Make client_cookie a persistent and editable client attribute

[byewokko]

Summary by CodeRabbit

• New Features
  • Clients gain a persistent, editable cookie-name attribute with standardized validation.
• Bug Fixes
  • Existing cookie-name values are preserved and no longer overwritten during updates.
• Documentation
  • Added a pre-release changelog entry for v25.48-alpha22 (v25.48).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f6b6312e-7864-4543-9519-82faf60a1c32

📥 Commits

Reviewing files that changed from the base of the PR and between 0410c87 and 07bf615.

📒 Files selected for processing (1)

• CHANGELOG.md

✅ Files skipped from review due to trivial changes (1)

• CHANGELOG.md

---

📝 Walkthrough

Walkthrough

Adds a persistent, validated cookie_name client metadata field and changes service logic to avoid overwriting an existing cookie_name when assigning it during client registration/update.

Changes

Cohort / File(s)	Summary
Changelog CHANGELOG.md	Added pre-release v25.48-alpha22 and a feature entry noting client_cookie as a persistent/editable client attribute.
Schema Definition seacatauth/client/schema.py	Added cookie_name to CLIENT_METADATA_SCHEMA as string with pattern: ^[a-zA-Z0-9\._]{0,64}$ and descriptive text; now accepted in register/update payloads.
Service Logic seacatauth/client/service.py	Updated _set_cookie_name to return early if client.cookie_name is already set (non-empty), preventing it from being re-resolved or overwritten.

Sequence Diagram(s)

sequenceDiagram
  participant ClientAPI as Client API
  participant ClientService as ClientService
  participant CookieService as CookieService
  participant DB as Database

  ClientAPI->>ClientService: register/update client (payload may include cookie_name)
  alt payload includes cookie_name
    ClientService->>DB: persist client with provided cookie_name
  else no cookie_name provided
    ClientService->>DB: read client record
    alt client.cookie_name already set
      ClientService-->>DB: skip cookie-name assignment
    else not set
      ClientService->>CookieService: resolve/build cookie name
      CookieService-->>ClientService: cookie_name
      ClientService->>DB: persist cookie_name on client
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Fix cookie introspection with client ID alias resolution #554: Alters cookie-name resolution and client cookie handling; overlaps with persistent cookie_name behavior and assignment flow.

Poem

🐰 I nibble at schemas, soft and bright,
I tuck a cookie_name away each night.
No overwrites now — gentle and neat,
A rabbit's hush keeps client names sweet. 🍪

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of the pull request: making client_cookie a persistent and editable client attribute.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/persistent-cooki-name

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@seacatauth/client/schema.py`:
- Around line 22-27: CLIENT_METADATA_SCHEMA currently exposes "cookie_name" to
external input (so UPDATE_CLIENT and register flows accept and persist it);
remove "cookie_name" from CLIENT_METADATA_SCHEMA (and any register/update input
schemas) so external requests can't set it, and instead have the server-side
client creation/update code set/persist the cookie name internally: update the
service routines that persist client metadata (e.g., the functions handling
client registration/update in seacatauth/client/service.py such as the code path
referenced around the update flow) to compute and assign the canonical
cookie_name before saving; ensure UPDATE_CLIENT/REGISTER handlers no longer read
cookie_name from request payload but ignore or reject it so only system-managed
values are stored and later used by cookie resolution code.
- Line 24: The regex pattern in the schema ("pattern" value containing
"^[a-zA-Z0-9\\._]{,64}$") uses the Python-only quantifier "{,64}" which is
invalid in ECMA-262; update the pattern string in schema.py (the "pattern"
entry) to use the explicit lower bound quantifier "{0,64}" so it is valid in
JavaScript/browser validators and preserves the same behavior.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 09206142-2989-44a0-82b1-921578f3ca31

📥 Commits

Reviewing files that changed from the base of the PR and between 2e26c27 and 6e3dcf5.

📒 Files selected for processing (3)

• CHANGELOG.md
• seacatauth/client/schema.py
• seacatauth/client/service.py