From 9e014a3fd8f9d291372c28ea82b1f6bea82df231 Mon Sep 17 00:00:00 2001
From: tobi <tobi.smethurst@protonmail.com>
Date: Mon, 10 Mar 2025 18:35:08 +0100
Subject: [PATCH] beep boop

---
 docs/swagger.go                               |   2 +
 internal/api/client/apps/appcreate.go         |  73 ++++--
 internal/api/client/apps/appget.go            |  98 ++++++++
 internal/api/client/apps/apps.go              |   9 +-
 internal/api/client/apps/appsget.go           | 146 ++++++++++++
 internal/api/client/tokens/tokensget.go       |   6 +-
 internal/api/model/application.go             |   3 +
 internal/api/util/scopes.go                   |   3 +
 internal/db/application.go                    |   3 +
 internal/db/bundb/admin.go                    |  11 +
 internal/db/bundb/application.go              |  98 ++++++++
 .../20250310144102_application_management.go  |  93 ++++++++
 .../processing/application/application.go     |  38 +++
 .../{app.go => application/create.go}         |  48 +++-
 internal/processing/application/get.go        | 104 ++++++++
 internal/processing/processor.go              |   7 +
 internal/typeutils/internaltofrontend.go      |   6 +
 web/source/settings/lib/query/gts-api.ts      |   1 +
 .../settings/lib/query/user/applications.ts   |  86 +++++++
 web/source/settings/lib/types/application.ts  |  71 ++++++
 web/source/settings/style.css                 |  28 +++
 .../views/user/applications/detail.tsx        | 123 ++++++++++
 .../views/user/applications/index.tsx         |  44 ++++
 .../settings/views/user/applications/new.tsx  | 134 +++++++++++
 .../views/user/applications/search.tsx        | 225 ++++++++++++++++++
 web/source/settings/views/user/menu.tsx       |  17 ++
 web/source/settings/views/user/router.tsx     |  27 +++
 27 files changed, 1470 insertions(+), 34 deletions(-)
 create mode 100644 internal/api/client/apps/appget.go
 create mode 100644 internal/api/client/apps/appsget.go
 create mode 100644 internal/db/bundb/migrations/20250310144102_application_management.go
 create mode 100644 internal/processing/application/application.go
 rename internal/processing/{app.go => application/create.go} (68%)
 create mode 100644 internal/processing/application/get.go
 create mode 100644 web/source/settings/lib/query/user/applications.ts
 create mode 100644 web/source/settings/lib/types/application.ts
 create mode 100644 web/source/settings/views/user/applications/detail.tsx
 create mode 100644 web/source/settings/views/user/applications/index.tsx
 create mode 100644 web/source/settings/views/user/applications/new.tsx
 create mode 100644 web/source/settings/views/user/applications/search.tsx

diff --git a/docs/swagger.go b/docs/swagger.go
index ecd03e6b9..4e30b1f58 100644
--- a/docs/swagger.go
+++ b/docs/swagger.go
@@ -37,6 +37,8 @@
 //	      profile: grants read access to verify_credentials
 //	      read:accounts: grants read access to accounts
 //	      write:accounts: grants write access to accounts
+//	      read:applications: grants read access to user-managed applications
+//	      write:applications: grants write access to user-managed applications
 //	      read:blocks: grants read access to blocks
 //	      write:blocks: grants write access to blocks
 //	      read:bookmarks: grants read access to bookmarks
diff --git a/internal/api/client/apps/appcreate.go b/internal/api/client/apps/appcreate.go
index 6a8208a20..062b2e13d 100644
--- a/internal/api/client/apps/appcreate.go
+++ b/internal/api/client/apps/appcreate.go
@@ -18,8 +18,11 @@
 package apps
 
 import (
+	"errors"
 	"fmt"
 	"net/http"
+	"slices"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
@@ -40,8 +43,10 @@ const (
 // The registered application can be used to obtain an application token.
 // This can then be used to register a new account, or (through user auth) obtain an access token.
 //
-// The parameters can also be given in the body of the request, as JSON, if the content-type is set to 'application/json'.
-// The parameters can also be given in the body of the request, as XML, if the content-type is set to 'application/xml'.
+// If the application was registered with a Bearer token passed in the Authorization header, the created application will be managed by the authenticated user (must have scope write:applications).
+//
+// Parameters can also be given in the body of the request, as JSON, if the content-type is set to 'application/json'.
+// Parameters can also be given in the body of the request, as XML, if the content-type is set to 'application/xml'.
 //
 //	---
 //	tags:
@@ -81,42 +86,66 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) {
 		return
 	}
 
+	if authed.Token != nil {
+		// If a token has been passed, user
+		// needs write perm on applications.
+		if !slices.ContainsFunc(
+			strings.Split(authed.Token.GetScope(), " "),
+			func(hasScope string) bool {
+				return apiutil.Scope(hasScope).Permits(apiutil.ScopeWriteApplications)
+			},
+		) {
+			const errText = "token has insufficient scope permission"
+			errWithCode := gtserror.NewErrorForbidden(errors.New(errText), errText)
+			apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+			return
+		}
+	}
+
+	if authed.Account != nil && authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		errWithCode := gtserror.NewErrorNotAcceptable(err, err.Error())
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
 	form := &apimodel.ApplicationCreateRequest{}
 	if err := c.ShouldBind(form); err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		errWithCode := gtserror.NewErrorBadRequest(err, err.Error())
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
-	if len([]rune(form.ClientName)) > formFieldLen {
-		err := fmt.Errorf("client_name must be less than %d characters", formFieldLen)
-		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+	if l := len([]rune(form.ClientName)); l > formFieldLen {
+		m.fieldTooLong(c, "client_name", formFieldLen, l)
 		return
 	}
 
-	if len([]rune(form.RedirectURIs)) > formRedirectLen {
-		err := fmt.Errorf("redirect_uris must be less than %d characters", formRedirectLen)
-		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+	if l := len([]rune(form.RedirectURIs)); l > formRedirectLen {
+		m.fieldTooLong(c, "redirect_uris", formRedirectLen, l)
 		return
 	}
 
-	if len([]rune(form.Scopes)) > formFieldLen {
-		err := fmt.Errorf("scopes must be less than %d characters", formFieldLen)
-		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+	if l := len([]rune(form.Scopes)); l > formFieldLen {
+		m.fieldTooLong(c, "scopes", formFieldLen, l)
 		return
 	}
 
-	if len([]rune(form.Website)) > formFieldLen {
-		err := fmt.Errorf("website must be less than %d characters", formFieldLen)
-		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+	if l := len([]rune(form.Website)); l > formFieldLen {
+		m.fieldTooLong(c, "website", formFieldLen, l)
 		return
 	}
 
