custom_profile_attributes for OAuth apps

Adding fixtures for future tests

New test using fixtures

Add schema attribute to take custom profile attributes

Include custom profile attributes when building app

Moved test and removed some unnecessary checks

Test custom_profile_attributes is empty

Move custom_profile_attributes to Oauth schema

examples/okta_app_oauth/custom_attributes.tf

@@ -0,0 +1,16 @@
+resource "okta_app_oauth" "test" {
+  label                      = "testAcc_replace_with_uuid"
+  type                       = "web"
+  grant_types                = ["authorization_code"]
+  redirect_uris              = ["http://d.com/"]
+  response_types             = ["code"]
+  client_basic_secret        = "something_from_somewhere"
+  custom_client_id           = "something_from_somewhere"
+  token_endpoint_auth_method = "client_secret_basic"
+
+  custom_profile_attributes  = <<JSON
+  {
+    "customAttribute123": "testing-custom-attribute"
+  }
+JSON
+}

examples/okta_app_oauth/custom_attributes_array.tf

@@ -0,0 +1,17 @@
+resource "okta_app_oauth" "test" {
+  label                      = "testAcc_replace_with_uuid"
+  type                       = "web"
+  grant_types                = ["authorization_code"]
+  redirect_uris              = ["http://d.com/"]
+  response_types             = ["code"]
+  client_basic_secret        = "something_from_somewhere"
+  custom_client_id           = "something_from_somewhere"
+  token_endpoint_auth_method = "client_secret_basic"
+
+  custom_profile_attributes = <<JSON
+  {
+    "array123": ["test"],
+    "number123": 1
+  }
+JSON
+}

examples/okta_app_oauth/remove_custom_attributes.tf

@@ -0,0 +1,10 @@
+resource "okta_app_oauth" "test" {
+  label                      = "testAcc_replace_with_uuid"
+  type                       = "web"
+  grant_types                = ["authorization_code"]
+  redirect_uris              = ["http://d.com/"]
+  response_types             = ["code"]
+  client_basic_secret        = "something_from_somewhere"
+  custom_client_id           = "something_from_somewhere"
+  token_endpoint_auth_method = "client_secret_basic"
+}

okta/resource_app_oauth.go

@@ -1,6 +1,8 @@
 package okta
 
 import (
+	"encoding/json"
+
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
 	"github.com/okta/okta-sdk-golang/okta"
@@ -235,6 +237,12 @@ func resourceAppOAuth() *schema.Resource {
 				Default:     true,
 				Description: "Do not display application icon to users",
 			},
+			"custom_profile_attributes": &schema.Schema{
+				Type:        schema.TypeString,
+				StateFunc:   normalizeDataJSON,
+				Optional:    true,
+				Description: "Custom JSON returned by GET requests to api/v1/apps/{appId}",
+			},
 		}),
 	}
 }
@@ -298,6 +306,7 @@ func resourceAppOAuthRead(d *schema.ResourceData, m interface{}) error {
 	d.Set("status", app.Status)
 	d.Set("sign_on_mode", app.SignOnMode)
 	d.Set("label", app.Label)
+	d.Set("custom_profile_attributes", app.Profile)
 	d.Set("type", app.Settings.OauthClient.ApplicationType)
 	// Not setting client_secret, it is only provided on create for auth methods that require it
 	d.Set("client_id", app.Credentials.OauthClient.ClientId)
@@ -442,5 +451,13 @@ func buildAppOAuth(d *schema.ResourceData, m interface{}) *okta.OpenIdConnectApp
 	}
 	app.Visibility = buildVisibility(d)
 
+	if rawAttrs, ok := d.GetOk("custom_profile_attributes"); ok {
+		var attrs map[string]interface{}
+		str := rawAttrs.(string)
+		json.Unmarshal([]byte(str), &attrs)
+
+		app.Profile = attrs
+	}
+
 	return app
 }

okta/resource_app_oauth_test.go

@@ -113,6 +113,51 @@ func TestAccAppOauth_badGrantTypes(t *testing.T) {
 	})
 }
 
+// Tests an OAuth application with custom profile attributes. This tests with a nested JSON object as well as an array.
+func TestAccAppOauth_customProfileAttributes(t *testing.T) {
+	ri := acctest.RandInt()
+	mgr := newFixtureManager(appOAuth)
+	config := mgr.GetFixtures("custom_attributes.tf", ri, t)
+	arrayAttrConfig := mgr.GetFixtures("custom_attributes_array.tf", ri, t)
+	updatedConfig := mgr.GetFixtures("remove_custom_attributes.tf", ri, t)
+	resourceName := fmt.Sprintf("%s.test", appOAuth)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: createCheckResourceDestroy(appOAuth, createDoesAppExist(okta.NewOpenIdConnectApplication())),
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(resourceName, createDoesAppExist(okta.NewOpenIdConnectApplication())),
+					resource.TestCheckResourceAttr(resourceName, "label", buildResourceName(ri)),
+					resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"),
+					resource.TestCheckResourceAttr(resourceName, "custom_profile_attributes", "{\"customAttribute123\":\"testing-custom-attribute\"}"),
+				),
+			},
+			{
+				Config: arrayAttrConfig,
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(resourceName, createDoesAppExist(okta.NewOpenIdConnectApplication())),
+					resource.TestCheckResourceAttr(resourceName, "label", buildResourceName(ri)),
+					resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"),
+					resource.TestCheckResourceAttr(resourceName, "custom_profile_attributes", "{\"array123\":[\"test\"],\"number123\":1}"),
+				),
+			},
+			{
+				Config: updatedConfig,
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(resourceName, createDoesAppExist(okta.NewOpenIdConnectApplication())),
+					resource.TestCheckResourceAttr(resourceName, "label", buildResourceName(ri)),
+					resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"),
+					resource.TestCheckResourceAttr(resourceName, "custom_profile_attributes", ""),
+				),
+			},
+		},
+	})
+}
+
 func createDoesAppExist(app okta.App) func(string) (bool, error) {
 	return func(id string) (bool, error) {
 		client := getOktaClientFromMetadata(testAccProvider.Meta())