From 9a23bad3daac042d990f9b1a5640e20593b81e63 Mon Sep 17 00:00:00 2001
From: sethvincent <sethvincent@gmail.com>
Date: Fri, 28 Jun 2019 13:08:41 -0700
Subject: [PATCH 1/2] set owner when creating a client

---
 app/manage/client.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/manage/client.js b/app/manage/client.js
index 3a9cef01..5ec2aed7 100644
--- a/app/manage/client.js
+++ b/app/manage/client.js
@@ -31,6 +31,7 @@ async function createClient (req, res) {
   toCreate['scope'] = 'openid offline'
   toCreate['response_types'] = ['code', 'id_token']
   toCreate['grant_types'] = ['refresh_token', 'authorization_code']
+  toCreate['owner'] = req.session.user_id
   let client = await hydra.createClient(toCreate)
   return res.send({ client })
 }

From 0b27df09d6411b89c1694a779bb006cc13c36f15 Mon Sep 17 00:00:00 2001
From: sethvincent <sethvincent@gmail.com>
Date: Tue, 2 Jul 2019 08:50:02 -0700
Subject: [PATCH 2/2] filter clients in getClients by user id

---
 app/manage/client.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/manage/client.js b/app/manage/client.js
index 5ec2aed7..d68db755 100644
--- a/app/manage/client.js
+++ b/app/manage/client.js
@@ -12,10 +12,12 @@ const manageId = serverRuntimeConfig.OSM_HYDRA_ID
  * @param {*} res
  */
 async function getClients (req, res) {
+  const { session: { user_id } } = req
   let clients = await hydra.getClients()
 
-  // Remove first party app from list
-  let filteredClients = clients.filter(c => c.client_id !== manageId)
+  // Remove first party client from list & exclude clients the user does not own
+  let filteredClients = clients
+    .filter(c => c.client_id !== manageId && c.owner === user_id)
 
   return res.send({ clients: filteredClients })
 }