Tenant manager updates (#127)

* update clients

* trimmed universal config (#120)

* trimmed universal config

* cleanup

* domain update (#126)

* add universal config

Author: lyleschemmerling

src/main/java/io/fusionauth/domain/Application.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2019-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -104,6 +104,8 @@ public class Application implements Buildable<Application>, Tenantable {
 
   public UUID themeId;
 
+  public UniversalApplicationConfiguration universalConfiguration = new UniversalApplicationConfiguration();
+
   public RegistrationUnverifiedOptions unverified = new RegistrationUnverifiedOptions();
 
   public UUID verificationEmailTemplateId;
@@ -147,6 +149,7 @@ public Application(Application other) {
     this.state = other.state;
     this.tenantId = other.tenantId;
     this.themeId = other.themeId;
+    this.universalConfiguration = new UniversalApplicationConfiguration(other.universalConfiguration);
     this.unverified = new RegistrationUnverifiedOptions(other.unverified);
     this.verificationEmailTemplateId = other.verificationEmailTemplateId;
     this.verificationStrategy = other.verificationStrategy;
@@ -213,6 +216,7 @@ public boolean equals(Object o) {
            state == that.state &&
            Objects.equals(tenantId, that.tenantId) &&
            Objects.equals(themeId, that.themeId) &&
+           Objects.equals(universalConfiguration, that.universalConfiguration) &&
            Objects.equals(unverified, that.unverified) &&
            Objects.equals(verificationEmailTemplateId, that.verificationEmailTemplateId) &&
            Objects.equals(webAuthnConfiguration, that.webAuthnConfiguration) &&
@@ -256,7 +260,7 @@ public boolean hasDefaultRole() {
   @Override
   public int hashCode() {
     // active is omitted
-    return Objects.hash(accessControlConfiguration, authenticationTokenConfiguration, cleanSpeakConfiguration, data, emailConfiguration, externalIdentifierConfiguration, formConfiguration, id, insertInstant, jwtConfiguration, lambdaConfiguration, lastUpdateInstant, loginConfiguration, multiFactorConfiguration, name, oauthConfiguration, passwordlessConfiguration, registrationConfiguration, registrationDeletePolicy, roles, samlv2Configuration, scopes, state, tenantId, themeId, unverified, verificationEmailTemplateId, verificationStrategy, verifyRegistration, webAuthnConfiguration);
+    return Objects.hash(accessControlConfiguration, authenticationTokenConfiguration, cleanSpeakConfiguration, data, emailConfiguration, externalIdentifierConfiguration, formConfiguration, id, insertInstant, jwtConfiguration, lambdaConfiguration, lastUpdateInstant, loginConfiguration, multiFactorConfiguration, name, oauthConfiguration, passwordlessConfiguration, registrationConfiguration, registrationDeletePolicy, roles, samlv2Configuration, scopes, state, tenantId, themeId, universalConfiguration, unverified, verificationEmailTemplateId, verificationStrategy, verifyRegistration, webAuthnConfiguration);
   }
 
   public void normalize() {
@@ -885,4 +889,5 @@ public String toString() {
       }
     }
   }
+
 }

src/main/java/io/fusionauth/domain/UniversalApplicationConfiguration.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2025, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+package io.fusionauth.domain;
+
+import java.util.Objects;
+
+import com.inversoft.json.JacksonConstructor;
+
+/**
+ * @author Lyle Schemmerling
+ */
+public class UniversalApplicationConfiguration {
+  public boolean universal;
+
+  @JacksonConstructor
+  public UniversalApplicationConfiguration() {}
+
+  public UniversalApplicationConfiguration(boolean universal) {
+    this.universal = universal;
+  }
+
+  public UniversalApplicationConfiguration(UniversalApplicationConfiguration other) {
+    this.universal = other.universal;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    UniversalApplicationConfiguration that = (UniversalApplicationConfiguration) o;
+    return universal == that.universal;
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hashCode(universal);
+  }
+}

src/main/java/io/fusionauth/domain/form/FormField.java

@@ -1,5 +1,17 @@
 /*
- * Copyright (c) 2020-2022, FusionAuth, All Rights Reserved
+ * Copyright (c) 2020-2025, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 package io.fusionauth.domain.form;
 
@@ -48,6 +60,31 @@ public class FormField implements Buildable<FormField> {
 
   public FormFieldValidator validator = new FormFieldValidator();
 
+  public FormField() {
+    // Default constructor
+  }
+
+  public FormField(FormField formField) {
+    this.confirm = formField.confirm;
+    this.consentId = formField.consentId;
+    this.control = formField.control;
+    this.data = new LinkedHashMap<>(formField.data);
+    this.description = formField.description;
+    this.id = formField.id;
+    this.insertInstant = formField.insertInstant;
+    this.key = formField.key;
+    this.lastUpdateInstant = formField.lastUpdateInstant;
+    this.name = formField.name;
+    this.options = new ArrayList<>(formField.options);
+    this.required = formField.required;
+    this.type = formField.type;
+    if (formField.validator != null) {
+      this.validator = new FormFieldValidator();
+      this.validator.expression = formField.validator.expression;
+      this.validator.enabled = formField.validator.enabled;
+    }
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {

src/main/java/io/fusionauth/domain/jwt/RefreshToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -121,7 +121,9 @@ public boolean isExpired(Tenant tenant, Application application) {
       return startInstant.plusSeconds(tenant.httpSessionMaxInactiveInterval).isBefore(now);
     } else {
       // Refresh Token
-      JWTConfiguration jwtConfiguration = tenant.lookupJWTConfiguration(application);
+      JWTConfiguration jwtConfiguration = application != null && application.jwtConfiguration != null && application.jwtConfiguration.enabled
+          ? application.jwtConfiguration
+          : tenant.jwtConfiguration;
 
