chore: simplify CreateDeviceUserAuthRequest

aeneasr · ory-bot · commit d170459d6298 · 2025-08-26T14:28:41.000Z
GitOrigin-RevId: 8210b6b3b90e3f83a1a18b12768b10d758492ee4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,13 +4,13 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 **Table of Contents**
 
-- [0.0.0 (2025-08-26)](#000-2025-08-26)
+- [0.0.0 (2025-07-03)](#000-2025-07-03)
   - [Breaking Changes](#breaking-changes)
   - [Related issue(s)](#related-issues)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-# [0.0.0](https://github.com/ory/hydra/compare/v2.3.0...v0.0.0) (2025-08-26)
+# [0.0.0](https://github.com/ory/hydra/compare/v2.3.0...v0.0.0) (2025-07-03)
 ## Breaking Changes
 
 This patch changes the behavior of configuration item `foo` to do bar. To keep the existing
@@ -41,10 +41,6 @@ If this pull request
 
 ### Bug Fixes
 
-* Add repo syncing for polis ([46d17f8](https://github.com/ory/hydra/commit/46d17f8bfdc59e2185e9ce65823eb2652e01f1b8)):
-
-    GitOrigin-RevId: e277a25d594b512b800d39dd18f36ea3d99fcf84
-
 * Allow updating when JWKS URI is set ([#3935](https://github.com/ory/hydra/issues/3935)) ([#3946](https://github.com/ory/hydra/issues/3946)) ([fb1655b](https://github.com/ory/hydra/commit/fb1655ba86077b10141132ed332ba8d6f8c70582)):
 
     The client validator no longer rejects PATCH and PUT updates when `JSONWebKeysURI` is non-empty and `JSONWebKeys` is not nil.
@@ -75,10 +71,6 @@ If this pull request
     GitOrigin-RevId: 61645585277edd95914705499afd7211a85983eb
 
 * CLI usage help examples ([#3943](https://github.com/ory/hydra/issues/3943)) ([e24f9a7](https://github.com/ory/hydra/commit/e24f9a704c22c72690bc20c498439865181d9239))
-* Copybara script ([7b33358](https://github.com/ory/hydra/commit/7b333585bb44a069bf47267c853aa2e91db0efa3)):
-
-    GitOrigin-RevId: 14665e01451ac5fcdda148b473b8fc35d4fe21ef
-
 * Correct multiple instances of 'stragegy' typo ([#3906](https://github.com/ory/hydra/issues/3906)) ([50eefbc](https://github.com/ory/hydra/commit/50eefbc21c2c43d221b6079bbd78a33ef8c754c4)):
 
     This commit addresses several occurrences where 'strategy' was
@@ -88,22 +80,6 @@ If this pull request
     documentation repository (ory/docs), with a corresponding pull request
     submitted.
 
-* Deduplicate down migrations ([02baf36](https://github.com/ory/hydra/commit/02baf364c5f1fe09a74edb879c711983f761dc7f)):
-
-    GitOrigin-RevId: 94c68daeded4f3b6f42d079d71415d8935a74e69
-
-* **deps:** Update go-x ([582a3c5](https://github.com/ory/hydra/commit/582a3c5f2de833a7996812d4873b305d162e1c7b)):
-
-    GitOrigin-RevId: 2d32f7710b9c6111a30f4e0d3cc0abc967d7dfb6
-
-* Failing CI in OSS repos ([c900985](https://github.com/ory/hydra/commit/c9009858dc96edbbec1dd256cb1a734beb4f90aa)):
-
-    GitOrigin-RevId: 3d1f84b0f0d006971aea9489322b3e0f32a6a7e3
-
-* Fix expires_at timestamp not in UTC leading to local test failures ([337000a](https://github.com/ory/hydra/commit/337000aacd07a1af6e77918a011903b6f39701a3)):
-
-    GitOrigin-RevId: 560d958391b12ace6db9d4c05074719e96e0329e
-
 * Force autocommit for device auth code migration ([#3991](https://github.com/ory/hydra/issues/3991)) ([29761f4](https://github.com/ory/hydra/commit/29761f4ac7586478ea6f553cb571ac11b0275e6d)), closes [#1234](https://github.com/ory/hydra/issues/1234) [#1234](https://github.com/ory/hydra/issues/1234):
 