-	apiApp, errWithCode := m.processor.AppCreate(c.Request.Context(), authed, form)
+	var managedByUserID string
+	if authed.User != nil {
+		managedByUserID = authed.User.ID
+	}
+
+	apiApp, errWithCode := m.processor.Application().Create(c.Request.Context(), managedByUserID, form)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
@@ -124,3 +153,13 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) {
 
 	apiutil.JSON(c, http.StatusOK, apiApp)
 }
+
+func (m *Module) fieldTooLong(c *gin.Context, fieldName string, max int, actual int) {
+	errText := fmt.Sprintf(
+		"%s must be less than %d characters, provided %s was %d characters",
+		fieldName, max, fieldName, actual,
+	)
+
+	errWithCode := gtserror.NewErrorBadRequest(errors.New(errText), errText)
+	apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+}
diff --git a/internal/api/client/apps/appget.go b/internal/api/client/apps/appget.go
new file mode 100644
index 000000000..f9d5050b4
--- /dev/null
+++ b/internal/api/client/apps/appget.go
@@ -0,0 +1,98 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package apps
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+// AppGETHandler swagger:operation GET /api/v1/apps/{id} appGet
+//
+// Get a single application managed by the requester.
+//
+//	---
+//	tags:
+//	- apps
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		type: string
+//		description: The id of the requested application.
+//		in: path
+//		required: true
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- read:applications
+//
+//	responses:
+//		'200':
+//			description: The requested application.
+//			schema:
+//				"$ref": "#/definitions/application"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AppGETHandler(c *gin.Context) {
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadApplications,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	appID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	app, errWithCode := m.processor.Application().Get(
+		c.Request.Context(),
+		authed.User.ID,
+		appID,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, app)
+}
diff --git a/internal/api/client/apps/apps.go b/internal/api/client/apps/apps.go
index 679b985b8..fbfd11975 100644
--- a/internal/api/client/apps/apps.go
+++ b/internal/api/client/apps/apps.go
@@ -21,11 +21,14 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/processing"
 )
 
-// BasePath is the base path for this api module, excluding the api prefix
-const BasePath = "/v1/apps"
+const (
+	BasePath       = "/v1/apps"
+	BasePathWithID = BasePath + "/:" + apiutil.IDKey
+)
 
 type Module struct {
 	processor *processing.Processor
@@ -39,4 +42,6 @@ func New(processor *processing.Processor) *Module {
 
 func (m *Module) Route(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes) {
 	attachHandler(http.MethodPost, BasePath, m.AppsPOSTHandler)
+	attachHandler(http.MethodGet, BasePath, m.AppsGETHandler)
+	attachHandler(http.MethodGet, BasePathWithID, m.AppGETHandler)
 }
diff --git a/internal/api/client/apps/appsget.go b/internal/api/client/apps/appsget.go
new file mode 100644
index 000000000..6bbd4c752
--- /dev/null
+++ b/internal/api/client/apps/appsget.go
@@ -0,0 +1,146 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package apps
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/paging"
+)
+
+// AppsGETHandler swagger:operation GET /api/v1/apps appsGet
+//
+// Get an array of applications that are managed by the requester.
+//
+// The next and previous queries can be parsed from the returned Link header.
+//
+// Example:
+//
+// ```
+// <https://example.org/api/v1/apps?limit=80&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v1/apps?limit=80&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev"
+// ````
+//
+//	---
+//	tags:
+//	- apps
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: max_id
+//		type: string
+//		description: >-
+//			Return only items *OLDER* than the given max item ID.
+//			The item with the specified ID will not be included in the response.
+//		in: query
+//		required: false
+//	-
+//		name: since_id
+//		type: string
+//		description: >-
+//			Return only items *newer* than the given since item ID.
+//			The item with the specified ID will not be included in the response.
+//		in: query
+//	-
+//		name: min_id
+//		type: string
+//		description: >-
+//			Return only items *immediately newer* than the given since item ID.
+//			The item with the specified ID will not be included in the response.
+//		in: query
+//		required: false
+//	-
+//		name: limit
+//		type: integer
+//		description: Number of items to return.
+//		default: 20
+//		in: query
+//		required: false
+//		max: 80
+//		min: 0
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- read:applications
+//
+//	responses:
+//		'200':
+//			headers:
+//				Link:
+//					type: string
+//					description: Links to the next and previous queries.
+//			schema:
+//				type: array
+//				items:
+//					"$ref": "#/definitions/application"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AppsGETHandler(c *gin.Context) {
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadApplications,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	page, errWithCode := paging.ParseIDPage(c,
+		0,  // min limit
+		80, // max limit
+		20, // default limit
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	resp, errWithCode := m.processor.Application().GetPage(
+		c.Request.Context(),
+		authed.User.ID,
+		page,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if resp.LinkHeader != "" {
+		c.Header("Link", resp.LinkHeader)
+	}
+
+	apiutil.JSON(c, http.StatusOK, resp.Items)
+}
diff --git a/internal/api/client/tokens/tokensget.go b/internal/api/client/tokens/tokensget.go
index 2ffc2afb9..15fc5511f 100644
--- a/internal/api/client/tokens/tokensget.go
+++ b/internal/api/client/tokens/tokensget.go
@@ -52,7 +52,7 @@ import (
 //		name: max_id
 //		type: string
 //		description: >-
-//			Return only items *OLDER* than the given max status ID.
+//			Return only items *OLDER* than the given max item ID.
 //			The item with the specified ID will not be included in the response.
 //		in: query
 //		required: false
@@ -60,14 +60,14 @@ import (
 //		name: since_id
 //		type: string
 //		description: >-
-//			Return only items *newer* than the given since status ID.
+//			Return only items *newer* than the given since item ID.
 //			The item with the specified ID will not be included in the response.
 //		in: query
 //	-
 //		name: min_id
 //		type: string
 //		description: >-
-//			Return only items *immediately newer* than the given since status ID.
+//			Return only items *immediately newer* than the given since item ID.
 //			The item with the specified ID will not be included in the response.
 //		in: query
 //		required: false
diff --git a/internal/api/model/application.go b/internal/api/model/application.go
index 720674ad5..3f974683f 100644
--- a/internal/api/model/application.go
+++ b/internal/api/model/application.go
@@ -24,6 +24,9 @@ type Application struct {
 	// The ID of the application.
 	// example: 01FBVD42CQ3ZEEVMW180SBX03B
 	ID string `json:"id,omitempty"`
+	// When the application was created. (ISO 8601 Datetime)
+	// example: 2021-07-30T09:20:25+00:00
+	CreatedAt string `json:"created_at,omitempty"`
 	// The name of the application.
 	// example: Tusky
 	Name string `json:"name"`
diff --git a/internal/api/util/scopes.go b/internal/api/util/scopes.go
index 8161de500..594a46ecd 100644
--- a/internal/api/util/scopes.go
+++ b/internal/api/util/scopes.go
@@ -27,6 +27,7 @@ const (
 	/* Sub-scopes / scope components */
 
 	scopeAccounts      = "accounts"
+	scopeApplications  = "applications"
 	scopeBlocks        = "blocks"
 	scopeBookmarks     = "bookmarks"
 	scopeConversations = "conversations"
@@ -57,6 +58,8 @@ const (
 
