feat: add fedcm_login support for Google One Tap / FedCM in Universal Login

[ankita10119]

🔧 Changes

Adds fedcm_login to the client JSON schema to support the Google One Tap / FedCM (Federated Credential Management) feature in New Universal Login.

Schema addition (src/tools/auth0/handlers/clients.ts):

• fedcm_login - optional object (null supported for deletion via PATCH)
  • fedcm_login.google - required if fedcm_login is defined
    • fedcm_login.google.is_enabled - boolean, controls whether the Google One Tap prompt is shown on New Universal Login for this client

No additional handler changes were required - fedcm_login is a plain nested object with no ID-to-name mapping, no special serialization, and is valid on both create and
update operations.

📚 References

🔬 Testing

Unit tests (test/tools/auth0/handlers/clients.tests.js):

• should pass validation with fedcm_login - { google: { is_enabled: true } } accepted by schema
• should pass validation with fedcm_login set to null - null accepted by schema (deletion case)
• should create client with fedcm_login - fedcm_login passed through unchanged to the API create call

Manual end-to-end against dev-ankita-t.us.auth0.com (feature flag enable_google_one_tap_ul enabled):

Scenario	Operation	Result
is_enabled: true on existing client	PATCH	Written and returned in export
is_enabled: false on existing client	PATCH	Written and returned in export
fedcm_login: null	PATCH	Field absent from export
New client with fedcm_login	POST (create)	Written and returned in export

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.19%. Comparing base (4699ac3) to head (32a3290).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1407   +/-   ##
=======================================
  Coverage   80.19%   80.19%           
=======================================
  Files         153      153           
  Lines        7119     7119           
  Branches     1573     1573           
=======================================
  Hits         5709     5709           
  Misses        760      760           
  Partials      650      650           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[harshithRai]

As per the description, google is required when fedcm_login is set. But the schema doesn't enforce this; fedcm_login: {} and fedcm_login: { google: {} } both pass validation based on current code.

Similar fields like token_quota handle this with required: ['client_credentials'].

Maybe we should add required: ['google'] under fedcm_login and required: ['is_enabled'] under google?

[ankita10119]

Addressed and updated