     <!--
@@ -117,30 +93,14 @@ If this pull request
     
     ```
 
-* **hydra:** Instrument metrics also on public endpoints ([8aee364](https://github.com/ory/hydra/commit/8aee364805a0fa20cd5d786324efb5c6e5cdfcb5)):
-
-    GitOrigin-RevId: 84ae1df26bd3d9a025655e50792ea7312f250cca
-
-* Identity queries ([a30f021](https://github.com/ory/hydra/commit/a30f021fd98969c2dbc31a4dc3e45365d60c1a25)):
-
-    GitOrigin-RevId: b103d25a807c643b521a12d593486d5125f390be
-
 * Ignore flaky keys in Hydra HSM tests ([469b2ad](https://github.com/ory/hydra/commit/469b2ad538865a38738a10f46d270f53d12101ad)):
 
     GitOrigin-RevId: 83312e6544bc33ccc30e1e1e414cc04910429192
 
-* Include go.mod in vendored oryx ([08a3ab4](https://github.com/ory/hydra/commit/08a3ab43ddb1e2a0df430224f969fe3f0ba161bf)):
-
-    GitOrigin-RevId: 20365bbe6b2cf95ac7973bcca9056455d2cb3803
-
 * **infrastructure:** Hydra oss CI ([e846541](https://github.com/ory/hydra/commit/e84654185cdfffbf160d5309f744795d15d723f9)):
 
     GitOrigin-RevId: 3df0724e5ea4c81a0f4c481c1a3a34529356d073
 
-* Jsonx.ApplyJSONPatch ([c6fa2a6](https://github.com/ory/hydra/commit/c6fa2a6f17f63e43cfecb576bd2a1c1b58c778ed)):
-
-    GitOrigin-RevId: 43c10801f5051e3d5fbea5f4f5e90394f6da0fbb
-
 * JWT documentation link to point to the correct resource ([#3907](https://github.com/ory/hydra/issues/3907)) ([b746e41](https://github.com/ory/hydra/commit/b746e41eda6dc3fe376b147d146a6fcc7dafb455)):
 
     The previous link in the documentation led to a page unrelated to JWT.
@@ -168,23 +128,7 @@ If this pull request
     persistence/sql/src/20220210000001_nid/20220210000001000000_nid.cockroach.up.sql
     ```
 
-* Otlp sampling rate default ([cbd5094](https://github.com/ory/hydra/commit/cbd50947ff7e03a4c32d0ad52acd55b595b393ce)):
-
-    GitOrigin-RevId: 8a01bded7d8eca0ac3a81de793286144aab16426
-
-* Print correct content of down migrations ([4a4a088](https://github.com/ory/hydra/commit/4a4a0880dc6222870b1e177ce04f81842359f922)):
-
-    GitOrigin-RevId: 48b1efa8d3d4f6c6648d3941f67f622fdfb0075c
-
-* Revert "fix: otlp sampling rate default ([#9055](https://github.com/ory/hydra/issues/9055))" ([02e86bc](https://github.com/ory/hydra/commit/02e86bc192c8f693c23aa430481a1e719d8e2e21)):
-
-    GitOrigin-RevId: 9de37a48b68c7ee29caefb01c83f1a78999dc15b
-
 * Revoke by consent request ID ([#3947](https://github.com/ory/hydra/issues/3947)) ([5d8635c](https://github.com/ory/hydra/commit/5d8635c94389ff3c87bfae66afe95105c147bec1)), closes [#3932](https://github.com/ory/hydra/issues/3932) [#3932](https://github.com/ory/hydra/issues/3932) [#3941](https://github.com/ory/hydra/issues/3941)
-* Routes in AX with identity_schema ([5014348](https://github.com/ory/hydra/commit/50143483fd66fb7d545e8a8e2c7e95857f35fbbb)):
-
-    GitOrigin-RevId: ab72dc64c194c06bf0301e87aa829c72022ac41e
-
 * Simplify and fix Copybara sync job ([f998d09](https://github.com/ory/hydra/commit/f998d090ca6408b05524aea5e5f3a79c5d44b1a4)):
 