 	ScopeReadAccounts           Scope = ScopeRead + ":" + scopeAccounts
 	ScopeWriteAccounts          Scope = ScopeWrite + ":" + scopeAccounts
+	ScopeReadApplications       Scope = ScopeRead + ":" + scopeApplications
+	ScopeWriteApplications      Scope = ScopeWrite + ":" + scopeApplications
 	ScopeReadBlocks             Scope = ScopeRead + ":" + scopeBlocks
 	ScopeWriteBlocks            Scope = ScopeWrite + ":" + scopeBlocks
 	ScopeReadBookmarks          Scope = ScopeRead + ":" + scopeBookmarks
diff --git a/internal/db/application.go b/internal/db/application.go
index a3061f028..3e163c810 100644
--- a/internal/db/application.go
+++ b/internal/db/application.go
@@ -31,6 +31,9 @@ type Application interface {
 	// GetApplicationByClientID fetches the application from the database with corresponding client_id value.
 	GetApplicationByClientID(ctx context.Context, clientID string) (*gtsmodel.Application, error)
 
+	// GetApplicationsManagedByUserID fetches a page of applications managed by the given userID.
+	GetApplicationsManagedByUserID(ctx context.Context, userID string, page *paging.Page) ([]*gtsmodel.Application, error)
+
 	// PutApplication places the new application in the database, erroring on non-unique ID or client_id.
 	PutApplication(ctx context.Context, app *gtsmodel.Application) error
 
diff --git a/internal/db/bundb/admin.go b/internal/db/bundb/admin.go
index a311d2fc5..02f10f44f 100644
--- a/internal/db/bundb/admin.go
+++ b/internal/db/bundb/admin.go
@@ -194,6 +194,17 @@ func (a *adminDB) NewSignup(ctx context.Context, newSignup gtsmodel.NewSignup) (
 		return nil, err
 	}
 
+	// If no app ID was set,
+	// use the instance app ID.
+	if newSignup.AppID == "" {
+		instanceApp, err := a.state.DB.GetInstanceApplication(ctx)
+		if err != nil {
+			err := gtserror.Newf("db error getting instance app: %w", err)
+			return nil, err
+		}
+		newSignup.AppID = instanceApp.ID
+	}
+
 	user = &gtsmodel.User{
 		ID:                     newUserID,
 		AccountID:              account.ID,
diff --git a/internal/db/bundb/application.go b/internal/db/bundb/application.go
index c21221c9f..e7dd81e72 100644
--- a/internal/db/bundb/application.go
+++ b/internal/db/bundb/application.go
@@ -56,6 +56,73 @@ func (a *applicationDB) GetApplicationByClientID(ctx context.Context, clientID s
 	)
 }
 
+func (a *applicationDB) GetApplicationsManagedByUserID(
+	ctx context.Context,
+	userID string,
+	page *paging.Page,
+) ([]*gtsmodel.Application, error) {
+	var (
+		// Get paging params.
+		minID = page.GetMin()
+		maxID = page.GetMax()
+		limit = page.GetLimit()
+		order = page.GetOrder()
+
+		// Make educated guess for slice size.
+		appIDs = make([]string, 0, limit)
+	)
+
+	// Ensure user ID.
+	if userID == "" {
+		return nil, gtserror.New("userID not set")
+	}
+
+	q := a.db.
+		NewSelect().
+		TableExpr("? AS ?", bun.Ident("applications"), bun.Ident("application")).
+		Column("application.id").
+		Where("? = ?", bun.Ident("application.managed_by_user_id"), userID)
+
+	if maxID != "" {
+		// Return only apps LOWER (ie., older) than maxID.
+		q = q.Where("? < ?", bun.Ident("application.id"), maxID)
+	}
+
+	if minID != "" {
+		// Return only apps HIGHER (ie., newer) than minID.
+		q = q.Where("? > ?", bun.Ident("application.id"), minID)
+	}
+
+	if limit > 0 {
+		q = q.Limit(limit)
+	}
+
+	if order == paging.OrderAscending {
+		// Page up.
+		q = q.Order("application.id ASC")
+	} else {
+		// Page down.
+		q = q.Order("application.id DESC")
+	}
+
+	if err := q.Scan(ctx, &appIDs); err != nil {
+		return nil, err
+	}
+
+	if len(appIDs) == 0 {
+		return nil, nil
+	}
+
+	// If we're paging up, we still want apps
+	// to be sorted by ID desc (ie., newest to
+	// oldest), so reverse ids slice.
+	if order == paging.OrderAscending {
+		slices.Reverse(appIDs)
+	}
+
+	return a.getApplicationsByIDs(ctx, appIDs)
+}
+
 func (a *applicationDB) getApplication(ctx context.Context, lookup string, dbQuery func(*gtsmodel.Application) error, keyParts ...any) (*gtsmodel.Application, error) {
 	return a.state.Caches.DB.Application.LoadOne(lookup, func() (*gtsmodel.Application, error) {
 		var app gtsmodel.Application
@@ -69,6 +136,37 @@ func (a *applicationDB) getApplication(ctx context.Context, lookup string, dbQue
 	}, keyParts...)
 }
 
