func (h *Handler) createRootIfNewInstall(c *config.Config) {
ctx := c.Context()
clients, err := h.Clients.Manager.GetClients()
pkg.Must(err, "Could not fetch client list: %s", err)
if len(clients) != 0 {
return
}
rs, err := pkg.GenerateSecret(16)
pkg.Must(err, "Could notgenerate secret because %s", err)
secret := []byte(string(rs))
logrus.Warn("No clients were found. Creating a temporary root client...")
root := &fosite.DefaultClient{
Name: "This temporary client is generated by hydra and is granted all of hydra's administrative privileges. It must be removed when everything is set up.",
GrantTypes: []string{"client_credentials", "authorization_code"},
ResponseTypes: []string{"token", "code"},
GrantedScopes: []string{"hydra", "core"},
RedirectURIs: []string{"http://localhost:4445/callback"},
Secret: secret,
}
err = h.Clients.Manager.CreateClient(root)
pkg.Must(err, "Could not create temporary root because %s", err)
err = ctx.LadonManager.Create(&ladon.DefaultPolicy{
Description: "This is a policy created by hydra and issued to the first client. It grants all of hydra's administrative privileges to the client and enables the client_credentials response type.",
Subjects: []string{root.GetID()},
Effect: ladon.AllowAccess,
Resources: []string{"rn:hydra:<.*>"},
Actions: []string{"<.*>"},
})
pkg.Must(err, "Could not create admin policy because %s", err)
c.Lock()
c.ClientID = root.ID
c.ClientSecret = string(secret)
c.Unlock()
logrus.Warn("Temporary root client created.")
logrus.Warnf("client_id: %s", root.GetID())
logrus.Warnf("client_secret: %s", string(secret))
logrus.Warn("The root client must be removed in production. The root's credentials could be accidentally logged.")
}