     GitOrigin-RevId: 115f1ba1aa8f92d9c546046b37d4fb27dacedec8
@@ -201,14 +145,6 @@ If this pull request
 
     GitOrigin-RevId: 64950988a466bbdb4f25b8d9f5c416ff591c00bf
 
-* Use hard-coded fallback key instead of panic ([e1f6450](https://github.com/ory/hydra/commit/e1f645012f43f62928fdc79710b45d935878367f)):
-
-    GitOrigin-RevId: d7a2270bbf5360288199e9632b2eac6cbc29737c
-
-* Use main branch for polis ([6c24e68](https://github.com/ory/hydra/commit/6c24e68995b8eae9ba0b8872867270ef1d35113b)):
-
-    GitOrigin-RevId: 04533493184c6abdc3a211daffd98f6b68e1c9cc
-
 * Using uuid_generate_v4 function ([#3958](https://github.com/ory/hydra/issues/3958)) ([c206066](https://github.com/ory/hydra/commit/c20606606654af975e5d82998956bb998acee576)):
 
     Removing the md5 function for the uuid generation with native pgsql
@@ -217,19 +153,8 @@ If this pull request
     Closes https://github.com/ory/hydra/issues/3844
 
 
-### Code Refactoring
-
-* Move database meta functions to root x folder for reusability ([7e49133](https://github.com/ory/hydra/commit/7e49133f435d6a0f74a63e8f8d03c5d314d7d3c6)):
-
-    GitOrigin-RevId: 30ee938ea5f1d19bac8967e0ebfe2d595ec27d2b
-
-
 ### Features
 
-* Add allowed domains configuration for captcha ([df3f05c](https://github.com/ory/hydra/commit/df3f05c6ffbd3f00e62a33b2b68416ccf2009112)):
-
-    GitOrigin-RevId: 03395362054593f07ff6405c2a747256b5ff528e
-
 * Add error reason to OAuth2TokenExchangeError event ([#3971](https://github.com/ory/hydra/issues/3971)) ([241dd45](https://github.com/ory/hydra/commit/241dd45fa17ed10d1101d890199df47dab4dbce5))
 * Add handler for /.well-known/oauth-authorization-server. ([#3980](https://github.com/ory/hydra/issues/3980)) ([5baca28](https://github.com/ory/hydra/commit/5baca2843a98c222006b27b20e7e6392421ecad8)):
 
@@ -240,10 +165,6 @@ If this pull request
     configuration items that conform to this endpoint as seen here:
     https://datatracker.ietf.org/doc/html/rfc8414
 
-* Autoconfigure kratos-changefeed ([d92dabe](https://github.com/ory/hydra/commit/d92dabedf2f55d8b74f5898c987c3e6712fb0b16)):
-
-    GitOrigin-RevId: 8e684d3c1ed528798c0c81cc4330858c54a39acf
-
 * **changelog-oel:** Add `hydra debug challenge` command ([a94662f](https://github.com/ory/hydra/commit/a94662f1edc49e662a5e1818dbfd4cac15bd9ead)):
 
     GitOrigin-RevId: 793cf3327696465ea89fdfcf078f26594832a666
@@ -252,18 +173,10 @@ If this pull request
 
     GitOrigin-RevId: 1a115d9e2055bbf9a0bb4ecf7c6a266b2b70a8cd
 
-* **changelog-oel:** Choose identity schema in self-service registration and login flows ([a398b64](https://github.com/ory/hydra/commit/a398b6444bff9476b2768e9e5f840bcf73fff3a6)):
-
-    GitOrigin-RevId: 8d6ee03cc8181d3277100a4b7412a3a113799964
-
 * **changelog:** Graceful refresh count limit ([470713d](https://github.com/ory/hydra/commit/470713da36862745ca0222c284e0692fa40559ae)):
 