+func (a *applicationDB) getApplicationsByIDs(ctx context.Context, ids []string) ([]*gtsmodel.Application, error) {
+	apps, err := a.state.Caches.DB.Application.LoadIDs("ID",
+		ids,
+		func(uncached []string) ([]*gtsmodel.Application, error) {
+			// Preallocate expected length of uncached apps.
+			apps := make([]*gtsmodel.Application, 0, len(uncached))
+
+			// Perform database query scanning
+			// the remaining (uncached) app IDs.
+			if err := a.db.NewSelect().
+				Model(&apps).
+				Where("? IN (?)", bun.Ident("id"), bun.In(uncached)).
+				Scan(ctx); err != nil {
+				return nil, err
+			}
+
+			return apps, nil
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	// Reorder the apps by their
+	// IDs to ensure in correct order.
+	getID := func(t *gtsmodel.Application) string { return t.ID }
+	xslices.OrderBy(apps, ids, getID)
+
+	return apps, nil
+}
+
 func (a *applicationDB) PutApplication(ctx context.Context, app *gtsmodel.Application) error {
 	return a.state.Caches.DB.Application.Store(app, func() error {
 		_, err := a.db.NewInsert().Model(app).Exec(ctx)
diff --git a/internal/db/bundb/migrations/20250310144102_application_management.go b/internal/db/bundb/migrations/20250310144102_application_management.go
new file mode 100644
index 000000000..de24a9b07
--- /dev/null
+++ b/internal/db/bundb/migrations/20250310144102_application_management.go
@@ -0,0 +1,93 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package migrations
+
+import (
+	"context"
+
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/uptrace/bun"
+)
+
+func init() {
+	up := func(ctx context.Context, db *bun.DB) error {
+		return db.RunInTx(ctx, nil, func(ctx context.Context, tx bun.Tx) error {
+
+			// Update users to set all "created_by_application_id"
+			// values to the instance application, to correct some
+			// past issues where this wasn't set. Skip this if there's
+			// no users though, as in that case we probably don't even
+			// have an instance application yet.
+			usersLen, err := tx.
+				NewSelect().
+				Table("users").
+				Count(ctx)
+			if err != nil {
+				return err
+			}
+
+			if usersLen == 0 {
+				// Nothing to do.
+				return nil
+			}
+
+			// Get Instance account ID.
+			var instanceAcctID string
+			if err := tx.
+				NewSelect().
+				Table("accounts").
+				Column("id").
+				Where("? = ?", bun.Ident("username"), config.GetHost()).
+				Where("? IS NULL", bun.Ident("domain")).
+				Scan(ctx, &instanceAcctID); err != nil {
+				return err
+			}
+
+			// Get the instance app ID.
+			var instanceAppID string
+			if err := tx.
+				NewSelect().
+				Table("applications").
+				Column("id").
+				Where("? = ?", bun.Ident("client_id"), instanceAcctID).
+				Scan(ctx, &instanceAppID); err != nil {
+				return err
+			}
+
+			// Set instance app
+			// ID on all users.
+			if _, err := tx.
+				NewUpdate().
+				Table("users").
+				Set("? = ?", bun.Ident("created_by_application_id"), instanceAppID).
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			return nil
+		})
+	}
+
+	down := func(ctx context.Context, db *bun.DB) error {
+		return nil
+	}
+
+	if err := Migrations.Register(up, down); err != nil {
+		panic(err)
+	}
+}
diff --git a/internal/processing/application/application.go b/internal/processing/application/application.go
new file mode 100644
index 000000000..4ad35749e
--- /dev/null
+++ b/internal/processing/application/application.go
@@ -0,0 +1,38 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package application
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/state"
+	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
+)
+
+type Processor struct {
+	state     *state.State
+	converter *typeutils.Converter
+}
+
+func New(
+	state *state.State,
+	converter *typeutils.Converter,
+) Processor {
+	return Processor{
+		state:     state,
+		converter: converter,
+	}
+}
diff --git a/internal/processing/app.go b/internal/processing/application/create.go
similarity index 68%
rename from internal/processing/app.go
rename to internal/processing/application/create.go
index c9bd4eb68..d1340a39f 100644
--- a/internal/processing/app.go
+++ b/internal/processing/application/create.go
@@ -15,24 +15,28 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package processing
+package application
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/url"
 	"strings"
 
 	"github.com/google/uuid"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
-	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
-func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
+func (p *Processor) Create(
+	ctx context.Context,
+	managedByUserID string,
+	form *apimodel.ApplicationCreateRequest,
+) (*apimodel.Application, gtserror.WithCode) {
 	// Set default 'read' for
 	// scopes if it's not set.
 	var scopes string
@@ -49,13 +53,32 @@ func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *a
 		// Redirect URIs can be just one value, or can be passed
 		// as a newline-separated list of strings. Ensure each URI
 		// is parseable + normalize it by reconstructing from *url.URL.
-		for _, redirectStr := range strings.Split(form.RedirectURIs, "\n") {
+		// Also ensure we don't add multiple copies of the same URI.
+		redirectStrs := strings.Split(form.RedirectURIs, "\n")
+		added := make(map[string]struct{}, len(redirectStrs))
+
+		for _, redirectStr := range redirectStrs {
+			redirectStr = strings.TrimSpace(redirectStr)
+			if redirectStr == "" {
+				continue
+			}
+
 			redirectURI, err := url.Parse(redirectStr)
 			if err != nil {
 				errText := fmt.Sprintf("error parsing redirect URI: %v", err)
 				return nil, gtserror.NewErrorBadRequest(err, errText)
 			}
-			redirectURIs = append(redirectURIs, redirectURI.String())
+
+			redirectURIStr := redirectURI.String()
+			if _, alreadyAdded := added[redirectURIStr]; !alreadyAdded {
+				redirectURIs = append(redirectURIs, redirectURIStr)
+				added[redirectURIStr] = struct{}{}
+			}
+		}
+
+		if len(redirectURIs) == 0 {
+			errText := "no redirect URIs left after trimming space"
+			return nil, gtserror.NewErrorBadRequest(errors.New(errText), errText)
 		}
 	} else {
 		// No redirect URI(s) provided, just set default oob.
@@ -71,13 +94,14 @@ func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *a
 	// Generate + store app
 	// to put in the database.
 	app := &gtsmodel.Application{
-		ID:           id.NewULID(),
-		Name:         form.ClientName,
-		Website:      form.Website,
-		RedirectURIs: redirectURIs,
-		ClientID:     clientID,
-		ClientSecret: uuid.NewString(),
-		Scopes:       scopes,
+		ID:              id.NewULID(),
+		Name:            form.ClientName,
+		Website:         form.Website,
+		RedirectURIs:    redirectURIs,
+		ClientID:        clientID,
+		ClientSecret:    uuid.NewString(),
+		Scopes:          scopes,
+		ManagedByUserID: managedByUserID,
 	}
 	if err := p.state.DB.PutApplication(ctx, app); err != nil {
 		return nil, gtserror.NewErrorInternalError(err)
diff --git a/internal/processing/application/get.go b/internal/processing/application/get.go
new file mode 100644
index 000000000..0a3eb8e04
--- /dev/null
+++ b/internal/processing/application/get.go
@@ -0,0 +1,104 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package application
+
+import (
+	"context"
+	"errors"
+
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
+	"github.com/superseriousbusiness/gotosocial/internal/paging"
+)
+
+func (p *Processor) Get(
+	ctx context.Context,
+	userID string,
+	appID string,
+) (*apimodel.Application, gtserror.WithCode) {
+	app, err := p.state.DB.GetApplicationByID(ctx, appID)
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err := gtserror.Newf("db error getting app %s: %w", appID, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if app == nil {
+		err := gtserror.Newf("app %s not found in the db", appID)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	if app.ManagedByUserID != userID {
+		err := gtserror.Newf("app %s not managed by user %s", appID, userID)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
+	if err != nil {
+		err := gtserror.Newf("error converting app to api app: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return apiApp, nil
+}
+
+func (p *Processor) GetPage(
+	ctx context.Context,
+	userID string,
+	page *paging.Page,
+) (*apimodel.PageableResponse, gtserror.WithCode) {
+	apps, err := p.state.DB.GetApplicationsManagedByUserID(ctx, userID, page)
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err := gtserror.Newf("db error getting apps: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	count := len(apps)
+	if count == 0 {
+		return paging.EmptyResponse(), nil
+	}
+
+	var (
+		// Get the lowest and highest
+		// ID values, used for paging.
+		lo = apps[count-1].ID
+		hi = apps[0].ID
+
+		// Best-guess items length.
+		items = make([]interface{}, 0, count)
+	)
+
+	for _, app := range apps {
+		apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
+		if err != nil {
+			log.Errorf(ctx, "error converting app to api app: %v", err)
+			continue
+		}
+
+		// Append req to return items.
+		items = append(items, apiApp)
+	}
+
+	return paging.PackageResponse(paging.ResponseParams{
+		Items: items,
+		Path:  "/api/v1/apps",
+		Next:  page.Next(lo, hi),
+		Prev:  page.Prev(lo, hi),
+	}), nil
+}
diff --git a/internal/processing/processor.go b/internal/processing/processor.go
index 0bba23089..0324f49cf 100644
--- a/internal/processing/processor.go
+++ b/internal/processing/processor.go
@@ -29,6 +29,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/processing/account"
 	"github.com/superseriousbusiness/gotosocial/internal/processing/admin"
 	"github.com/superseriousbusiness/gotosocial/internal/processing/advancedmigrations"
+	"github.com/superseriousbusiness/gotosocial/internal/processing/application"
 	"github.com/superseriousbusiness/gotosocial/internal/processing/common"
 	"github.com/superseriousbusiness/gotosocial/internal/processing/conversations"
 	"github.com/superseriousbusiness/gotosocial/internal/processing/fedi"
@@ -81,6 +82,7 @@ type Processor struct {
 	account             account.Processor
 	admin               admin.Processor
 	advancedmigrations  advancedmigrations.Processor
+	application         application.Processor
 	conversations       conversations.Processor
 	fedi                fedi.Processor
 	filtersv1           filtersv1.Processor
@@ -113,6 +115,10 @@ func (p *Processor) AdvancedMigrations() *advancedmigrations.Processor {
 	return &p.advancedmigrations
 }
 
