fix: Users without the "Manage OAuth Apps" permission can't log in with third-party apps

[matheusbsilva137]

Proposed changes (including videos or screenshots)

• Allow users who do not have the manage-oauth-apps permission to use the oauth-apps.get endpoint (filter out sensitive info instead of blocking access to the endpoint completely). This will allow the third party login feature to work again.

Issue(s)

Fixes #31749

Steps to test or reproduce

Before:

After:

Further comments

CORE-473

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 5154ee1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 32 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/apps	Patch
@rocket.chat/models	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/omnichannel-services	Patch
rocketchat-services	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/presence	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/api-client	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/livechat	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/web-ui-registration	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.40%. Comparing base (150c7b1) to head (5154ee1).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #32986      +/-   ##
===========================================
- Coverage    59.40%   59.40%   -0.01%     
===========================================
  Files         2547     2547              
  Lines        63310    63309       -1     
  Branches     14248    14248              
===========================================
- Hits         37611    37610       -1     
  Misses       22980    22980              
  Partials      2719     2719              

Flag	Coverage Δ
unit	75.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[verdel]

I would like to express my opinion regarding the chosen solution for the initial issue.

Perhaps adding variability to the oauth-apps.get API method is not a very good idea. Currently, the documentation for the method describes the parameters it will return. After the modification proposed in this PR, the method will return one less parameter depending on whether the user has the manage-oauth-apps permission or not.

Moreover, I believe that in the case of the OAuth2 Authorization Flow, it is necessary to pass the minimal required data to the client browser, regardless of user permissions. In this case, only clientId and name are required for rendering the consent screen.

Changes addressed