feat(oauth): add functionality to delete custom OAuth client parameters and verify plugin status

api/controllers/console/workspace/tool_providers.py

@@ -808,6 +808,16 @@ class ToolOAuthCustomClient(Resource):
             )
         )
     
+    @setup_required
+    @login_required
+    @account_initialization_required
+    def delete(self, provider):
+        return jsonable_encoder(
+            BuiltinToolManageService.delete_custom_oauth_client_params(
+                tenant_id=current_user.current_tenant_id, provider=provider
+            )
+        )
+
 
 class ToolBuiltinProviderGetOauthClientSchemaApi(Resource):
     @setup_required

api/services/plugin/plugin_service.py

@@ -196,6 +196,17 @@ class PluginService:
         manager = PluginInstaller()
         return manager.fetch_plugin_manifest(tenant_id, plugin_unique_identifier)
 
+    @staticmethod
+    def is_plugin_verified(tenant_id: str, plugin_unique_identifier: str) -> bool:
+        """
+        Check if the plugin is verified
+        """
+        manager = PluginInstaller()
+        try:
+            return manager.fetch_plugin_manifest(tenant_id, plugin_unique_identifier).verified
+        except Exception:
+            return False
+
     @staticmethod
     def fetch_install_tasks(tenant_id: str, page: int, page_size: int) -> Sequence[PluginInstallTask]:
         """

api/services/tools/builtin_tools_manage_service.py

@@ -30,6 +30,7 @@ from core.tools.utils.system_oauth_encryption import decrypt_system_oauth_params
 from extensions.ext_database import db
 from extensions.ext_redis import redis_client
 from models.tools import BuiltinToolProvider, ToolOAuthSystemClient, ToolOAuthTenantClient
+from services.plugin.plugin_service import PluginService
 from services.tools.tools_transform_service import ToolTransformService
 
 logger = logging.getLogger(__name__)
@@ -38,17 +39,37 @@ logger = logging.getLogger(__name__)
 class BuiltinToolManageService:
     __MAX_BUILTIN_TOOL_PROVIDER_COUNT__ = 100
 
+    @staticmethod
+    def delete_custom_oauth_client_params(tenant_id: str, provider: str):
+        """
+        delete custom oauth client params
+        """
+        tool_provider = ToolProviderID(provider)
+        with Session(db.engine) as session:
+            session.query(ToolOAuthTenantClient).filter_by(
+                tenant_id=tenant_id,
+                provider=tool_provider.provider_name,
+                plugin_id=tool_provider.plugin_id,
+            ).delete()
+            session.commit()
+        return {"result": "success"}
+
     @staticmethod
     def get_builtin_tool_provider_oauth_client_schema(tenant_id: str, provider_name: str):
         """
         get builtin tool provider oauth client schema
         """
         provider = ToolManager.get_builtin_provider(provider_name, tenant_id)
+        verified = not isinstance(provider, PluginToolProviderController) or PluginService.is_plugin_verified(
+            tenant_id, provider.plugin_unique_identifier
+        )
 
         is_oauth_custom_client_enabled = BuiltinToolManageService.is_oauth_custom_client_enabled(
             tenant_id, provider_name
         )
-        is_system_oauth_params_exists = BuiltinToolManageService.is_oauth_system_client_exists(provider_name)
+        is_system_oauth_params_exists = verified and BuiltinToolManageService.is_oauth_system_client_exists(
+            provider_name
+        )
         result = {
             "schema": provider.get_oauth_client_schema(),
             "is_oauth_custom_client_enabled": is_oauth_custom_client_enabled,
@@ -493,6 +514,13 @@ class BuiltinToolManageService:
                 oauth_params = encrypter.decrypt(user_client.oauth_params)
                 return oauth_params
 
+            # only verified provider can use custom oauth client
+            is_verified = not isinstance(provider, PluginToolProviderController) or PluginService.is_plugin_verified(
+                tenant_id, provider.plugin_unique_identifier
+            )
+            if not is_verified:
+                return oauth_params
+
             system_client: ToolOAuthSystemClient | None = (
                 session.query(ToolOAuthSystemClient)
                 .filter_by(plugin_id=tool_provider.plugin_id, provider=tool_provider.provider_name)