+func (p *Processor) Application() *application.Processor {
+	return &p.application
+}
+
 func (p *Processor) Conversations() *conversations.Processor {
 	return &p.conversations
 }
@@ -221,6 +227,7 @@ func NewProcessor(
 	// processors + pin them to this struct.
 	processor.account = account.New(&common, state, converter, mediaManager, federator, visFilter, parseMentionFunc)
 	processor.admin = admin.New(&common, state, cleaner, subscriptions, federator, converter, mediaManager, federator.TransportController(), emailSender)
+	processor.application = application.New(state, converter)
 	processor.conversations = conversations.New(state, converter, visFilter)
 	processor.fedi = fedi.New(state, &common, converter, federator, visFilter)
 	processor.filtersv1 = filtersv1.New(state, converter, &processor.stream)
diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go
index 537eeb6db..0365b6d78 100644
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@@ -623,8 +623,14 @@ func (c *Converter) AppToAPIAppSensitive(ctx context.Context, a *gtsmodel.Applic
 		return nil, gtserror.Newf("error getting VAPID public key: %w", err)
 	}
 
+	createdAt, err := id.TimeFromULID(a.ID)
+	if err != nil {
+		return nil, gtserror.Newf("error converting id to time: %w", err)
+	}
+
 	return &apimodel.Application{
 		ID:           a.ID,
+		CreatedAt:    util.FormatISO8601(createdAt),
 		Name:         a.Name,
 		Website:      a.Website,
 		RedirectURI:  strings.Join(a.RedirectURIs, "\n"),
diff --git a/web/source/settings/lib/query/gts-api.ts b/web/source/settings/lib/query/gts-api.ts
index 401423766..819bec142 100644
--- a/web/source/settings/lib/query/gts-api.ts
+++ b/web/source/settings/lib/query/gts-api.ts
@@ -160,6 +160,7 @@ export const gtsApi = createApi({
 	reducerPath: "api",
 	baseQuery: gtsBaseQuery,
 	tagTypes: [
+		"Application",
 		"Auth",
 		"Emoji",
 		"Report",
diff --git a/web/source/settings/lib/query/user/applications.ts b/web/source/settings/lib/query/user/applications.ts
new file mode 100644
index 000000000..75292b397
--- /dev/null
+++ b/web/source/settings/lib/query/user/applications.ts
@@ -0,0 +1,86 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import {
+	SearchAppParams,
+	SearchAppResp,
+	App,
+	AppCreateParams,
+} from "../../types/application";
+import { gtsApi } from "../gts-api";
+import parse from "parse-link-header";
+
+const extended = gtsApi.injectEndpoints({
+	endpoints: (build) => ({
+		searchApp: build.query<SearchAppResp, SearchAppParams>({
+			query: (form) => {
+				const params = new(URLSearchParams);
+				Object.entries(form).forEach(([k, v]) => {
+					if (v !== undefined) {
+						params.append(k, v);
+					}
+				});
+
+				let query = "";
+				if (params.size !== 0) {
+					query = `?${params.toString()}`;
+				}
+
+				return {
+					url: `/api/v1/apps${query}`
+				};
+			},
+			// Headers required for paging.
+			transformResponse: (apiResp: App[], meta) => {
+				const apps = apiResp;
+				const linksStr = meta?.response?.headers.get("Link");
+				const links = parse(linksStr);
+				return { apps, links };
+			},
+			providesTags: [{ type: "Application", id: "TRANSFORMED" }]
+		}),
+
+		getApp: build.query<App, string>({
+			query: (id) => ({
+				method: "GET",
+				url: `/api/v1/apps/${id}`,
+			}),
+			providesTags: (_result, _error, id) => [
+				{ type: 'Application', id }
+			],
+		}),
+
+		createApp: build.mutation<App, AppCreateParams>({
+			query: (formData) => ({
+				method: "POST",
+				url: `/api/v1/apps`,
+				asForm: true,
+				body: formData,
+				discardEmpty: true
+			}),
+			invalidatesTags: [{ type: "Application", id: "TRANSFORMED" }],
+		}),
+	})
+});
+
+export const {
+	useLazySearchAppQuery,
+	useCreateAppMutation,
+	useGetAppQuery,
+} = extended;
diff --git a/web/source/settings/lib/types/application.ts b/web/source/settings/lib/types/application.ts
new file mode 100644
index 000000000..125e82c95
--- /dev/null
+++ b/web/source/settings/lib/types/application.ts
@@ -0,0 +1,71 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import { Links } from "parse-link-header";
+
+export interface App {
+	id: string;
+	created_at: string;
+	name: string;
+	website?: string;
+	redirect_uris: string[];
+	redirect_uri: string;
+	client_id: string;
+	client_secret: string;
+	vapid_key: string;
+	scopes: string[];
+}
+
+/**
+ * Parameters for GET to /api/v1/apps.
+ */
+export interface SearchAppParams {
+	/**
+	 * If set, show only items older (ie., lower) than the given ID.
+	 * Item with the given ID will not be included in response.
+	 */
+	max_id?: string;
+	/**
+	 * If set, show only items newer (ie., higher) than the given ID.
+	 * Item with the given ID will not be included in response.
+	 */
+	since_id?: string;
+	/**
+	 * If set, show only items *immediately newer* than the given ID.
+	 * Item with the given ID will not be included in response.
+	 */
+	min_id?: string;
+	/**
+	 * If set, limit returned items to this number.
+	 * Else, fall back to GtS API defaults.
+	 */
+	limit?: number;
+}
+
+export interface SearchAppResp {
+	apps: App[];
+	links: Links | null;
+}
+
+export interface AppCreateParams {
+	client_name: string;
+	redirect_uris: string;
+	scopes: string;
+	website: string;
+}
diff --git a/web/source/settings/style.css b/web/source/settings/style.css
index 5a85f370e..8d47512a6 100644
--- a/web/source/settings/style.css
+++ b/web/source/settings/style.css
@@ -1495,6 +1495,34 @@ button.tab-button {
 	}
 }
 
