@@ -108,6 +107,7 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}
 
+			go memorystore.Provider.RemoveState(encryptedCode)
 			// split session data
 			// it contains code@sessiontoken
 			sessionDataSplit := strings.Split(sessionData, "@")
@@ -131,11 +131,11 @@ func TokenHandler() gin.HandlerFunc {
 				})
 				return
 			}
-			// rollover the session for security
-			sessionstore.RemoveState(sessionDataSplit[1])
 			userID = claims.Subject
 			roles = claims.Roles
 			scope = claims.Scope
+			// rollover the session for security
+			go memorystore.Provider.DeleteUserSession(userID, claims.Nonce)
 		} else {
 			// validate refresh token
 			if refreshToken == "" {
@@ -164,7 +164,7 @@ func TokenHandler() gin.HandlerFunc {
 				scope = append(scope, v.(string))
 			}
 			// remove older refresh token and rotate it for security
-			sessionstore.RemoveState(refreshToken)
+			go memorystore.Provider.DeleteUserSession(userID, claims["nonce"].(string))
 		}
 
 		user, err := db.Provider.GetUserByID(userID)
@@ -186,8 +186,8 @@ func TokenHandler() gin.HandlerFunc {
 			})
 			return
 		}
-		sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
-		sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 		cookie.SetSession(gc, authToken.FingerPrintHash)
 
 		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
@@ -205,7 +205,7 @@ func TokenHandler() gin.HandlerFunc {
 
 		if authToken.RefreshToken != nil {
 			res["refresh_token"] = authToken.RefreshToken.Token
-			sessionstore.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
+			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 		}
 
 		gc.JSON(http.StatusOK, res)

server/handlers/verify_email.go

@@ -9,10 +9,12 @@ import (
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -40,8 +42,8 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		}
 
 		// verify if token exists in db
-		hostname := utils.GetHost(c)
-		claim, err := token.ParseJWTToken(tokenInQuery, hostname, verificationRequest.Nonce, verificationRequest.Email)
+		hostname := parsers.GetHost(c)
+		claim, err := token.ParseJWTToken(tokenInQuery)
 		if err != nil {
 			log.Debug("Error parsing token: ", err)
 			errorRes["error_description"] = err.Error()
@@ -49,7 +51,14 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			return
 		}
 
-		user, err := db.Provider.GetUserByEmail(claim["sub"].(string))
+		if ok, err := token.ValidateJWTClaims(claim, hostname, verificationRequest.Nonce, verificationRequest.Email); !ok || err != nil {
+			log.Debug("Error validating jwt claims: ", err)
+			errorRes["error_description"] = err.Error()
+			c.JSON(400, errorRes)
+			return
+		}
+
+		user, err := db.Provider.GetUserByEmail(verificationRequest.Email)
 		if err != nil {
 			log.Debug("Error getting user: ", err)
 			errorRes["error_description"] = err.Error()
@@ -99,12 +108,12 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
 
 		cookie.SetSession(c, authToken.FingerPrintHash)
-		sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
-		sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 
 		if authToken.RefreshToken != nil {
-			params = params + `&refresh_token=${refresh_token}`
-			sessionstore.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
+			params = params + `&refresh_token=` + authToken.RefreshToken.Token
+			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 		}
 
 		if redirectURL == "" {
@@ -114,7 +123,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		if strings.Contains(redirectURL, "?") {
 			redirectURL = redirectURL + "&" + params
 		} else {
-			redirectURL = redirectURL + "?" + params
+			redirectURL = redirectURL + "?" + strings.TrimPrefix(params, "&")
 		}
 
 		go db.Provider.AddSession(models.Session{

server/main.go

@@ -6,13 +6,13 @@ import (
 	"github.com/sirupsen/logrus"
 	log "github.com/sirupsen/logrus"
 
+	"github.com/authorizerdev/authorizer/server/cli"
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/env"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
 	"github.com/authorizerdev/authorizer/server/routes"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
 )
 
 var VERSION string
@@ -27,23 +27,22 @@ func (u LogUTCFormatter) Format(e *log.Entry) ([]byte, error) {
 }
 
 func main() {
-	envstore.ARG_DB_URL = flag.String("database_url", "", "Database connection string")
-	envstore.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
-	envstore.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
-	envstore.ARG_LOG_LEVEL = flag.String("log_level", "info", "Log level, possible values are debug,info,warn,error,fatal,panic")
+	cli.ARG_DB_URL = flag.String("database_url", "", "Database connection string")
+	cli.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
+	cli.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
+	cli.ARG_LOG_LEVEL = flag.String("log_level", "info", "Log level, possible values are debug,info,warn,error,fatal,panic")
+	cli.ARG_REDIS_URL = flag.String("redis_url", "", "Redis connection string")
 	flag.Parse()
 
 	// global log level
 	logrus.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
-	logrus.SetReportCaller(true)
 
 	// log instance for gin server
 	log := logrus.New()
 	log.SetFormatter(LogUTCFormatter{&logrus.JSONFormatter{}})
-	log.SetReportCaller(true)
 
 	var logLevel logrus.Level
-	switch *envstore.ARG_LOG_LEVEL {
+	switch *cli.ARG_LOG_LEVEL {
 	case "debug":
 		logLevel = logrus.DebugLevel
 	case "info":
@@ -62,14 +61,26 @@ func main() {
 	logrus.SetLevel(logLevel)
 	log.SetLevel(logLevel)
 
+	// show file path in log for debug or other log levels.
+	if logLevel != logrus.InfoLevel {
+		logrus.SetReportCaller(true)
+		log.SetReportCaller(true)
+	}
+
 	constants.VERSION = VERSION
 
-	// initialize required envs (mainly db & env file path)
-	err := env.InitRequiredEnv()
+	// initialize required envs (mainly db, env file path and redis)
+	err := memorystore.InitRequiredEnv()
 	if err != nil {
 		log.Fatal("Error while initializing required envs: ", err)
 	}
 
+	// initialize memory store
+	err = memorystore.InitMemStore()
+	if err != nil {
+		log.Fatal("Error while initializing memory store: ", err)
+	}
+
 	// initialize db provider
 	err = db.InitDB()
 	if err != nil {
@@ -89,12 +100,6 @@ func main() {
 		log.Fatalln("Error while persisting env: ", err)
 	}
 
-	// initialize session store (redis or in-memory based on env)
-	err = sessionstore.InitSession()
-	if err != nil {
-		log.Fatalln("Error while initializing session store: ", err)
-	}
-
 	// initialize oauth providers based on env
 	err = oauth.InitOAuth()
 	if err != nil {
@@ -103,5 +108,11 @@ func main() {
 
 	router := routes.InitRouter(log)
 	log.Info("Starting Authorizer: ", VERSION)
-	router.Run(":" + envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyPort))
+	port, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyPort)
+	if err != nil {
+		log.Info("Error while getting port from env using default port 8080: ", err)
+		port = "8080"
+	}
+
+	router.Run(":" + port)
 }

server/memorystore/memory_store.go

@@ -0,0 +1,76 @@
+package memorystore
+
+import (
+	"encoding/json"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/memorystore/providers"
+	"github.com/authorizerdev/authorizer/server/memorystore/providers/inmemory"
+	"github.com/authorizerdev/authorizer/server/memorystore/providers/redis"
+)
+
+// Provider returns the current database provider
+var Provider providers.Provider
+
+// InitMemStore initializes the memory store
+func InitMemStore() error {
+	var err error
+
+	defaultEnvs := map[string]interface{}{
+		// string envs
+		constants.EnvKeyJwtRoleClaim:     "role",
+		constants.EnvKeyOrganizationName: "Authorizer",
+		constants.EnvKeyOrganizationLogo: "https://www.authorizer.dev/images/logo.png",
+
+		// boolean envs
+		constants.EnvKeyDisableBasicAuthentication: false,
+		constants.EnvKeyDisableMagicLinkLogin:      false,
+		constants.EnvKeyDisableEmailVerification:   false,
+		constants.EnvKeyDisableLoginPage:           false,
+		constants.EnvKeyDisableSignUp:              false,
+	}
+
+	requiredEnvs := RequiredEnvStoreObj.GetRequiredEnv()
+	requiredEnvMap := make(map[string]interface{})
+	requiredEnvBytes, err := json.Marshal(requiredEnvs)
+	if err != nil {
+		log.Debug("Error while marshalling required envs: ", err)
+		return err
+	}
+	err = json.Unmarshal(requiredEnvBytes, &requiredEnvMap)
+	if err != nil {
+		log.Debug("Error while unmarshalling required envs: ", err)
+		return err
+	}
+
+	// merge default envs with required envs
+	for key, val := range requiredEnvMap {
+		defaultEnvs[key] = val
+	}
+
+	redisURL := requiredEnvs.RedisURL
+	if redisURL != "" && !requiredEnvs.disableRedisForEnv {
+		log.Info("Initializing Redis memory store")
+		Provider, err = redis.NewRedisProvider(redisURL)
+		if err != nil {
+			return err
+		}
+
+		// set default envs in redis
+		Provider.UpdateEnvStore(defaultEnvs)
+
+		return nil
+	}
+
+	log.Info("using in memory store to save sessions")
+	// if redis url is not set use in memory store
+	Provider, err = inmemory.NewInMemoryProvider()
+	if err != nil {
+		return err
+	}
+	// set default envs in local env
+	Provider.UpdateEnvStore(defaultEnvs)
+	return nil
+}