       // if the rt expired, we're done here.
       if (startInstant.plusMinutes(jwtConfiguration.refreshTokenTimeToLiveInMinutes).isBefore(now)) {

src/main/java/io/fusionauth/domain/oauth2/OAuthError.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -99,6 +99,7 @@ public enum OAuthErrorReason {
     invalid_target_entity_scope,
     invalid_entity_permission_scope,
     invalid_user_id,
+    invalid_tenant_id,
 
     // Grant disabled
     grant_type_disabled,
@@ -118,6 +119,7 @@ public enum OAuthErrorReason {
     missing_user_code,
     missing_user_id,
     missing_verification_uri,
+    missing_tenant_id,
 
     login_prevented,
     not_licensed,

src/main/java/io/fusionauth/domain/reactor/ReactorStatus.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2021-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,8 +59,12 @@ public class ReactorStatus {
 
   public ReactorFeatureStatus scimServer = ReactorFeatureStatus.UNKNOWN;
 
+  public ReactorFeatureStatus tenantManagerApplication = ReactorFeatureStatus.UNKNOWN;
+
   public ReactorFeatureStatus threatDetection = ReactorFeatureStatus.UNKNOWN;
 
+  public ReactorFeatureStatus universalApplication = ReactorFeatureStatus.UNKNOWN;
+
   public ReactorFeatureStatus webAuthn = ReactorFeatureStatus.UNKNOWN;
 
   public ReactorFeatureStatus webAuthnPlatformAuthenticators = ReactorFeatureStatus.UNKNOWN;
@@ -87,8 +91,10 @@ public ReactorStatus(ReactorStatus other) {
     expiration = other.expiration;
     licenseAttributes.putAll(other.licenseAttributes);
     licensed = other.licensed;
+    tenantManagerApplication = other.tenantManagerApplication;
     scimServer = other.scimServer;
     threatDetection = other.threatDetection;
+    universalApplication = other.universalApplication;
     webAuthn = other.webAuthn;
     webAuthnPlatformAuthenticators = other.webAuthnPlatformAuthenticators;
     webAuthnRoamingAuthenticators = other.webAuthnRoamingAuthenticators;
@@ -118,8 +124,10 @@ public boolean equals(Object o) {
            Objects.equals(expiration, that.expiration) &&
            licensed == that.licensed &&
            Objects.equals(licenseAttributes, that.licenseAttributes) &&
+           tenantManagerApplication == that.tenantManagerApplication &&
            scimServer == that.scimServer &&
            threatDetection == that.threatDetection &&
+           universalApplication == that.universalApplication &&
            webAuthn == that.webAuthn &&
            webAuthnPlatformAuthenticators == that.webAuthnPlatformAuthenticators &&
            webAuthnRoamingAuthenticators == that.webAuthnRoamingAuthenticators;
@@ -142,8 +150,10 @@ public int hashCode() {
                         expiration,
                         licensed,
                         licenseAttributes,
+                        tenantManagerApplication,
                         scimServer,
                         threatDetection,
+                        universalApplication,
                         webAuthn,
                         webAuthnPlatformAuthenticators,
                         webAuthnRoamingAuthenticators);

src/main/java/io/fusionauth/domain/search/ApplicationSearchCriteria.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023-2023, FusionAuth, All Rights Reserved
+ * Copyright (c) 2023-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
  */
 package io.fusionauth.domain.search;
 
+import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
@@ -31,6 +32,8 @@
  * @author Spencer Witt
  */
 public class ApplicationSearchCriteria extends BaseSearchCriteria implements Buildable<ApplicationSearchCriteria> {
+  public static final Set<String> NullableFields = new HashSet<>();
+
   public static final Map<String, String> SortableFields = new LinkedHashMap<>();
 
   public String name;
@@ -45,7 +48,7 @@ public ApplicationSearchCriteria prepare() {
       orderBy = defaultOrderBy();
     }
 
-    orderBy = normalizeOrderBy(orderBy, SortableFields);
+    orderBy = normalizeOrderBy(orderBy, SortableFields, NullableFields);
     name = toSearchString(name);
     return this;
   }
@@ -61,6 +64,8 @@ protected String defaultOrderBy() {
   }
 
   static {
+    NullableFields.add("tenant");
+
     SortableFields.put("id", "a.id");
     SortableFields.put("insertInstant", "a.insert_instant");
     SortableFields.put("name", "a.name");