+.applications-view {
+	.application {
+		.info-list {
+			border: none;
+			width: 100%;
+	
+			.info-list-entry {
+				background: none;
+				padding: 0;
+			}
+
+			> .info-list-entry > .monospace {
+				font-size: large;
+			}
+		}
+	}
+}
+
+.application-details {
+	.info-list {
+		margin-top: 1rem;
+
+		> .info-list-entry > .monospace {
+			font-size: large;
+		}
+	}
+}
+
 .instance-rules {
 	list-style-position: inside;
 	margin: 0;
diff --git a/web/source/settings/views/user/applications/detail.tsx b/web/source/settings/views/user/applications/detail.tsx
new file mode 100644
index 000000000..c9a9bc344
--- /dev/null
+++ b/web/source/settings/views/user/applications/detail.tsx
@@ -0,0 +1,123 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import React, { useMemo } from "react";
+import { useLocation, useParams } from "wouter";
+import FormWithData from "../../../lib/form/form-with-data";
+import BackButton from "../../../components/back-button";
+import { useBaseUrl } from "../../../lib/navigation/util";
+import { InteractionRequest } from "../../../lib/types/interaction";
+import MutationButton from "../../../components/form/mutation-button";
+import { Status } from "../../../components/status";
+import { useGetAppQuery } from "../../../lib/query/user/applications";
+import { App } from "../../../lib/types/application";
+
+export default function AppDetail({ }) {
+	const params: { appId: string } = useParams();
+	const baseUrl = useBaseUrl();
+	const backLocation: String = history.state?.backLocation ?? `~${baseUrl}`;
+
+	return (
+		<div className="application-details">
+			<h1><BackButton to={backLocation}/> Application Details</h1>
+			<FormWithData
+				dataQuery={useGetAppQuery}
+				queryArg={params.appId}
+				DataForm={AppForm}
+				{...{ backLocation: backLocation }}
+			/>
+		</div>
+	);
+}
+
+function AppForm({ data: app, backLocation }: { data: App, backLocation: string }) {	
+	const [ _location, setLocation ] = useLocation();
+
+	const appWebsite = useMemo(() => {
+		if (!app.website) {
+			return "";
+		}
+
+		try {
+			// Try to parse nicely and return link.
+			const websiteURL = new URL(app.website);
+			const websiteURLStr = websiteURL.toString();
+			return (
+				<a
+					href={websiteURLStr}
+					target="_blank"
+					rel="nofollow noreferrer noopener"
+				>{websiteURLStr}</a>
+			);
+		} catch {
+			// Fall back to returning string.
+			return app.website;
+		}
+	}, [app.website]);
+    
+	const created = useMemo(() => {
+		const createdAt = new Date(app.created_at);
+		return <time dateTime={app.created_at}>{createdAt.toDateString()}</time>;
+	}, [app.created_at]);
+
+	const redirectURIs = useMemo(() => {
+		const length = app.redirect_uris.length;
+		if (length === 1)  {
+			return app.redirect_uris[0];
+		}
+
+		return app.redirect_uris.map((redirectURI, i) => {
+			return i === 0 ? <>{redirectURI}</> : <><br/>{redirectURI}</>;
+		});
+
+	}, [app.redirect_uris]);
+
+	return (
+		<>
+			<dl className="info-list">
+				<div className="info-list-entry">
+					<dt>Name:</dt>
+					<dd className="text-cutoff">{app.name}</dd>
+				</div>
+
+				{ appWebsite && 
+					<div className="info-list-entry">
+						<dt>Website:</dt>
+						<dd>{appWebsite}</dd>
+					</div>
+				}
+
+				<div className="info-list-entry">
+					<dt>Created:</dt>
+					<dd>{created}</dd>
+				</div>
+
+				<div className="info-list-entry">
+					<dt>Scopes:</dt>
+					<dd className="monospace">{app.scopes.join(" ")}</dd>
+				</div>
+
+				<div className="info-list-entry">
+					<dt>Redirect URI(s):</dt>
+					<dd className="monospace">{redirectURIs}</dd>
+				</div>
+			</dl>
+		</>
+	);
+}
diff --git a/web/source/settings/views/user/applications/index.tsx b/web/source/settings/views/user/applications/index.tsx
new file mode 100644
index 000000000..0a86adf16
--- /dev/null
+++ b/web/source/settings/views/user/applications/index.tsx
@@ -0,0 +1,44 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import React from "react";
+import AppsSearchForm from "./search";
+
+export default function Applications() {
+	return (
+		<div className="applications-view">
+			<div className="form-section-docs">
+				<h1>Applications</h1>
+				<p>
+					On this page you can search through applications you've created.
+					To manage an application, click on it to go to the detailed view.
+				</p>
+				<a
+					href="https://docs.gotosocial.org/en/latest/user_guide/settings/#applications"
+					target="_blank"
+					className="docslink"
+					rel="noreferrer"
+				>
+					Learn more about managing your applications (opens in a new tab)
+				</a>
+			</div>
+			<AppsSearchForm />
+		</div>
+	);
+}
diff --git a/web/source/settings/views/user/applications/new.tsx b/web/source/settings/views/user/applications/new.tsx
new file mode 100644
index 000000000..436a1f13b
--- /dev/null
+++ b/web/source/settings/views/user/applications/new.tsx
@@ -0,0 +1,134 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import React from "react";
+import useFormSubmit from "../../../lib/form/submit";
+import { useTextInput } from "../../../lib/form";
+import MutationButton from "../../../components/form/mutation-button";
+import { TextArea, TextInput } from "../../../components/form/inputs";
+import { useLocation } from "wouter";
+import { useCreateAppMutation } from "../../../lib/query/user/applications";
+import { urlValidator } from "../../../lib/util/formvalidators";
+
+export default function NewApp() {
+	const [ _location, setLocation ] = useLocation();
+
+	const form = {
+		name: useTextInput("client_name"),
+		redirect_uris: useTextInput("redirect_uris", {
+			validator: (redirectURIs: string) => {
+				if (redirectURIs === "") {
+					return "";
+				}
+
+				const invalids = redirectURIs.
+					split("\n").
+					map(redirectURI => redirectURI === "urn:ietf:wg:oauth:2.0:oob" ? "" : urlValidator(redirectURI)).
+					flatMap((invalid) => invalid || []);
+
+				return invalids.join(", ");
+			}
+		}),
+		scopes: useTextInput("scopes"),
+		website: useTextInput("website", {
+			validator: urlValidator,
+		}),
+	};
+
+	const [formSubmit, result] = useFormSubmit(
+		form,
+		useCreateAppMutation(),
+		{
+			changedOnly: false,
+			onFinish: (res) => {
+				if (res.data) {
+					// Creation successful,
+					// redirect to apps overview.
+					setLocation(`/search`);
+				}
+			},
+		});
+
+	return (
+		<form
+			onSubmit={formSubmit}
+			// Prevent password managers
+			// trying to fill in fields.
+			autoComplete="off"
+		>
+			<div className="form-section-docs">
+				<h2>New Application</h2>
+				<p>
+					On this page you can create a new managed OAuth application, with the specified redirect URIs and scopes.
+					<br/>Application name is required, but other fields are optional.
+					<br/>If not specified, redirect URIs defaults to <code>urn:ietf:wg:oauth:2.0:oob</code>, and scopes defaults to <code>read</code>.
+				</p>
+				<a
+					href="https://docs.gotosocial.org/en/latest/user_guide/settings/#applications"
+					target="_blank"
+					className="docslink"
+					rel="noreferrer"
+				>
+					Learn more about application redirect URIs and scopes (opens in a new tab)
+				</a>
+			</div>
+
+			<TextInput
+				field={form.name}
+				label="Application name"
+				placeholder="My Cool Application"
+				autoCapitalize="words"
+				spellCheck="false"
+				required={true}
+			/>
+
+			<TextInput
+				field={form.website}
+				label="Application website (optional)"
+				placeholder="https://example.org/my_cool_application"
+				autoCapitalize="none"
+				spellCheck="false"
+				type="url"
+			/>
+
+			<TextArea
+				field={form.redirect_uris}
+				label="Redirect URIs (optional, newline-separated entries)"