server/memorystore/providers/inmemory/provider.go

@@ -0,0 +1,24 @@
+package inmemory
+
+import (
+	"sync"
+
+	"github.com/authorizerdev/authorizer/server/memorystore/providers/inmemory/stores"
+)
+
+type provider struct {
+	mutex        sync.Mutex
+	sessionStore *stores.SessionStore
+	stateStore   *stores.StateStore
+	envStore     *stores.EnvStore
+}
+
+// NewInMemoryStore returns a new in-memory store.
+func NewInMemoryProvider() (*provider, error) {
+	return &provider{
+		mutex:        sync.Mutex{},
+		envStore:     stores.NewEnvStore(),
+		sessionStore: stores.NewSessionStore(),
+		stateStore:   stores.NewStateStore(),
+	}, nil
+}

server/memorystore/providers/inmemory/store.go

@@ -0,0 +1,102 @@
+package inmemory
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// SetUserSession sets the user session
+func (c *provider) SetUserSession(userId, key, token string) error {
+	c.sessionStore.Set(userId, key, token)
+	return nil
+}
+
+// GetAllUserSessions returns all the user sessions token from the in-memory store.
+func (c *provider) GetAllUserSessions(userId string) (map[string]string, error) {
+	data := c.sessionStore.GetAll(userId)
+	return data, nil
+}
+
+// GetUserSession returns value for given session token
+func (c *provider) GetUserSession(userId, sessionToken string) (string, error) {
+	return c.sessionStore.Get(userId, sessionToken), nil
+}
+
+// DeleteAllUserSessions deletes all the user sessions from in-memory store.
+func (c *provider) DeleteAllUserSessions(userId string) error {
+	if os.Getenv("ENV") != constants.TestEnv {
+		c.mutex.Lock()
+		defer c.mutex.Unlock()
+	}
+	c.sessionStore.RemoveAll(userId)
+	return nil
+}
+
+// DeleteUserSession deletes the user session from the in-memory store.
+func (c *provider) DeleteUserSession(userId, sessionToken string) error {
+	if os.Getenv("ENV") != constants.TestEnv {
+		c.mutex.Lock()
+		defer c.mutex.Unlock()
+	}
+	c.sessionStore.Remove(userId, sessionToken)
+	return nil
+}
+
+// SetState sets the state in the in-memory store.
+func (c *provider) SetState(key, state string) error {
+	if os.Getenv("ENV") != constants.TestEnv {
+		c.mutex.Lock()
+		defer c.mutex.Unlock()
+	}
+	c.stateStore.Set(key, state)
+
+	return nil
+}
+
+// GetState gets the state from the in-memory store.
+func (c *provider) GetState(key string) (string, error) {
+	return c.stateStore.Get(key), nil
+}
+
+// RemoveState removes the state from the in-memory store.
+func (c *provider) RemoveState(key string) error {
+	c.stateStore.Remove(key)
+	return nil
+}
+
+// UpdateEnvStore to update the whole env store object
+func (c *provider) UpdateEnvStore(store map[string]interface{}) error {
+	c.envStore.UpdateStore(store)
+	return nil
+}
+
+// GetEnvStore returns the env store object
+func (c *provider) GetEnvStore() (map[string]interface{}, error) {
+	return c.envStore.GetStore(), nil
+}
+
+// UpdateEnvVariable to update the particular env variable
+func (c *provider) UpdateEnvVariable(key string, value interface{}) error {
+	c.envStore.Set(key, value)
+	return nil
+}
+
+// GetStringStoreEnvVariable to get the env variable from string store object
+func (c *provider) GetStringStoreEnvVariable(key string) (string, error) {
+	res := c.envStore.Get(key)
+	if res == nil {
+		return "", nil
+	}
+	return fmt.Sprintf("%v", res), nil
+}
+
+// GetBoolStoreEnvVariable to get the env variable from bool store object
+func (c *provider) GetBoolStoreEnvVariable(key string) (bool, error) {
+	res := c.envStore.Get(key)
+	if res == nil {
+		return false, nil
+	}
+	return res.(bool), nil
+}

server/memorystore/providers/inmemory/stores/env_store.go

@@ -0,0 +1,54 @@
+package stores
+
+import (
+	"os"
+	"sync"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// EnvStore struct to store the env variables
+type EnvStore struct {
+	mutex sync.Mutex
+	store map[string]interface{}
+}
+
+// NewEnvStore create a new env store
+func NewEnvStore() *EnvStore {
+	return &EnvStore{
+		mutex: sync.Mutex{},
+		store: make(map[string]interface{}),
+	}
+}
+
+// UpdateEnvStore to update the whole env store object
+func (e *EnvStore) UpdateStore(store map[string]interface{}) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		e.mutex.Lock()
+		defer e.mutex.Unlock()
+	}
+	// just override the keys + new keys
+
+	for key, value := range store {
+		e.store[key] = value
+	}
+}
+
+// GetStore returns the env store
+func (e *EnvStore) GetStore() map[string]interface{} {
+	return e.store
+}
+
+// Get returns the value of the key in evn store
+func (e *EnvStore) Get(key string) interface{} {
+	return e.store[key]
+}
+
+// Set sets the value of the key in env store
+func (e *EnvStore) Set(key string, value interface{}) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		e.mutex.Lock()
+		defer e.mutex.Unlock()
+	}
+	e.store[key] = value
+}

server/memorystore/providers/inmemory/stores/session_store.go

@@ -0,0 +1,67 @@
+package stores
+
+import (
+	"os"
+	"sync"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// SessionStore struct to store the env variables
+type SessionStore struct {
+	mutex sync.Mutex
+	store map[string]map[string]string
+}
+
+// NewSessionStore create a new session store
+func NewSessionStore() *SessionStore {
+	return &SessionStore{
+		mutex: sync.Mutex{},
+		store: make(map[string]map[string]string),
+	}
+}
+
+// Get returns the value of the key in state store
+func (s *SessionStore) Get(key, subKey string) string {
+	return s.store[key][subKey]
+}
+
+// Set sets the value of the key in state store
+func (s *SessionStore) Set(key string, subKey, value string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	if _, ok := s.store[key]; !ok {
+		s.store[key] = make(map[string]string)
+	}
+	s.store[key][subKey] = value
+}
+
+// RemoveAll all values for given key
+func (s *SessionStore) RemoveAll(key string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	delete(s.store, key)
+}
+
+// Remove value for given key and subkey
+func (s *SessionStore) Remove(key, subKey string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	if _, ok := s.store[key]; ok {
+		delete(s.store[key], subKey)
+	}
+}
+
+// Get all the values for given key
+func (s *SessionStore) GetAll(key string) map[string]string {
+	if _, ok := s.store[key]; !ok {
+		s.store[key] = make(map[string]string)
+	}
+	return s.store[key]
+}

server/memorystore/providers/inmemory/stores/state_store.go

@@ -0,0 +1,46 @@
+package stores
+
+import (
+	"os"
+	"sync"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// StateStore struct to store the env variables
+type StateStore struct {
+	mutex sync.Mutex
+	store map[string]string
+}
+
+// NewStateStore create a new state store
+func NewStateStore() *StateStore {
+	return &StateStore{
+		mutex: sync.Mutex{},
+		store: make(map[string]string),
+	}
+}
+
+// Get returns the value of the key in state store
+func (s *StateStore) Get(key string) string {
+	return s.store[key]
+}
+
+// Set sets the value of the key in state store
+func (s *StateStore) Set(key string, value string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	s.store[key] = value
+}
+
+// Remove removes the key from state store
+func (s *StateStore) Remove(key string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+
+	delete(s.store, key)
+}