     GitOrigin-RevId: 7f8bf5fee8b06490f888590054d2dcd2f1cf2cba
 
-* **changelog:** Migrate http router to stdlib router ([a147e3b](https://github.com/ory/hydra/commit/a147e3b64007a3c7b2c5dd0351321c1aa92d5b70)):
-
-    GitOrigin-RevId: ebd7ec330a4f7b9826cb70ba36ba2f727ea64c96
-
 * Implement RFC 8628 ([#3912](https://github.com/ory/hydra/issues/3912)) ([5215d24](https://github.com/ory/hydra/commit/5215d2482adc6328f6ed78ac7799f1f5243d1e7f)), closes [#3851](https://github.com/ory/hydra/issues/3851) [#3252](https://github.com/ory/hydra/issues/3252) [#3230](https://github.com/ory/hydra/issues/3230) [#2416](https://github.com/ory/hydra/issues/2416):
 
     This patch introduces the OAuth 2.0 Device Authorization Grant to Ory
@@ -314,10 +227,6 @@ If this pull request
 
     GitOrigin-RevId: dbb48d171fad1f9b4fd31385f0ef4fb01e39e823
 
-* Move config testhelpers to ory/x ([3a4ba08](https://github.com/ory/hydra/commit/3a4ba084c74cf49a521856f150a8a2c6f3c1aa25)):
-
-    GitOrigin-RevId: fd484445e9715760231f7f86ec212d094e826377
-
 * Revoke Kratos session asynchronously ([#3936](https://github.com/ory/hydra/issues/3936)) ([a0e7ee2](https://github.com/ory/hydra/commit/a0e7ee29298d4f882a7d471e0601b01c6848c40d)):
 
     This change makes the session revocation in Kratos async to improve
@@ -397,18 +306,10 @@ If this pull request
     POST admin/oauth2/auth/sessions/consent?consent_challenge_id=G_TIM3XABG14UwIgDoT1DRfipjhC1uix
     ```
 
-* Use stdlib HTTP router in Kratos ([8f81931](https://github.com/ory/hydra/commit/8f8193179a39dc142d502fbc559891ffa0385ed8)):
-
-    GitOrigin-RevId: 799513e99acbf43a05fe3113ffda45d2fff2a9e0
-
 * Use vendored jackson ([a0a9062](https://github.com/ory/hydra/commit/a0a906211bce4ced3e1f4324eb9d287ef10892a6)):
 
     GitOrigin-RevId: 591238768218ba2b5af93f91ac7e16f4c170da5b
 
-* Use vendored ory/x ([6581e01](https://github.com/ory/hydra/commit/6581e01679b2e146433061cbaaebb80a0e3905b5)):
-
-    GitOrigin-RevId: 994f3b754946ca5b2bd1bab0fe20532f5d5ab62f
-
 
 ### Performance Improvements
 
@@ -419,43 +320,8 @@ If this pull request
 
 ### Tests
 
-* Add golangci-lint config and GHA ([1209de7](https://github.com/ory/hydra/commit/1209de78736c6730fa84cbf4e7046535aeba094f)):
-
-    GitOrigin-RevId: eb14c9f38e2b98d11a78ee0b90fd8f4f689abd3d
-
-* **hydra:** Add snapshots for login & consent requests ([687cfae](https://github.com/ory/hydra/commit/687cfae2092b90bcde11b0976b3f944bc8bb9a4a)):
-
-    GitOrigin-RevId: 47d041cf207af6c3e9e21bf3016e5ea0cf044344
-
-* **hydra:** Clean oauth2 session setup ([699e382](https://github.com/ory/hydra/commit/699e38238220f857148b503dfb96d9b057bb4583)):
-
-    GitOrigin-RevId: e05097c7439096cf40fdcf059b3396970b2f1219
-
-* **hydra:** Clean up some helpers ([7840b0e](https://github.com/ory/hydra/commit/7840b0e0aade3b8fac6f1677a75b192e9c094b23)):
-
-    GitOrigin-RevId: 2b93dfbc4c27602a6ad053ccd0f25962f600419f
-
-* **hydra:** Convert custom JWT claim tests to table ([8391d1b](https://github.com/ory/hydra/commit/8391d1bc57a85420f50c2e0b856a509b6784963d)):
-
-    GitOrigin-RevId: c0114d299bdec370104e8ad0b3042d3a3c045bb1
-
-* **hydra:** New and better e2e go tests ([aefe5e2](https://github.com/ory/hydra/commit/aefe5e2663608ec945dc49be466d48c0d43810f2)):
-
-    GitOrigin-RevId: 23a73e451286556fb6b0072c5b348eee137f1310
-
-* **hydra:** Refactor consent handler tests ([4d61925](https://github.com/ory/hydra/commit/4d6192599dc4f1020e8c5418398c6a85820c74cb)):
-
-    GitOrigin-RevId: 77753f8e0018eaef2bc17b73d456de5b7b0585b1
-
 * Parallelize and improve ([#3989](https://github.com/ory/hydra/issues/3989)) ([a47e395](https://github.com/ory/hydra/commit/a47e39513f1f08076849f77517977abffa195364))
 