+				placeholder={`https://example.org/my_cool_application`}
+				autoCapitalize="none"
+				spellCheck="false"
+				rows={5}
+			/>
+
+			<TextInput
+				field={form.scopes}
+				label="Scopes (optional, space-separated entries)"
+				placeholder={`read write push`}
+				autoCapitalize="none"
+				spellCheck="false"
+			/>
+
+			<MutationButton
+				label="Create"
+				result={result}
+				disabled={!form.name.value}
+			/>
+		</form>
+	);
+}
diff --git a/web/source/settings/views/user/applications/search.tsx b/web/source/settings/views/user/applications/search.tsx
new file mode 100644
index 000000000..b74484f58
--- /dev/null
+++ b/web/source/settings/views/user/applications/search.tsx
@@ -0,0 +1,225 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import React, { ReactNode, useEffect, useMemo } from "react";
+
+import { useTextInput } from "../../../lib/form";
+import { PageableList } from "../../../components/pageable-list";
+import MutationButton from "../../../components/form/mutation-button";
+import { useLocation, useSearch } from "wouter";
+import { Select } from "../../../components/form/inputs";
+import { useLazySearchAppQuery } from "../../../lib/query/user/applications";
+import { App } from "../../../lib/types/application";
+
+export default function ApplicationsSearchForm() {
+	const [ location, setLocation ] = useLocation();
+	const search = useSearch();
+	const urlQueryParams = useMemo(() => new URLSearchParams(search), [search]);
+	const [ searchApps, searchRes ] = useLazySearchAppQuery();
+
+	// Populate search form using values from
+	// urlQueryParams, to allow paging.
+	const form = {
+		limit: useTextInput("limit", { defaultValue: urlQueryParams.get("limit") ?? "20" })
+	};
+
+	// On mount, trigger search.
+	useEffect(() => {
+		searchApps(Object.fromEntries(urlQueryParams), true);
+	}, [urlQueryParams, searchApps]);
+
+	// Rather than triggering the search directly,
+	// the "submit" button changes the location
+	// based on form field params, and lets the
+	// useEffect hook above actually do the search.
+	function submitQuery(e) {
+		e.preventDefault();
+
+		// Parse query parameters.
+		const entries = Object.entries(form).map(([k, v]) => {
+			// Take only defined form fields.
+			if (v.value === undefined) {
+				return null;
+			} else if (typeof v.value === "string" && v.value.length === 0) {
+				return null;
+			}
+
+			return [[k, v.value.toString()]];
+		}).flatMap(kv => {
+			// Remove any nulls.
+			return kv !== null ? kv : [];
+		});
+
+		const searchParams = new URLSearchParams(entries);
+		setLocation(location + "?" + searchParams.toString());
+	}
+
+	// Location to return to when user clicks
+	// "back" on the application detail view.
+	const backLocation = location + (urlQueryParams.size > 0 ? `?${urlQueryParams}` : "");
+
+	// Function to map an item to a list entry.
+	function itemToEntry(application: App): ReactNode {
+		return (
+			<ApplicationListEntry
+				key={application.id}
+				app={application}
+				linkTo={`/${application.id}`}
+				backLocation={backLocation}
+			/>
+		);
+	}
+
+	return (
+		<>
+			<form
+				onSubmit={submitQuery}
+				// Prevent password managers
+				// trying to fill in fields.
+				autoComplete="off"
+			>
+				<Select
+					field={form.limit}
+					label="Items per page"
+					options={
+						<>
+							<option value="20">20</option>
+							<option value="50">50</option>
+							<option value="0">No limit / show all</option>
+						</>
+					}
+				></Select>
+				<MutationButton
+					disabled={false}
+					label={"Search"}
+					result={searchRes}
+				/>
+			</form>
+			<PageableList
+				isLoading={searchRes.isLoading}
+				isFetching={searchRes.isFetching}
+				isSuccess={searchRes.isSuccess}
+				items={searchRes.data?.apps}
+				itemToEntry={itemToEntry}
+				isError={searchRes.isError}
+				error={searchRes.error}
+				emptyMessage={<b>No applications found.</b>}
+				prevNextLinks={searchRes.data?.links}
+			/>
+		</>
+	);
+}
+
+interface ApplicationListEntryProps {
+	app: App;
+	linkTo: string;
+	backLocation: string;
+}
+
+function ApplicationListEntry({ app, linkTo, backLocation }: ApplicationListEntryProps) {
+	const [ _location, setLocation ] = useLocation();
+	
+	const appWebsite = useMemo(() => {
+		if (!app.website) {
+			return "";
+		}
+
+		try {
+			// Try to parse nicely and return link.
+			const websiteURL = new URL(app.website);
+			const websiteURLStr = websiteURL.toString();
+			return (
+				<a
+					href={websiteURLStr}
+					target="_blank"
+					rel="nofollow noreferrer noopener"
+				>{websiteURLStr}</a>
+			);
+		} catch {
+			// Fall back to returning string.
+			return app.website;
+		}
+	}, [app.website]);
+    
+	const created = useMemo(() => {
+		const createdAt = new Date(app.created_at);
+		return <time dateTime={app.created_at}>{createdAt.toDateString()}</time>;
+	}, [app.created_at]);
+
+	const redirectURIs = useMemo(() => {
+		const length = app.redirect_uris.length;
+		if (length === 1)  {
+			return app.redirect_uris[0];
+		}
+
+		return app.redirect_uris.map((redirectURI, i) => {
+			return i === 0 ? <>{redirectURI}</> : <><br/>{redirectURI}</>;
+		});
+		
+	}, [app.redirect_uris]);
+
+	return (
+		<span
+			className={`pseudolink application entry`}
+			aria-label={`${app.name}`}
+			title={`${app.name}`}
+			onClick={() => {
+				// When clicking on an app, direct
+				// to the detail view for that app.
+				setLocation(linkTo, {
+					// Store the back location in history so
+					// the detail view can use it to return to
+					// this page (including query parameters).
+					state: { backLocation: backLocation }
+				});
+			}}
+			role="link"
+			tabIndex={0}
+		>
+			<dl className="info-list">
+				<div className="info-list-entry">
+					<dt>Name:</dt>
+					<dd className="text-cutoff">{app.name}</dd>
+				</div>
+
+				{ appWebsite && 
+					<div className="info-list-entry">
+						<dt>Website:</dt>
+						<dd className="text-cutoff">{appWebsite}</dd>
+					</div>
+				}
+
+				<div className="info-list-entry">
+					<dt>Created:</dt>
+					<dd className="text-cutoff">{created}</dd>
+				</div>
+
+				<div className="info-list-entry">
+					<dt>Scopes:</dt>
+					<dd className="text-cutoff monospace">{app.scopes.join(" ")}</dd>
+				</div>
+
+				<div className="info-list-entry">
+					<dt>Redirect URI(s):</dt>
+					<dd className="text-cutoff monospace">{redirectURIs}</dd>
+				</div>
+			</dl>
+		</span>
+	);
+}
diff --git a/web/source/settings/views/user/menu.tsx b/web/source/settings/views/user/menu.tsx
index 570912ef2..bf4c2a7ac 100644
--- a/web/source/settings/views/user/menu.tsx
+++ b/web/source/settings/views/user/menu.tsx
@@ -68,6 +68,23 @@ export default function UserMenu() {
 				itemUrl="tokens"
 				icon="fa-certificate"
 			/>
+			<MenuItem
+				name="Applications"
+				itemUrl="applications"
+				defaultChild="search"
+				icon="fa-plug"
+			>
+				<MenuItem
+					name="Search"
+					itemUrl="search"
+					icon="fa-list"
+				/>
+				<MenuItem
+					name="New Application"
+					itemUrl="new"
+					icon="fa-plus"
+				/>
+			</MenuItem>
 		</MenuItem>
 	);
 }
diff --git a/web/source/settings/views/user/router.tsx b/web/source/settings/views/user/router.tsx
index be1fa4434..4b60ee731 100644
--- a/web/source/settings/views/user/router.tsx
+++ b/web/source/settings/views/user/router.tsx
@@ -29,6 +29,9 @@ import ExportImport from "./export-import";
 import InteractionRequests from "./interactions";
 import InteractionRequestDetail from "./interactions/detail";
 import Tokens from "./tokens";
+import Applications from "./applications";
+import NewApp from "./applications/new";
+import AppDetail from "./applications/detail";
 