server/memorystore/providers/providers.go

@@ -0,0 +1,35 @@
+package providers
+
+// Provider defines current memory store provider
+type Provider interface {
+	// SetUserSession sets the user session
+	SetUserSession(userId, key, token string) error
+	// GetAllUserSessions returns all the user sessions from the session store
+	GetAllUserSessions(userId string) (map[string]string, error)
+	// GetUserSession returns the session token for given token
+	GetUserSession(userId, key string) (string, error)
+	// DeleteUserSession deletes the user session
+	DeleteUserSession(userId, key string) error
+	// DeleteAllSessions deletes all the sessions from the session store
+	DeleteAllUserSessions(userId string) error
+
+	// SetState sets the login state (key, value form) in the session store
+	SetState(key, state string) error
+	// GetState returns the state from the session store
+	GetState(key string) (string, error)
+	// RemoveState removes the social login state from the session store
+	RemoveState(key string) error
+
+	// methods for env store
+
+	// UpdateEnvStore to update the whole env store object
+	UpdateEnvStore(store map[string]interface{}) error
+	// GetEnvStore() returns the env store object
+	GetEnvStore() (map[string]interface{}, error)
+	// UpdateEnvVariable to update the particular env variable
+	UpdateEnvVariable(key string, value interface{}) error
+	// GetStringStoreEnvVariable to get the string env variable from env store
+	GetStringStoreEnvVariable(key string) (string, error)
+	// GetBoolStoreEnvVariable to get the bool env variable from env store
+	GetBoolStoreEnvVariable(key string) (bool, error)
+}

server/memorystore/providers/redis/provider.go

@@ -0,0 +1,78 @@
+package redis
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/go-redis/redis/v8"
+	log "github.com/sirupsen/logrus"
+)
+
+// RedisClient is the interface for redis client & redis cluster client
+type RedisClient interface {
+	HMSet(ctx context.Context, key string, values ...interface{}) *redis.BoolCmd
+	Del(ctx context.Context, keys ...string) *redis.IntCmd
+	HDel(ctx context.Context, key string, fields ...string) *redis.IntCmd
+	HMGet(ctx context.Context, key string, fields ...string) *redis.SliceCmd
+	HSet(ctx context.Context, key string, values ...interface{}) *redis.IntCmd
+	HGet(ctx context.Context, key, field string) *redis.StringCmd
+	HGetAll(ctx context.Context, key string) *redis.StringStringMapCmd
+	Set(ctx context.Context, key string, value interface{}, expiration time.Duration) *redis.StatusCmd
+	Get(ctx context.Context, key string) *redis.StringCmd
+	Scan(ctx context.Context, cursor uint64, match string, count int64) *redis.ScanCmd
+}
+
+type provider struct {
+	ctx   context.Context
+	store RedisClient
+}
+
+// NewRedisProvider returns a new redis provider
+func NewRedisProvider(redisURL string) (*provider, error) {
+	redisURLHostPortsList := strings.Split(redisURL, ",")
+
+	if len(redisURLHostPortsList) > 1 {
+		opt, err := redis.ParseURL(redisURLHostPortsList[0])
+		if err != nil {
+			log.Debug("error parsing redis url: ", err)
+			return nil, err
+		}
+		urls := []string{opt.Addr}
+		urlList := redisURLHostPortsList[1:]
+		urls = append(urls, urlList...)
+		clusterOpt := &redis.ClusterOptions{Addrs: urls}
+
+		rdb := redis.NewClusterClient(clusterOpt)
+		ctx := context.Background()
+		_, err = rdb.Ping(ctx).Result()
+		if err != nil {
+			log.Debug("error connecting to redis: ", err)
+			return nil, err
+		}
+
+		return &provider{
+			ctx:   ctx,
+			store: rdb,
+		}, nil
+	}
+
+	opt, err := redis.ParseURL(redisURL)
+	if err != nil {
+		log.Debug("error parsing redis url: ", err)
+		return nil, err
+	}
+
+	rdb := redis.NewClient(opt)
+	ctx := context.Background()
+	_, err = rdb.Ping(ctx).Result()
+	if err != nil {
+		log.Debug("error connecting to redis: ", err)
+		return nil, err
+	}
+
+	return &provider{
+		ctx:   ctx,
+		store: rdb,
+	}, nil
+}

server/memorystore/providers/redis/store.go

@@ -0,0 +1,167 @@
+package redis
+
+import (
+	"strconv"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	log "github.com/sirupsen/logrus"
+)
+
+var (
+	// state store prefix
+	stateStorePrefix = "authorizer_state:"
+	// env store prefix
+	envStorePrefix = "authorizer_env"
+)
+
+// SetUserSession sets the user session in redis store.
+func (c *provider) SetUserSession(userId, key, token string) error {
+	err := c.store.HSet(c.ctx, userId, key, token).Err()
+	if err != nil {
+		log.Debug("Error saving to redis: ", err)
+		return err
+	}
+	return nil
+}
+
+// GetAllUserSessions returns all the user session token from the redis store.
+func (c *provider) GetAllUserSessions(userID string) (map[string]string, error) {
+	data, err := c.store.HGetAll(c.ctx, userID).Result()
+	if err != nil {
+		log.Debug("error getting all user sessions from redis store: ", err)
+		return nil, err
+	}
+
+	return data, nil
+}
+
+// GetUserSession returns the user session from redis store.
+func (c *provider) GetUserSession(userId, key string) (string, error) {
+	data, err := c.store.HGet(c.ctx, userId, key).Result()
+	if err != nil {
+		return "", err
+	}
+	return data, nil
+}
+
+// DeleteUserSession deletes the user session from redis store.
+func (c *provider) DeleteUserSession(userId, key string) error {
+	if err := c.store.HDel(c.ctx, userId, constants.TokenTypeSessionToken+"_"+key).Err(); err != nil {
+		log.Debug("Error deleting user session from redis: ", err)
+		return err
+	}
+	if err := c.store.HDel(c.ctx, userId, constants.TokenTypeAccessToken+"_"+key).Err(); err != nil {
+		log.Debug("Error deleting user session from redis: ", err)
+		return err
+	}
+	if err := c.store.HDel(c.ctx, userId, constants.TokenTypeRefreshToken+"_"+key).Err(); err != nil {
+		log.Debug("Error deleting user session from redis: ", err)
+		return err
+	}
+	return nil
+}
+
+// DeleteAllUserSessions deletes all the user session from redis
+func (c *provider) DeleteAllUserSessions(userID string) error {
+	err := c.store.Del(c.ctx, userID).Err()
+	if err != nil {
+		log.Debug("Error deleting all user sessions from redis: ", err)
+		return err
+	}
+	return nil
+}
+
+// SetState sets the state in redis store.
+func (c *provider) SetState(key, value string) error {
+	err := c.store.Set(c.ctx, stateStorePrefix+key, value, 0).Err()
+	if err != nil {
+		log.Debug("Error saving redis token: ", err)
+		return err
+	}
+
+	return nil
+}
+
+// GetState gets the state from redis store.
+func (c *provider) GetState(key string) (string, error) {
+	data, err := c.store.Get(c.ctx, stateStorePrefix+key).Result()
+	if err != nil {
+		log.Debug("error getting token from redis store: ", err)
+		return "", err
+	}
+
+	return data, err
+}
+
+// RemoveState removes the state from redis store.
+func (c *provider) RemoveState(key string) error {
+	err := c.store.Del(c.ctx, stateStorePrefix+key).Err()
+	if err != nil {
+		log.Fatalln("Error deleting redis token: ", err)
+		return err
+	}
+
+	return nil
+}
+
+// UpdateEnvStore to update the whole env store object
+func (c *provider) UpdateEnvStore(store map[string]interface{}) error {
+	for key, value := range store {
+		err := c.store.HSet(c.ctx, envStorePrefix, key, value).Err()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// GetEnvStore returns the whole env store object
+func (c *provider) GetEnvStore() (map[string]interface{}, error) {
+	res := make(map[string]interface{})
+	data, err := c.store.HGetAll(c.ctx, envStorePrefix).Result()
+	if err != nil {
+		return nil, err
+	}
+	for key, value := range data {
+		if key == constants.EnvKeyDisableBasicAuthentication || key == constants.EnvKeyDisableEmailVerification || key == constants.EnvKeyDisableLoginPage || key == constants.EnvKeyDisableMagicLinkLogin || key == constants.EnvKeyDisableRedisForEnv || key == constants.EnvKeyDisableSignUp {
+			boolValue, err := strconv.ParseBool(value)
+			if err != nil {
+				return res, err
+			}
+			res[key] = boolValue
+		} else {
+			res[key] = value
+		}
+	}
+	return res, nil
+}
+
+// UpdateEnvVariable to update the particular env variable
+func (c *provider) UpdateEnvVariable(key string, value interface{}) error {
+	err := c.store.HSet(c.ctx, envStorePrefix, key, value).Err()
+	if err != nil {
+		log.Debug("Error saving redis token: ", err)
+		return err
+	}
+	return nil
+}
+
+// GetStringStoreEnvVariable to get the string env variable from env store
+func (c *provider) GetStringStoreEnvVariable(key string) (string, error) {
+	data, err := c.store.HGet(c.ctx, envStorePrefix, key).Result()
+	if err != nil {
+		return "", nil
+	}
+
+	return data, nil
+}
+
+// GetBoolStoreEnvVariable to get the bool env variable from env store
+func (c *provider) GetBoolStoreEnvVariable(key string) (bool, error) {
+	data, err := c.store.HGet(c.ctx, envStorePrefix, key).Result()
+	if err != nil {
+		return false, nil
+	}
+
+	return data == "1", nil
+}