-### Unclassified
-
-* Merge 3834fab8c161a7dc98d43f32acf8efd9e6e95352 into 4dae0f4a8785eb36d8dbb27137f6b924c1e0f0b5 ([dc84053](https://github.com/ory/hydra/commit/dc840535c19d58caf130966e00d3d2fe9f3eb577)):
-
-    GitOrigin-RevId: 0c2dcaa065b64d2aafbcfd49c79363a214c5b2aa
-
-
 
 # [2.3.0](https://github.com/ory/hydra/compare/v2.2.0...v2.3.0) (2025-01-17)
 
diff --git a/consent/handler.go b/consent/handler.go
@@ -5,7 +5,6 @@ package consent
 
 import (
 	"cmp"
-	"context"
 	"encoding/json"
 	"net/http"
 	"net/url"
@@ -1129,7 +1128,7 @@ func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request)
 	}
 
 	f.RequestURL = reqURL.String()
-	if err := h.r.ConsentManager().HandleDeviceUserAuthRequest(ctx, f, &p); err != nil {
+	if err := f.HandleDeviceUserAuthRequest(&p); err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
 	}
@@ -1151,12 +1150,3 @@ func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request)
 		RedirectTo: urlx.SetQuery(ru, url.Values{"device_verifier": {verifier}, "client_id": {userCodeRequest.GetClient().GetID()}}).String(),
 	})
 }
-
-func (h *Handler) decodeFlowWithClient(ctx context.Context, challenge string, opts ...flow.CodecOption) (*flow.Flow, error) {
-	f, err := flow.Decode[flow.Flow](ctx, h.r.FlowCipher(), challenge, opts...)
-	if err != nil {
-		return nil, err
-	}
-
-	return f, nil
-}
diff --git a/consent/handler_test.go b/consent/handler_test.go
@@ -277,12 +277,12 @@ func TestAcceptCodeDeviceRequest(t *testing.T) {
 
 	cl := &client.Client{ID: "client"}
 	require.NoError(t, reg.ClientManager().CreateClient(t.Context(), cl))
-	f, err := reg.ConsentManager().CreateDeviceUserAuthRequest(t.Context(), &flow.DeviceUserAuthRequest{
+	f := flow.NewDeviceFlow(&flow.DeviceUserAuthRequest{
 		Client:      cl,
 		RequestURL:  requestURL,
 		RequestedAt: time.Now(),
 	})
-	require.NoError(t, err)
+	f.NID = reg.Networker().NetworkID(t.Context())
 	challenge, err := f.ToDeviceChallenge(t.Context(), reg)
 	require.NoError(t, err)
 
diff --git a/consent/manager.go b/consent/manager.go
@@ -55,8 +55,6 @@ type (
 		RejectLogoutRequest(ctx context.Context, challenge string) error
 		VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*flow.LogoutRequest, error)
 
-		CreateDeviceUserAuthRequest(ctx context.Context, req *flow.DeviceUserAuthRequest) (*flow.Flow, error)
-		HandleDeviceUserAuthRequest(ctx context.Context, f *flow.Flow, r *flow.HandledDeviceUserAuthRequest) error
 		VerifyAndInvalidateDeviceUserAuthRequest(ctx context.Context, verifier string) (*flow.HandledDeviceUserAuthRequest, error)
 
