func (h *Handler) createRootIfNewInstall(c *config.Config) { ctx := c.Context() clients, err := h.Clients.Manager.GetClients() pkg.Must(err, "Could not fetch client list: %s", err) if len(clients) != 0 { return } rs, err := pkg.GenerateSecret(16) pkg.Must(err, "Could notgenerate secret because %s", err) secret := []byte(string(rs)) logrus.Warn("No clients were found. Creating a temporary root client...") root := &fosite.DefaultClient{ Name: "This temporary client is generated by hydra and is granted all of hydra's administrative privileges. It must be removed when everything is set up.", GrantTypes: []string{"client_credentials", "authorization_code"}, ResponseTypes: []string{"token", "code"}, GrantedScopes: []string{"hydra", "core"}, RedirectURIs: []string{"http://localhost:4445/callback"}, Secret: secret, } err = h.Clients.Manager.CreateClient(root) pkg.Must(err, "Could not create temporary root because %s", err) err = ctx.LadonManager.Create(&ladon.DefaultPolicy{ Description: "This is a policy created by hydra and issued to the first client. It grants all of hydra's administrative privileges to the client and enables the client_credentials response type.", Subjects: []string{root.GetID()}, Effect: ladon.AllowAccess, Resources: []string{"rn:hydra:<.*>"}, Actions: []string{"<.*>"}, }) pkg.Must(err, "Could not create admin policy because %s", err) c.Lock() c.ClientID = root.ID c.ClientSecret = string(secret) c.Unlock() logrus.Warn("Temporary root client created.") logrus.Warnf("client_id: %s", root.GetID()) logrus.Warnf("client_secret: %s", string(secret)) logrus.Warn("The root client must be removed in production. The root's credentials could be accidentally logged.") }
func (c *Config) GetSystemSecret() []byte { c.Lock() defer c.Unlock() if len(c.SystemSecret) >= 16 { hash := sha256.Sum256(c.SystemSecret) c.SystemSecret = hash[:] return c.SystemSecret } logrus.Warnf("Expected system secret to be at least %d characters long but only got %d characters.", 32, len(c.SystemSecret)) logrus.Warnln("Generating a random system secret...") var err error c.SystemSecret, err = pkg.GenerateSecret(32) pkg.Must(err, "Could not generate global secret: %s", err) logrus.Warnf("Generated system secret: %s", c.SystemSecret) logrus.Warnln("Do not auto-generate system secrets in production.") hash := sha256.Sum256(c.SystemSecret) c.SystemSecret = hash[:] return c.SystemSecret }
func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) { var err error h.M.Dry = *h.Config.Dry h.M.Endpoint = h.Config.Resolve("/clients") h.M.Client = h.Config.OAuth2Client(cmd) responseTypes, _ := cmd.Flags().GetStringSlice("response-types") grantTypes, _ := cmd.Flags().GetStringSlice("grant-types") allowedScopes, _ := cmd.Flags().GetStringSlice("allowed-scopes") callbacks, _ := cmd.Flags().GetStringSlice("callbacks") name, _ := cmd.Flags().GetString("name") id, _ := cmd.Flags().GetString("id") secret, err := pkg.GenerateSecret(26) pkg.Must(err, "Could not generate secret: %s", err) client := &fosite.DefaultClient{ ID: id, Secret: secret, ResponseTypes: responseTypes, GrantedScopes: allowedScopes, GrantTypes: grantTypes, RedirectURIs: callbacks, Name: name, } err = h.M.CreateClient(client) if h.M.Dry { fmt.Printf("%s\n", err) return } pkg.Must(err, "Could not create client: %s", err) fmt.Printf("Client ID: %s\n", client.ID) fmt.Printf("Client Secret: %s\n", secret) }