server/memorystore/required_env_store.go

@@ -0,0 +1,149 @@
+package memorystore
+
+import (
+	"errors"
+	"os"
+	"strings"
+	"sync"
+
+	"github.com/joho/godotenv"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/cli"
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// RequiredEnv holds information about required envs
+type RequiredEnv struct {
+	EnvPath            string `json:"ENV_PATH"`
+	DatabaseURL        string `json:"DATABASE_URL"`
+	DatabaseType       string `json:"DATABASE_TYPE"`
+	DatabaseName       string `json:"DATABASE_NAME"`
+	DatabaseHost       string `json:"DATABASE_HOST"`
+	DatabasePort       string `json:"DATABASE_PORT"`
+	DatabaseUsername   string `json:"DATABASE_USERNAME"`
+	DatabasePassword   string `json:"DATABASE_PASSWORD"`
+	DatabaseCert       string `json:"DATABASE_CERT"`
+	DatabaseCertKey    string `json:"DATABASE_CERT_KEY"`
+	DatabaseCACert     string `json:"DATABASE_CA_CERT"`
+	RedisURL           string `json:"REDIS_URL"`
+	disableRedisForEnv bool   `json:"DISABLE_REDIS_FOR_ENV"`
+}
+
+// RequiredEnvObj is a simple in-memory store for sessions.
+type RequiredEnvStore struct {
+	mutex       sync.Mutex
+	requiredEnv RequiredEnv
+}
+
+// GetRequiredEnv to get required env
+func (r *RequiredEnvStore) GetRequiredEnv() RequiredEnv {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+
+	return r.requiredEnv
+}
+
+// SetRequiredEnv to set required env
+func (r *RequiredEnvStore) SetRequiredEnv(requiredEnv RequiredEnv) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	r.requiredEnv = requiredEnv
+}
+
+var RequiredEnvStoreObj *RequiredEnvStore
+
+// InitRequiredEnv to initialize EnvData and through error if required env are not present
+func InitRequiredEnv() error {
+	envPath := os.Getenv(constants.EnvKeyEnvPath)
+
+	if envPath == "" {
+		if envPath == "" {
+			envPath = `.env`
+		}
+	}
+
+	if cli.ARG_ENV_FILE != nil && *cli.ARG_ENV_FILE != "" {
+		envPath = *cli.ARG_ENV_FILE
+	}
+	log.Info("env path: ", envPath)
+
+	err := godotenv.Load(envPath)
+	if err != nil {
+		log.Infof("using OS env instead of %s file", envPath)
+	}
+
+	dbURL := os.Getenv(constants.EnvKeyDatabaseURL)
+	dbType := os.Getenv(constants.EnvKeyDatabaseType)
+	dbName := os.Getenv(constants.EnvKeyDatabaseName)
+	dbPort := os.Getenv(constants.EnvKeyDatabasePort)
+	dbHost := os.Getenv(constants.EnvKeyDatabaseHost)
+	dbUsername := os.Getenv(constants.EnvKeyDatabaseUsername)
+	dbPassword := os.Getenv(constants.EnvKeyDatabasePassword)
+	dbCert := os.Getenv(constants.EnvKeyDatabaseCert)
+	dbCertKey := os.Getenv(constants.EnvKeyDatabaseCertKey)
+	dbCACert := os.Getenv(constants.EnvKeyDatabaseCACert)
+	redisURL := os.Getenv(constants.EnvKeyRedisURL)
+	disableRedisForEnv := os.Getenv(constants.EnvKeyDisableRedisForEnv) == "true"
+
+	if strings.TrimSpace(redisURL) == "" {
+		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
+			redisURL = *cli.ARG_REDIS_URL
+		}
+	}
+
+	// set default db name for non sql dbs
+	if dbName == "" {
+		dbName = "authorizer"
+	}
+
+	if strings.TrimSpace(dbType) == "" {
+		if cli.ARG_DB_TYPE != nil && *cli.ARG_DB_TYPE != "" {
+			dbType = strings.TrimSpace(*cli.ARG_DB_TYPE)
+		}
+
+		if dbType == "" {
+			log.Debug("DATABASE_TYPE is not set")
+			return errors.New("invalid database type. DATABASE_TYPE is empty")
+		}
+	}
+
+	if strings.TrimSpace(dbURL) == "" {
+		if cli.ARG_DB_URL != nil && *cli.ARG_DB_URL != "" {
+			dbURL = strings.TrimSpace(*cli.ARG_DB_URL)
+		}
+
+		if dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
+			log.Debug("DATABASE_URL is not set")
+			return errors.New("invalid database url. DATABASE_URL is required")
+		}
+	}
+
+	if dbName == "" {
+		if dbName == "" {
+			dbName = "authorizer"
+		}
+	}
+
+	requiredEnv := RequiredEnv{
+		EnvPath:            envPath,
+		DatabaseURL:        dbURL,
+		DatabaseType:       dbType,
+		DatabaseName:       dbName,
+		DatabaseHost:       dbHost,
+		DatabasePort:       dbPort,
+		DatabaseUsername:   dbUsername,
+		DatabasePassword:   dbPassword,
+		DatabaseCert:       dbCert,
+		DatabaseCertKey:    dbCertKey,
+		DatabaseCACert:     dbCACert,
+		RedisURL:           redisURL,
+		disableRedisForEnv: disableRedisForEnv,
+	}
+
+	RequiredEnvStoreObj = &RequiredEnvStore{
+		requiredEnv: requiredEnv,
+	}
+
+	return nil
+}

server/middlewares/cors.go

@@ -1,7 +1,7 @@
 package middlewares
 
 import (
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 	"github.com/gin-gonic/gin"
 )
 
@@ -10,7 +10,7 @@ func CORSMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		origin := c.Request.Header.Get("Origin")
 
-		if utils.IsValidOrigin(origin) {
+		if validators.IsValidOrigin(origin) {
 			c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
 		}
 

server/oauth/oauth.go

@@ -7,9 +7,10 @@ import (
 	"golang.org/x/oauth2"
 	facebookOAuth2 "golang.org/x/oauth2/facebook"
 	githubOAuth2 "golang.org/x/oauth2/github"
+	linkedInOAuth2 "golang.org/x/oauth2/linkedin"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // OAuthProviders is a struct that contains reference all the OAuth providers
@@ -17,6 +18,8 @@ type OAuthProvider struct {
 	GoogleConfig   *oauth2.Config
 	GithubConfig   *oauth2.Config
 	FacebookConfig *oauth2.Config
+	LinkedInConfig *oauth2.Config
+	AppleConfig    *oauth2.Config
 }
 
 // OIDCProviders is a struct that contains reference all the OpenID providers
@@ -34,37 +37,101 @@ var (
 // InitOAuth initializes the OAuth providers based on EnvData
 func InitOAuth() error {
 	ctx := context.Background()
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret) != "" {
+	googleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID)
+	if err != nil {
+		googleClientID = ""
+	}
+	googleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret)
+	if err != nil {
+		googleClientSecret = ""
+	}
+	if googleClientID != "" && googleClientSecret != "" {
 		p, err := oidc.NewProvider(ctx, "https://accounts.google.com")
 		if err != nil {
 			return err
 		}
 		OIDCProviders.GoogleOIDC = p
 		OAuthProviders.GoogleConfig = &oauth2.Config{
-			ClientID:     envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID),
-			ClientSecret: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret),
+			ClientID:     googleClientID,
+			ClientSecret: googleClientSecret,
 			RedirectURL:  "/oauth_callback/google",
 			Endpoint:     OIDCProviders.GoogleOIDC.Endpoint(),
 			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
 		}
 	}
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret) != "" {
+
+	githubClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID)
+	if err != nil {
+		githubClientID = ""
+	}
+	githubClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret)
+	if err != nil {
+		githubClientSecret = ""
+	}
+	if githubClientID != "" && githubClientSecret != "" {
 		OAuthProviders.GithubConfig = &oauth2.Config{
-			ClientID:     envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID),
-			ClientSecret: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret),
+			ClientID:     githubClientID,
+			ClientSecret: githubClientSecret,
 			RedirectURL:  "/oauth_callback/github",
 			Endpoint:     githubOAuth2.Endpoint,
 		}
 	}
-	if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID) != "" {
+
+	facebookClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID)
+	if err != nil {
+		facebookClientID = ""
+	}
+	facebookClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret)
+	if err != nil {
+		facebookClientSecret = ""
+	}
+	if facebookClientID != "" && facebookClientSecret != "" {
 		OAuthProviders.FacebookConfig = &oauth2.Config{
-			ClientID:     envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID),
-			ClientSecret: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret),
+			ClientID:     facebookClientID,
+			ClientSecret: facebookClientSecret,
 			RedirectURL:  "/oauth_callback/facebook",
 			Endpoint:     facebookOAuth2.Endpoint,
 			Scopes:       []string{"public_profile", "email"},
 		}
 	}
 