 		NetworkID(ctx context.Context) uuid.UUID
diff --git a/consent/strategy_default.go b/consent/strategy_default.go
@@ -1246,22 +1246,22 @@ func (s *DefaultStrategy) forwardDeviceRequest(ctx context.Context, w http.Respo
 	q = caseInsensitiveFilterParam(q, "user_code")
 	iu.RawQuery = q.Encode()
 
-	f, err := s.r.ConsentManager().CreateDeviceUserAuthRequest(ctx,
-		&flow.DeviceUserAuthRequest{
-			ID:          challenge,
-			Verifier:    verifier,
-			CSRF:        csrf,
-			RequestURL:  iu.String(),
-			RequestedAt: time.Now().Truncate(time.Second).UTC(),
-		})
-	if err != nil {
-		return err
+	f := &flow.Flow{
+		DeviceChallengeID: sqlxx.NullString(challenge),
+		RequestURL:        iu.String(),
+		DeviceVerifier:    sqlxx.NullString(verifier),
+		DeviceCSRF:        sqlxx.NullString(csrf),
+		RequestedAt:       time.Now().Truncate(time.Second).UTC(),
+		DeviceWasUsed:     sqlxx.NullBool{Bool: false, Valid: true},
+		State:             flow.DeviceFlowStateInitialized,
+		NID:               s.r.Networker().NetworkID(ctx),
 	}
 
 	encodedFlow, err := f.ToDeviceChallenge(ctx, s.r)
 	if err != nil {
 		return err
 	}
+
 	store, err := s.r.CookieStore(ctx)
 	if err != nil {
 		return err
diff --git a/consent/test/manager_test_helpers.go b/consent/test/manager_test_helpers.go
@@ -459,8 +459,8 @@ func ManagerTests(deps Deps, m consent.Manager, clientManager client.Manager, fo
 			_, err := flow.DecodeFromDeviceChallenge(ctx, deps, deviceChallenge)
 			require.Error(t, err)
 
-			f, err = m.CreateDeviceUserAuthRequest(ctx, c)
-			require.NoError(t, err)
+			f = flow.NewDeviceFlow(c)
+			f.NID = deps.Networker().NetworkID(ctx)
 
 			deviceChallenge = x.Must(f.ToDeviceChallenge(ctx, deps))
 
@@ -469,7 +469,7 @@ func ManagerTests(deps Deps, m consent.Manager, clientManager client.Manager, fo
 			assert.False(t, got1.DeviceWasUsed.Bool)
 			compareDeviceRequestFlow(t, c, got1)
 
-			require.NoError(t, m.HandleDeviceUserAuthRequest(ctx, f, h))
+			require.NoError(t, f.HandleDeviceUserAuthRequest(h))
 			compareDeviceRequestFlow(t, c, f)
 
 			for _, key := range []string{"1", "2", "3", "4", "5", "6", "7"} {
@@ -479,8 +479,8 @@ func ManagerTests(deps Deps, m consent.Manager, clientManager client.Manager, fo
 				_, err := flow.DecodeFromDeviceChallenge(ctx, deps, deviceChallenge)
 				require.Error(t, err)
 
-				f, err = m.CreateDeviceUserAuthRequest(ctx, c)
-				require.NoError(t, err)
+				f = flow.NewDeviceFlow(c)
+				f.NID = deps.Networker().NetworkID(ctx)
 
 				deviceChallenge = x.Must(f.ToDeviceChallenge(ctx, deps))
 				challenges = append(challenges, deviceChallenge)
@@ -490,7 +490,7 @@ func ManagerTests(deps Deps, m consent.Manager, clientManager client.Manager, fo
 				assert.False(t, got1.DeviceWasUsed.Bool)
 				compareDeviceRequestFlow(t, c, got1)
 
-				require.NoError(t, m.HandleDeviceUserAuthRequest(ctx, f, h))
+				require.NoError(t, f.HandleDeviceUserAuthRequest(h))
 				compareDeviceRequestFlow(t, c, f)
 			}
 
diff --git a/flow/flow_encoding_test.go b/flow/flow_encoding_test.go
diff --git a/persistence/sql/persister_consent.go b/persistence/sql/persister_consent.go
