From 0b9a6e10d4ac0d07f11e739eab355090c22e211d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?O=C4=9Fuzhan=20Koral?=
 <45078678+oguzhankoral@users.noreply.github.com>
Date: Fri, 30 Jan 2026 08:25:38 +0300
Subject: [PATCH] feat(server): enable sdui for self hosters (#5741)

---
 packages/server/modules/auth/defaultApps.ts   | 21 +++++++++++++++++++
 .../modules/auth/tests/apps.graphql.spec.ts   |  2 +-
 .../server/modules/auth/tests/apps.spec.ts    |  2 +-
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/packages/server/modules/auth/defaultApps.ts b/packages/server/modules/auth/defaultApps.ts
index ee5bb3426..ca28a28c0 100644
--- a/packages/server/modules/auth/defaultApps.ts
+++ b/packages/server/modules/auth/defaultApps.ts
@@ -18,6 +18,7 @@ export enum DefaultAppIds {
   DesktopManager = 'sdm',
   Connector = 'sca',
   SpeckleDesktopAuthService = 'sdas',
+  SpeckleConnectorsDUI = 'sdui',
   Excel = 'spklexcel',
   PowerBI = 'spklpwerbi',
   Automate = 'spklautoma'
@@ -66,6 +67,25 @@ const SpeckleDesktopApp = {
   ]
 }
 
+const SpeckleConnectorsDUI = {
+  id: DefaultAppIds.SpeckleConnectorsDUI,
+  secret: DefaultAppIds.SpeckleConnectorsDUI,
+  name: 'DUI',
+  description: 'Speckle desktop user interface for connectors.',
+  trustByDefault: false, // NOTE: we do not wanna automatically authenticate in DUI because it uses cached account before which we wanna switch account. trustByDefault: true skips this step
+  public: true,
+  redirectUrl: 'https://dui.speckle.systems/authn/callback',
+  scopes: [
+    Scopes.Streams.Read,
+    Scopes.Streams.Write,
+    Scopes.Profile.Read,
+    Scopes.Profile.Email,
+    Scopes.Users.Read,
+    Scopes.Users.Invite,
+    ...workspaceScopes
+  ]
+}
+
 const SpeckleConnectorApp = {
   id: DefaultAppIds.Connector,
   secret: DefaultAppIds.Connector,
@@ -168,6 +188,7 @@ const defaultApps = [
   SpeckleWebApp,
   SpeckleApiExplorer,
   SpeckleDesktopApp,
+  SpeckleConnectorsDUI,
   SpeckleConnectorApp,
   SpeckleDesktopAuthService,
   SpeckleExcel,
diff --git a/packages/server/modules/auth/tests/apps.graphql.spec.ts b/packages/server/modules/auth/tests/apps.graphql.spec.ts
index a79ae5e22..6e1005205 100644
--- a/packages/server/modules/auth/tests/apps.graphql.spec.ts
+++ b/packages/server/modules/auth/tests/apps.graphql.spec.ts
@@ -170,7 +170,7 @@ describe('GraphQL @apps-api', () => {
     expect(res).to.be.json
     expect(res.body.errors).to.not.exist
     expect(res.body.data.apps).to.be.an('array')
-    expect(res.body.data.apps.length).to.equal(9)
+    expect(res.body.data.apps.length).to.equal(10)
   })
 
   it('Should get app info without secret if not authenticated and owner', async () => {
diff --git a/packages/server/modules/auth/tests/apps.spec.ts b/packages/server/modules/auth/tests/apps.spec.ts
index c53934f12..9a1defa2a 100644
--- a/packages/server/modules/auth/tests/apps.spec.ts
+++ b/packages/server/modules/auth/tests/apps.spec.ts
@@ -139,7 +139,7 @@ describe('Services @apps-services', () => {
   it('Should get all the public apps on this server', async () => {
     const apps = await getAllPublicApps()
     expect(apps).to.be.an('array')
-    expect(apps.length).to.equal(9)
+    expect(apps.length).to.equal(10)
   })
 
   it('Should fail to register an app with no scopes', async () => {