+	linkedInClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientID)
+	if err != nil {
+		linkedInClientID = ""
+	}
+	linkedInClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientSecret)
+	if err != nil {
+		linkedInClientSecret = ""
+	}
+	if linkedInClientID != "" && linkedInClientSecret != "" {
+		OAuthProviders.LinkedInConfig = &oauth2.Config{
+			ClientID:     linkedInClientID,
+			ClientSecret: linkedInClientSecret,
+			RedirectURL:  "/oauth_callback/linkedin",
+			Endpoint:     linkedInOAuth2.Endpoint,
+			Scopes:       []string{"r_liteprofile", "r_emailaddress"},
+		}
+	}
+
+	appleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientID)
+	if err != nil {
+		appleClientID = ""
+	}
+	appleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientSecret)
+	if err != nil {
+		appleClientSecret = ""
+	}
+	if appleClientID != "" && appleClientSecret != "" {
+		OAuthProviders.AppleConfig = &oauth2.Config{
+			ClientID:     appleClientID,
+			ClientSecret: appleClientSecret,
+			RedirectURL:  "/oauth_callback/apple",
+			Endpoint: oauth2.Endpoint{
+				AuthURL:  "https://appleid.apple.com/auth/authorize",
+				TokenURL: "https://appleid.apple.com/auth/token",
+			},
+		}
+	}
+
 	return nil
 }

server/parsers/url.go

@@ -1,12 +1,13 @@
-package utils
+package parsers
 
 import (
 	"net/url"
 	"strings"
 
-	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/gin-gonic/gin"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // GetHost returns hostname from request context
@@ -14,12 +15,15 @@ import (
 // if EnvKeyAuthorizerURL is set it is given second highest priority.
 // if above 2 are not set the requesting host name is used
 func GetHost(c *gin.Context) string {
-	authorizerURL := c.Request.Header.Get("X-Authorizer-URL")
+	authorizerURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)
+	if err != nil {
+		authorizerURL = ""
+	}
 	if authorizerURL != "" {
 		return authorizerURL
 	}
 
-	authorizerURL = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)
+	authorizerURL = c.Request.Header.Get("X-Authorizer-URL")
 	if authorizerURL != "" {
 		return authorizerURL
 	}
@@ -89,8 +93,8 @@ func GetDomainName(uri string) string {
 
 // GetAppURL to get /app/ url if not configured by user
 func GetAppURL(gc *gin.Context) string {
-	envAppURL := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
-	if envAppURL == "" {
+	envAppURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
+	if envAppURL == "" || err != nil {
 		envAppURL = GetHost(gc) + "/app"
 	}
 	return envAppURL

server/resolvers/admin_login.go

@@ -9,8 +9,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
@@ -24,7 +24,11 @@ func AdminLoginResolver(ctx context.Context, params model.AdminLoginInput) (*mod
 		return res, err
 	}
 
-	adminSecret := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	if err != nil {
+		log.Debug("Error getting admin secret: ", err)
+		return res, err
+	}
 	if params.AdminSecret != adminSecret {
 		log.Debug("Admin secret is not correct")
 		return res, fmt.Errorf(`invalid admin secret`)

server/resolvers/admin_session.go

@@ -9,8 +9,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -30,7 +30,12 @@ func AdminSessionResolver(ctx context.Context) (*model.Response, error) {
 		return res, fmt.Errorf("unauthorized")
 	}
 
-	hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
+	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	if err != nil {
+		log.Debug("Error getting admin secret: ", err)
+		return res, fmt.Errorf("unauthorized")
+	}
+	hashedKey, err := crypto.EncryptPassword(adminSecret)
 	if err != nil {
 		log.Debug("Failed to encrypt key: ", err)
 		return res, err

server/resolvers/admin_signup.go

@@ -2,7 +2,6 @@ package resolvers
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"strings"
 
@@ -12,8 +11,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
@@ -39,7 +38,11 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
 		return res, err
 	}
 
-	adminSecret := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	if err != nil {
+		log.Debug("Error getting admin secret: ", err)
+		adminSecret = ""
+	}
 
 	if adminSecret != "" {
 		log.Debug("Admin secret is already set")
@@ -47,18 +50,11 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
 		return res, err
 	}
 
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyAdminSecret, params.AdminSecret)
+	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyAdminSecret, params.AdminSecret)
 	// consvert EnvData to JSON
-	var storeData envstore.Store
-
-	jsonBytes, err := json.Marshal(envstore.EnvStoreObj.GetEnvStoreClone())
+	storeData, err := memorystore.Provider.GetEnvStore()
 	if err != nil {
-		log.Debug("Failed to marshal envstore: ", err)
-		return res, err
-	}
-
-	if err := json.Unmarshal(jsonBytes, &storeData); err != nil {
-		log.Debug("Failed to unmarshal envstore: ", err)
+		log.Debug("Error getting env store: ", err)
 		return res, err
 	}
 

server/resolvers/delete_user.go

@@ -8,7 +8,7 @@ import (
 
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -38,7 +38,7 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
 		return res, err
 	}
 
-	go sessionstore.DeleteAllUserSession(fmt.Sprintf("%x", user.ID))
+	go memorystore.Provider.DeleteAllUserSessions(user.ID)
 
 	err = db.Provider.DeleteUser(user)
 	if err != nil {

server/resolvers/env.go

@@ -3,12 +3,13 @@ package resolvers
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -16,7 +17,7 @@ import (
 // EnvResolver is a resolver for config query
 // This is admin only query
 func EnvResolver(ctx context.Context) (*model.Env, error) {
-	var res *model.Env
+	res := &model.Env{}
 
 	gc, err := utils.GinContextFromContext(ctx)
 	if err != nil {
@@ -30,99 +31,143 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	}
 
 	// get clone of store
-	store := envstore.EnvStoreObj.GetEnvStoreClone()
-	accessTokenExpiryTime := store.StringEnv[constants.EnvKeyAccessTokenExpiryTime]
-	adminSecret := store.StringEnv[constants.EnvKeyAdminSecret]
-	clientID := store.StringEnv[constants.EnvKeyClientID]
-	clientSecret := store.StringEnv[constants.EnvKeyClientSecret]
-	databaseURL := store.StringEnv[constants.EnvKeyDatabaseURL]
-	databaseName := store.StringEnv[constants.EnvKeyDatabaseName]
-	databaseType := store.StringEnv[constants.EnvKeyDatabaseType]
-	databaseUsername := store.StringEnv[constants.EnvKeyDatabaseUsername]
-	databasePassword := store.StringEnv[constants.EnvKeyDatabasePassword]
-	databaseHost := store.StringEnv[constants.EnvKeyDatabaseHost]
-	databasePort := store.StringEnv[constants.EnvKeyDatabasePort]
-	customAccessTokenScript := store.StringEnv[constants.EnvKeyCustomAccessTokenScript]
-	smtpHost := store.StringEnv[constants.EnvKeySmtpHost]
-	smtpPort := store.StringEnv[constants.EnvKeySmtpPort]
-	smtpUsername := store.StringEnv[constants.EnvKeySmtpUsername]
-	smtpPassword := store.StringEnv[constants.EnvKeySmtpPassword]
-	senderEmail := store.StringEnv[constants.EnvKeySenderEmail]
-	jwtType := store.StringEnv[constants.EnvKeyJwtType]
-	jwtSecret := store.StringEnv[constants.EnvKeyJwtSecret]
-	jwtRoleClaim := store.StringEnv[constants.EnvKeyJwtRoleClaim]
-	jwtPublicKey := store.StringEnv[constants.EnvKeyJwtPublicKey]
-	jwtPrivateKey := store.StringEnv[constants.EnvKeyJwtPrivateKey]
-	allowedOrigins := store.SliceEnv[constants.EnvKeyAllowedOrigins]
-	appURL := store.StringEnv[constants.EnvKeyAppURL]
-	redisURL := store.StringEnv[constants.EnvKeyRedisURL]
-	cookieName := store.StringEnv[constants.EnvKeyCookieName]
-	resetPasswordURL := store.StringEnv[constants.EnvKeyResetPasswordURL]
-	disableEmailVerification := store.BoolEnv[constants.EnvKeyDisableEmailVerification]
-	disableBasicAuthentication := store.BoolEnv[constants.EnvKeyDisableBasicAuthentication]
-	disableMagicLinkLogin := store.BoolEnv[constants.EnvKeyDisableMagicLinkLogin]
-	disableLoginPage := store.BoolEnv[constants.EnvKeyDisableLoginPage]
-	disableSignUp := store.BoolEnv[constants.EnvKeyDisableSignUp]
-	roles := store.SliceEnv[constants.EnvKeyRoles]
-	defaultRoles := store.SliceEnv[constants.EnvKeyDefaultRoles]
-	protectedRoles := store.SliceEnv[constants.EnvKeyProtectedRoles]
-	googleClientID := store.StringEnv[constants.EnvKeyGoogleClientID]
-	googleClientSecret := store.StringEnv[constants.EnvKeyGoogleClientSecret]
-	facebookClientID := store.StringEnv[constants.EnvKeyFacebookClientID]
-	facebookClientSecret := store.StringEnv[constants.EnvKeyFacebookClientSecret]
-	githubClientID := store.StringEnv[constants.EnvKeyGithubClientID]
-	githubClientSecret := store.StringEnv[constants.EnvKeyGithubClientSecret]
-	organizationName := store.StringEnv[constants.EnvKeyOrganizationName]
-	organizationLogo := store.StringEnv[constants.EnvKeyOrganizationLogo]
-
-	if accessTokenExpiryTime == "" {
-		accessTokenExpiryTime = "30m"
+	store, err := memorystore.Provider.GetEnvStore()
+	if err != nil {
+		log.Debug("Failed to get env store: ", err)
+		return res, err
 	}
 
