feat(callback): add callback

scripts/db/migrations/0007_oauth_clients.sql

@@ -0,0 +1,28 @@
+BEGIN;
+
+CREATE TABLE IF NOT EXISTS oauth_clients (
+    client_id VARCHAR(64) PRIMARY KEY,
+    name VARCHAR(255),
+    secret_hash VARCHAR(255) NOT NULL,
+    prev_secret_hash VARCHAR(255),
+    prev_expires_at TIMESTAMP WITH TIME ZONE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_oauth_clients_updated_at ON oauth_clients(updated_at);
+
+INSERT INTO permissions (code, description, resource, action) VALUES
+('iam:client:read', 'List OAuth clients', 'client', 'read'),
+('iam:client:write', 'Create/Rotate OAuth clients', 'client', 'write')
+ON CONFLICT (code) DO NOTHING;
+
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r
+JOIN permissions p ON p.code IN ('iam:client:read', 'iam:client:write')
+WHERE r.is_system = TRUE
+ON CONFLICT DO NOTHING;
+
+COMMIT;
+

scripts/db/migrations/0008_oauth_client_redirect_uris.sql

@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE oauth_clients
+    ADD COLUMN IF NOT EXISTS redirect_uris JSONB NOT NULL DEFAULT '[]'::jsonb;
+
+COMMIT;
+