 /**
  * - /settings/user/profile
@@ -55,6 +58,7 @@ export default function UserRouter() {
 						<Route path="/migration" component={UserMigration} />
 						<Route path="/export-import" component={ExportImport} />
 						<Route path="/tokens" component={Tokens} />
+						<ApplicationsRouter />
 						<InteractionRequestsRouter />
 						<Route><Redirect to="/profile" /></Route>
 					</Switch>
@@ -64,6 +68,29 @@ export default function UserRouter() {
 	);
 }
 
+/**
+ * - /settings/users/applications/search
+ * - /settings/users/applications/{appID}
+ */
+function ApplicationsRouter() {
+	const parentUrl = useBaseUrl();
+	const thisBase = "/applications";
+	const absBase = parentUrl + thisBase;
+
+	return (
+		<BaseUrlContext.Provider value={absBase}>
+			<Router base={thisBase}>
+				<Switch>
+					<Route path="/search" component={Applications} />
+					<Route path="/new" component={NewApp} />
+					<Route path="/:appId" component={AppDetail} />
+					<Route><Redirect to="/search"/></Route>
+				</Switch>
+			</Router>
+		</BaseUrlContext.Provider>
+	);
+}
+
 /**
  * - /settings/users/interaction_requests/search
  * - /settings/users/interaction_requests/{reqId}