-	res = &model.Env{
-		AccessTokenExpiryTime:      &accessTokenExpiryTime,
-		AdminSecret:                &adminSecret,
-		DatabaseName:               databaseName,
-		DatabaseURL:                databaseURL,
-		DatabaseType:               databaseType,
-		DatabaseUsername:           databaseUsername,
-		DatabasePassword:           databasePassword,
-		DatabaseHost:               databaseHost,
-		DatabasePort:               databasePort,
-		ClientID:                   clientID,
-		ClientSecret:               clientSecret,
-		CustomAccessTokenScript:    &customAccessTokenScript,
-		SMTPHost:                   &smtpHost,
-		SMTPPort:                   &smtpPort,
-		SMTPPassword:               &smtpPassword,
-		SMTPUsername:               &smtpUsername,
-		SenderEmail:                &senderEmail,
-		JwtType:                    &jwtType,
-		JwtSecret:                  &jwtSecret,
-		JwtPrivateKey:              &jwtPrivateKey,
-		JwtPublicKey:               &jwtPublicKey,
-		JwtRoleClaim:               &jwtRoleClaim,
-		AllowedOrigins:             allowedOrigins,
-		AppURL:                     &appURL,
-		RedisURL:                   &redisURL,
-		CookieName:                 &cookieName,
-		ResetPasswordURL:           &resetPasswordURL,
-		DisableEmailVerification:   &disableEmailVerification,
-		DisableBasicAuthentication: &disableBasicAuthentication,
-		DisableMagicLinkLogin:      &disableMagicLinkLogin,
-		DisableLoginPage:           &disableLoginPage,
-		DisableSignUp:              &disableSignUp,
-		Roles:                      roles,
-		ProtectedRoles:             protectedRoles,
-		DefaultRoles:               defaultRoles,
-		GoogleClientID:             &googleClientID,
-		GoogleClientSecret:         &googleClientSecret,
-		GithubClientID:             &githubClientID,
-		GithubClientSecret:         &githubClientSecret,
-		FacebookClientID:           &facebookClientID,
-		FacebookClientSecret:       &facebookClientSecret,
-		OrganizationName:           &organizationName,
-		OrganizationLogo:           &organizationLogo,
+	if val, ok := store[constants.EnvKeyAccessTokenExpiryTime]; ok {
+		res.AccessTokenExpiryTime = utils.NewStringRef(val.(string))
 	}
+	if val, ok := store[constants.EnvKeyAdminSecret]; ok {
+		res.AdminSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyClientID]; ok {
+		res.ClientID = val.(string)
+	}
+	if val, ok := store[constants.EnvKeyClientSecret]; ok {
+		res.ClientSecret = val.(string)
+	}
+	if val, ok := store[constants.EnvKeyDatabaseURL]; ok {
+		res.DatabaseURL = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyDatabaseName]; ok {
+		res.DatabaseName = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyDatabaseType]; ok {
+		res.DatabaseType = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyDatabaseUsername]; ok {
+		res.DatabaseUsername = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyDatabasePassword]; ok {
+		res.DatabasePassword = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyDatabaseHost]; ok {
+		res.DatabaseHost = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyDatabasePort]; ok {
+		res.DatabasePort = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyCustomAccessTokenScript]; ok {
+		res.CustomAccessTokenScript = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeySmtpHost]; ok {
+		res.SMTPHost = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeySmtpPort]; ok {
+		res.SMTPPort = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeySmtpUsername]; ok {
+		res.SMTPUsername = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeySmtpPassword]; ok {
+		res.SMTPPassword = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeySenderEmail]; ok {
+		res.SenderEmail = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyJwtType]; ok {
+		res.JwtType = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyJwtSecret]; ok {
+		res.JwtSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyJwtRoleClaim]; ok {
+		res.JwtRoleClaim = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyJwtPublicKey]; ok {
+		res.JwtPublicKey = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyJwtPrivateKey]; ok {
+		res.JwtPrivateKey = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyAppURL]; ok {
+		res.AppURL = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyRedisURL]; ok {
+		res.RedisURL = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyResetPasswordURL]; ok {
+		res.ResetPasswordURL = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyGoogleClientID]; ok {
+		res.GoogleClientID = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyGoogleClientSecret]; ok {
+		res.GoogleClientSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyFacebookClientID]; ok {
+		res.FacebookClientID = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyFacebookClientSecret]; ok {
+		res.FacebookClientSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyGithubClientID]; ok {
+		res.GithubClientID = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyGithubClientSecret]; ok {
+		res.GithubClientSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyLinkedInClientID]; ok {
+		res.LinkedinClientID = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyLinkedInClientSecret]; ok {
+		res.LinkedinClientSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyAppleClientID]; ok {
+		res.AppleClientID = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyAppleClientSecret]; ok {
+		res.AppleClientSecret = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyOrganizationName]; ok {
+		res.OrganizationName = utils.NewStringRef(val.(string))
+	}
+	if val, ok := store[constants.EnvKeyOrganizationLogo]; ok {
+		res.OrganizationLogo = utils.NewStringRef(val.(string))
+	}
+
+	// string slice vars
+	res.AllowedOrigins = strings.Split(store[constants.EnvKeyAllowedOrigins].(string), ",")
+	res.Roles = strings.Split(store[constants.EnvKeyRoles].(string), ",")
+	res.DefaultRoles = strings.Split(store[constants.EnvKeyDefaultRoles].(string), ",")
+	// since protected role is optional default split gives array with empty string
+	protectedRoles := strings.Split(store[constants.EnvKeyProtectedRoles].(string), ",")
+	res.ProtectedRoles = []string{}
+	for _, role := range protectedRoles {
+		if strings.Trim(role, " ") != "" {
+			res.ProtectedRoles = append(res.ProtectedRoles, strings.Trim(role, " "))
+		}
+	}
+
+	// bool vars
+	res.DisableEmailVerification = store[constants.EnvKeyDisableEmailVerification].(bool)
+	res.DisableBasicAuthentication = store[constants.EnvKeyDisableBasicAuthentication].(bool)
+	res.DisableMagicLinkLogin = store[constants.EnvKeyDisableMagicLinkLogin].(bool)
+	res.DisableLoginPage = store[constants.EnvKeyDisableLoginPage].(bool)
+	res.DisableSignUp = store[constants.EnvKeyDisableSignUp].(bool)
+
 	return res, nil
 }

server/resolvers/forgot_password.go

@@ -12,10 +12,12 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // ForgotPasswordResolver is a resolver for forgot password mutation
@@ -28,13 +30,18 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		return res, err
 	}
 
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+	if isBasicAuthDisabled {
 		log.Debug("Basic authentication is disabled")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
 	params.Email = strings.ToLower(params.Email)
 
-	if !utils.IsValidEmail(params.Email) {
+	if !validators.IsValidEmail(params.Email) {
 		log.Debug("Invalid email address: ", params.Email)
 		return res, fmt.Errorf("invalid email")
 	}
@@ -48,13 +55,13 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		return res, fmt.Errorf(`user with this email not found`)
 	}
 
