func (h *Handler) createRootIfNewInstall(c *config.Config) { ctx := c.Context() clients, err := h.Clients.Manager.GetClients() pkg.Must(err, "Could not fetch client list: %s", err) if len(clients) != 0 { return } rs, err := pkg.GenerateSecret(16) pkg.Must(err, "Could notgenerate secret because %s", err) secret := []byte(string(rs)) logrus.Warn("No clients were found. Creating a temporary root client...") root := &fosite.DefaultClient{ Name: "This temporary client is generated by hydra and is granted all of hydra's administrative privileges. It must be removed when everything is set up.", GrantTypes: []string{"client_credentials", "authorization_code"}, ResponseTypes: []string{"token", "code"}, GrantedScopes: []string{"hydra", "core"}, RedirectURIs: []string{"http://localhost:4445/callback"}, Secret: secret, } err = h.Clients.Manager.CreateClient(root) pkg.Must(err, "Could not create temporary root because %s", err) err = ctx.LadonManager.Create(&ladon.DefaultPolicy{ Description: "This is a policy created by hydra and issued to the first client. It grants all of hydra's administrative privileges to the client and enables the client_credentials response type.", Subjects: []string{root.GetID()}, Effect: ladon.AllowAccess, Resources: []string{"rn:hydra:<.*>"}, Actions: []string{"<.*>"}, }) pkg.Must(err, "Could not create admin policy because %s", err) c.Lock() c.ClientID = root.ID c.ClientSecret = string(secret) c.Unlock() logrus.Warn("Temporary root client created.") logrus.Warnf("client_id: %s", root.GetID()) logrus.Warnf("client_secret: %s", string(secret)) logrus.Warn("The root client must be removed in production. The root's credentials could be accidentally logged.") }