-	hostname := utils.GetHost(gc)
+	hostname := parsers.GetHost(gc)
 	_, nonceHash, err := utils.GenerateNonce()
 	if err != nil {
 		log.Debug("Failed to generate nonce: ", err)
 		return res, err
 	}
-	redirectURL := utils.GetAppURL(gc) + "/reset-password"
+	redirectURL := parsers.GetAppURL(gc) + "/reset-password"
 	if params.RedirectURI != nil {
 		redirectURL = *params.RedirectURI
 	}

server/resolvers/generate_jwt_keys.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 	log "github.com/sirupsen/logrus"
@@ -26,7 +26,11 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
 		return nil, fmt.Errorf("unauthorized")
 	}
 
-	clientID := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	if err != nil {
+		log.Debug("Error getting client id: ", err)
+		return nil, err
+	}
 	if crypto.IsHMACA(params.Type) {
 		secret, _, err := crypto.NewHMACKey(params.Type, clientID)
 		if err != nil {

server/resolvers/invite_members.go

@@ -13,10 +13,12 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	emailservice "github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // InviteMembersResolver resolver to invite members
@@ -33,12 +35,20 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	}
 
 	// this feature is only allowed if email server is configured
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+	isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+	if err != nil {
+		log.Debug("Error getting email verification disabled: ", err)
+		isEmailVerificationDisabled = true
+	}
+
+	if isEmailVerificationDisabled {
 		log.Debug("Email server is not configured")
 		return nil, errors.New("email sending is disabled")
 	}
 
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) && envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
+	if isBasicAuthDisabled && isMagicLinkLoginDisabled {
 		log.Debug("Basic authentication and Magic link login is disabled.")
 		return nil, errors.New("either basic authentication or magic link login is required")
 	}
@@ -46,7 +56,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	// filter valid emails
 	emails := []string{}
 	for _, email := range params.Emails {
-		if utils.IsValidEmail(email) {
+		if validators.IsValidEmail(email) {
 			emails = append(emails, email)
 		}
 	}
@@ -77,13 +87,22 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	// invite new emails
 	for _, email := range newEmails {
 
+		defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles := []string{}
+		if err != nil {
+			log.Debug("Error getting default roles: ", err)
+			defaultRolesString = ""
+		} else {
+			defaultRoles = strings.Split(defaultRolesString, ",")
+		}
+
 		user := models.User{
 			Email: email,
-			Roles: strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ","),
+			Roles: strings.Join(defaultRoles, ","),
 		}
-		hostname := utils.GetHost(gc)
+		hostname := parsers.GetHost(gc)
 		verifyEmailURL := hostname + "/verify_email"
-		appURL := utils.GetAppURL(gc)
+		appURL := parsers.GetAppURL(gc)
 
 		redirectURL := appURL
 		if params.RedirectURI != nil {
@@ -109,7 +128,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 		}
 
 		// use magic link login if that option is on
-		if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
+		if !isMagicLinkLoginDisabled {
 			user.SignupMethods = constants.SignupMethodMagicLinkLogin
 			verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin
 		} else {

server/resolvers/login.go

@@ -13,11 +13,11 @@ import (
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // LoginResolver is a resolver for login mutation
@@ -30,7 +30,13 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		return res, err
 	}
 
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+	isBasiAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasiAuthDisabled = true
+	}
+
+	if isBasiAuthDisabled {
 		log.Debug("Basic authentication is disabled.")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
@@ -66,10 +72,19 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		log.Debug("Failed to compare password: ", err)
 		return res, fmt.Errorf(`invalid password`)
 	}
-	roles := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+
+	defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+	roles := []string{}
+	if err != nil {
+		log.Debug("Error getting default roles: ", err)
+		defaultRolesString = ""
+	} else {
+		roles = strings.Split(defaultRolesString, ",")
+	}
+
 	currentRoles := strings.Split(user.Roles, ",")
 	if len(params.Roles) > 0 {
-		if !utils.IsValidRoles(params.Roles, currentRoles) {
+		if !validators.IsValidRoles(params.Roles, currentRoles) {
 			log.Debug("Invalid roles: ", params.Roles)
 			return res, fmt.Errorf(`invalid roles`)
 		}
@@ -102,12 +117,12 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 	}
 
 	cookie.SetSession(gc, authToken.FingerPrintHash)
-	sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
-	sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
+	memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
+	memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 
 	if authToken.RefreshToken != nil {
 		res.RefreshToken = &authToken.RefreshToken.Token
-		sessionstore.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
+		memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
 	}
 
 	go db.Provider.AddSession(models.Session{

server/resolvers/logout.go

@@ -2,45 +2,49 @@ package resolvers
 
 import (
 	"context"
+	"encoding/json"
 
 	log "github.com/sirupsen/logrus"
 
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
 // LogoutResolver is a resolver for logout mutation
 func LogoutResolver(ctx context.Context) (*model.Response, error) {
-	var res *model.Response
-
 	gc, err := utils.GinContextFromContext(ctx)
 	if err != nil {
 		log.Debug("Failed to get GinContext: ", err)
-		return res, err
+		return nil, err
 	}
 
 	// get fingerprint hash
 	fingerprintHash, err := cookie.GetSession(gc)
 	if err != nil {
 		log.Debug("Failed to get fingerprint hash: ", err)
-		return res, err
+		return nil, err
 	}
 
 	decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
 	if err != nil {
 		log.Debug("Failed to decrypt fingerprint hash: ", err)
-		return res, err
+		return nil, err
 	}
 
-	fingerPrint := string(decryptedFingerPrint)
+	var sessionData token.SessionData
+	err = json.Unmarshal([]byte(decryptedFingerPrint), &sessionData)
+	if err != nil {
+		return nil, err
+	}
 
-	sessionstore.RemoveState(fingerPrint)
+	memorystore.Provider.DeleteUserSession(sessionData.Subject, sessionData.Nonce)
 	cookie.DeleteSession(gc)
 
-	res = &model.Response{
+	res := &model.Response{
 		Message: "Logged out successfully",
 	}
 

server/resolvers/magic_link_login.go

@@ -12,10 +12,12 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // MagicLinkLoginResolver is a resolver for magic link login mutation
@@ -28,14 +30,20 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		return res, err
 	}
 
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
+	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
+	if err != nil {
+		log.Debug("Error getting magic link login disabled: ", err)
+		isMagicLinkLoginDisabled = true
+	}
+
+	if isMagicLinkLoginDisabled {
 		log.Debug("Magic link login is disabled.")
 		return res, fmt.Errorf(`magic link login is disabled for this instance`)
 	}
 
 	params.Email = strings.ToLower(params.Email)
 
-	if !utils.IsValidEmail(params.Email) {
+	if !validators.IsValidEmail(params.Email) {
 		log.Debug("Invalid email")
 		return res, fmt.Errorf(`invalid email address`)
 	}
@@ -53,7 +61,11 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 	// find user with email
 	existingUser, err := db.Provider.GetUserByEmail(params.Email)
 	if err != nil {
-		if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
+		isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+		if err != nil {
+			log.Debug("Error getting signup disabled: ", err)
+		}
+		if isSignupDisabled {
 			log.Debug("Signup is disabled.")
 			return res, fmt.Errorf(`signup is disabled for this instance`)
 		}
@@ -62,14 +74,28 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		// define roles for new user
 		if len(params.Roles) > 0 {
 			// check if roles exists
-			if !utils.IsValidRoles(params.Roles, envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles)) {
+			rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+			roles := []string{}
+			if err != nil {
+				log.Debug("Error getting roles: ", err)
+				return res, err
+			} else {
+				roles = strings.Split(rolesString, ",")
+			}
+			if !validators.IsValidRoles(params.Roles, roles) {
 				log.Debug("Invalid roles: ", params.Roles)
 				return res, fmt.Errorf(`invalid roles`)
 			} else {
 				inputRoles = params.Roles
 			}
 		} else {
-			inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			if err != nil {
+				log.Debug("Error getting default roles: ", err)
+				return res, fmt.Errorf(`invalid roles`)
+			} else {
+				inputRoles = strings.Split(inputRolesString, ",")
+			}
 		}
 
 		user.Roles = strings.Join(inputRoles, ",")
@@ -88,7 +114,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 
 		// find the unassigned roles
 		if len(params.Roles) <= 0 {
-			inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			if err != nil {
+				log.Debug("Error getting default roles: ", err)
+				return res, fmt.Errorf(`invalid default roles`)
+			} else {
+				inputRoles = strings.Split(inputRolesString, ",")
+			}
 		}
 		existingRoles := strings.Split(existingUser.Roles, ",")
 		unasignedRoles := []string{}
@@ -101,8 +133,16 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		if len(unasignedRoles) > 0 {
 			// check if it contains protected unassigned role
 			hasProtectedRole := false
+			protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+			protectedRoles := []string{}
+			if err != nil {
+				log.Debug("Error getting protected roles: ", err)
+				return res, err
+			} else {
+				protectedRoles = strings.Split(protectedRolesString, ",")
+			}
 			for _, ur := range unasignedRoles {
-				if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ur) {
+				if utils.StringSliceContains(protectedRoles, ur) {
 					hasProtectedRole = true
 				}
 			}
@@ -129,8 +169,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		}
 	}
 
-	hostname := utils.GetHost(gc)
-	if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+	hostname := parsers.GetHost(gc)
+	isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+	if err != nil {
+		log.Debug("Error getting email verification disabled: ", err)
+		isEmailVerificationDisabled = true
+	}
+	if !isEmailVerificationDisabled {
 		// insert verification request
 		_, nonceHash, err := utils.GenerateNonce()
 		if err != nil {
@@ -144,7 +189,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		if params.Scope != nil && len(params.Scope) > 0 {
 			redirectURLParams = redirectURLParams + "&scope=" + strings.Join(params.Scope, " ")
 		}
-		redirectURL := utils.GetAppURL(gc)
+		redirectURL := parsers.GetAppURL(gc)
 		if params.RedirectURI != nil {
 			redirectURL = *params.RedirectURI
 		}
@@ -152,7 +197,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		if strings.Contains(redirectURL, "?") {
 			redirectURL = redirectURL + "&" + redirectURLParams
 		} else {
-			redirectURL = redirectURL + "?" + redirectURLParams
+			redirectURL = redirectURL + "?" + strings.TrimPrefix(redirectURLParams, "&")
 		}
 
 		verificationType := constants.VerificationTypeMagicLinkLogin

server/resolvers/meta.go

@@ -3,12 +3,116 @@ package resolvers
 import (
 	"context"
 
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // MetaResolver is a resolver for meta query
 func MetaResolver(ctx context.Context) (*model.Meta, error) {
-	metaInfo := utils.GetMetaInfo()
+	clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	if err != nil {
+		return nil, err
+	}
+
+	googleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID)
+	if err != nil {
+		log.Debug("Failed to get Google Client ID from environment variable", err)
+		googleClientID = ""
+	}
+
+	googleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret)
+	if err != nil {
+		log.Debug("Failed to get Google Client Secret from environment variable", err)
+		googleClientSecret = ""
+	}
+
+	facebookClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID)
+	if err != nil {
+		log.Debug("Failed to get Facebook Client ID from environment variable", err)
+		facebookClientID = ""
+	}
+
+	facebookClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret)
+	if err != nil {
+		log.Debug("Failed to get Facebook Client Secret from environment variable", err)
+		facebookClientSecret = ""
+	}
+
+	linkedClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientID)
+	if err != nil {
+		log.Debug("Failed to get LinkedIn Client ID from environment variable", err)
+		linkedClientID = ""
+	}
+
+	linkedInClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientSecret)
+	if err != nil {
+		log.Debug("Failed to get LinkedIn Client Secret from environment variable", err)
+		linkedInClientSecret = ""
+	}
+
+	appleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientID)
+	if err != nil {
+		log.Debug("Failed to get Apple Client ID from environment variable", err)
+		appleClientID = ""
+	}
+
+	appleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientSecret)
+	if err != nil {
+		log.Debug("Failed to get Apple Client Secret from environment variable", err)
+		appleClientSecret = ""
+	}
+
+	githubClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID)
+	if err != nil {
+		log.Debug("Failed to get Github Client ID from environment variable", err)
+		githubClientID = ""
+	}
+
+	githubClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret)
+	if err != nil {
+		log.Debug("Failed to get Github Client Secret from environment variable", err)
+		githubClientSecret = ""
+	}
+
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Failed to get Disable Basic Authentication from environment variable", err)
+		isBasicAuthDisabled = true
+	}
+
+	isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+	if err != nil {
+		log.Debug("Failed to get Disable Email Verification from environment variable", err)
+		isEmailVerificationDisabled = true
+	}
+
+	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
+	if err != nil {
+		log.Debug("Failed to get Disable Magic Link Login from environment variable", err)
+		isMagicLinkLoginDisabled = true
+	}
+
+	isSignUpDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+	if err != nil {
+		log.Debug("Failed to get Disable Signup from environment variable", err)
+		isSignUpDisabled = true
+	}
+
+	metaInfo := model.Meta{
+		Version:                      constants.VERSION,
+		ClientID:                     clientID,
+		IsGoogleLoginEnabled:         googleClientID != "" && googleClientSecret != "",
+		IsGithubLoginEnabled:         githubClientID != "" && githubClientSecret != "",
+		IsFacebookLoginEnabled:       facebookClientID != "" && facebookClientSecret != "",
+		IsLinkedinLoginEnabled:       linkedClientID != "" && linkedInClientSecret != "",
+		IsAppleLoginEnabled:          appleClientID != "" && appleClientSecret != "",
+		IsBasicAuthenticationEnabled: !isBasicAuthDisabled,
+		IsEmailVerificationEnabled:   !isEmailVerificationDisabled,
+		IsMagicLinkLoginEnabled:      !isMagicLinkLoginDisabled,
+		IsSignUpEnabled:              !isSignUpDisabled,
+	}
 	return &metaInfo, nil
 }

server/resolvers/resend_verify_email.go

@@ -12,8 +12,10 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // ResendVerifyEmailResolver is a resolver for resend verify email mutation
@@ -27,12 +29,12 @@ func ResendVerifyEmailResolver(ctx context.Context, params model.ResendVerifyEma
 	}
 	params.Email = strings.ToLower(params.Email)
 
-	if !utils.IsValidEmail(params.Email) {
+	if !validators.IsValidEmail(params.Email) {
 		log.Debug("Invalid email: ", params.Email)
 		return res, fmt.Errorf("invalid email")
 	}
 
-	if !utils.IsValidVerificationIdentifier(params.Identifier) {
+	if !validators.IsValidVerificationIdentifier(params.Identifier) {
 		log.Debug("Invalid verification identifier: ", params.Identifier)
 		return res, fmt.Errorf("invalid identifier")
 	}
@@ -49,7 +51,7 @@ func ResendVerifyEmailResolver(ctx context.Context, params model.ResendVerifyEma
 		log.Debug("Failed to delete verification request: ", err)
 	}
 
-	hostname := utils.GetHost(gc)
+	hostname := parsers.GetHost(gc)
 	_, nonceHash, err := utils.GenerateNonce()
 	if err != nil {
 		log.Debug("Failed to generate nonce: ", err)

server/resolvers/reset_password.go

@@ -11,10 +11,12 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // ResetPasswordResolver is a resolver for reset password mutation
@@ -26,7 +28,13 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
 		log.Debug("Failed to get GinContext: ", err)
 		return res, err
 	}
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+	if isBasicAuthDisabled {
 		log.Debug("Basic authentication is disabled")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
@@ -42,19 +50,24 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
 		return res, fmt.Errorf(`passwords don't match`)
 	}
 
-	if !utils.IsValidPassword(params.Password) {
+	if !validators.IsValidPassword(params.Password) {
 		log.Debug("Invalid password")
 		return res, fmt.Errorf(`password is not valid. It needs to be at least 6 characters long and contain at least one number, one uppercase letter, one lowercase letter and one special character`)
 	}
 
 	// verify if token exists in db
-	hostname := utils.GetHost(gc)
-	claim, err := token.ParseJWTToken(params.Token, hostname, verificationRequest.Nonce, verificationRequest.Email)
+	hostname := parsers.GetHost(gc)
+	claim, err := token.ParseJWTToken(params.Token)
 	if err != nil {
 		log.Debug("Failed to parse token: ", err)
 		return res, fmt.Errorf(`invalid token`)
 	}
 
+	if ok, err := token.ValidateJWTClaims(claim, hostname, verificationRequest.Nonce, verificationRequest.Email); !ok || err != nil {
+		log.Debug("Failed to validate jwt claims: ", err)
+		return res, fmt.Errorf(`invalid token`)
+	}
+
 	email := claim["sub"].(string)
 	log := log.WithFields(log.Fields{
 		"email": email,

server/resolvers/revoke.go

@@ -4,12 +4,12 @@ import (
 	"context"
 
 	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
 // RevokeResolver resolver to revoke refresh token
 func RevokeResolver(ctx context.Context, params model.OAuthRevokeInput) (*model.Response, error) {
-	sessionstore.RemoveState(params.RefreshToken)
+	memorystore.Provider.RemoveState(params.RefreshToken)
 	return &model.Response{
 		Message: "Token revoked",
 	}, nil