client manager: accept full client when creating

admin/api.go

@@ -138,7 +138,7 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem
 	}
 
 	// metadata is guaranteed to have at least one redirect_uri by earlier validation.
-	creds, err := a.clientManager.New(cli.Metadata)
+	creds, err := a.clientManager.New(cli)
 	if err != nil {
 		return adminschema.ClientCreateResponse{}, mapError(err)
 	}

client/manager/manager.go

@@ -77,11 +77,10 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
 			return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
 		}
 
-		cli, err := clientManager.clientFromMetadata(c.Metadata)
+		cli, err := clientManager.generateClientCredentials(c)
 		if err != nil {
 			return nil, err
 		}
-		cli.Admin = c.Admin
 
 		_, err = clientRepo.New(tx, cli)
 		if err != nil {
@@ -94,22 +93,22 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
 	return clientManager, nil
 }
 
-func (m *ClientManager) New(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
+func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) {
 	tx, err := m.begin()
 	if err != nil {
 		return nil, err
 	}
 	defer tx.Rollback()
 
-	cli, err := m.clientFromMetadata(meta)
+	c, err := m.generateClientCredentials(cli)
 	if err != nil {
 		return nil, err
 	}
 
-	creds := cli.Credentials
+	creds := c.Credentials
 
 	// Save Client
-	_, err = m.clientRepo.New(tx, cli)
+	_, err = m.clientRepo.New(tx, c)
 	if err != nil {
 		return nil, err
 	}
@@ -190,28 +189,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error)
 	return ok, nil
 }
 
-func (m *ClientManager) clientFromMetadata(meta oidc.ClientMetadata) (client.Client, error) {
+func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) {
 	// Generate Client ID
-	if len(meta.RedirectURIs) < 1 {
-		return client.Client{}, errors.New("no client redirect url given")
+	if len(cli.Metadata.RedirectURIs) < 1 {
+		return cli, errors.New("no client redirect url given")
 	}
-	clientID, err := m.clientIDGenerator(meta.RedirectURIs[0].Host)
+	clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host)
 	if err != nil {
-		return client.Client{}, err
+		return cli, err
 	}
 
 	// Generate Secret
 	secret, err := m.secretGenerator()
 	if err != nil {
-		return client.Client{}, err
+		return cli, err
 	}
 	clientSecret := base64.URLEncoding.EncodeToString(secret)
-	cli := client.Client{
-		Credentials: oidc.ClientCredentials{
-			ID:     clientID,
-			Secret: clientSecret,
-		},
-		Metadata: meta,
+	cli.Credentials = oidc.ClientCredentials{
+		ID:     clientID,
+		Secret: clientSecret,
 	}
 	return cli, nil
 }

client/manager/manager_test.go

@@ -126,8 +126,10 @@ func TestAuthenticate(t *testing.T) {
 			url.URL{Scheme: "http", Host: "example.com", Path: "/cb"},
 		},
 	}
-
-	cc, err := f.mgr.New(cm)
+	cli := client.Client{
+		Metadata: cm,
+	}
+	cc, err := f.mgr.New(cli)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}

cmd/dexctl/driver_db.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"github.com/coreos/dex/client"
 	"github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/connector"
 	"github.com/coreos/dex/db"
@@ -30,7 +31,10 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
 	if err := meta.Valid(); err != nil {
 		return nil, err
 	}
-	return d.ciManager.New(meta)
+	cli := client.Client{
+		Metadata: meta,
+	}
+	return d.ciManager.New(cli)
 }
 
 func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {

functional/db_test.go

@@ -313,8 +313,10 @@ func TestDBClientRepoAuthenticate(t *testing.T) {
 			url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
 		},
 	}
-
-	cc, err := m.New(cm)
+	cli := client.Client{
+		Metadata: cm,
+	}
+	cc, err := m.New(cli)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}

server/auth_middleware_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/coreos/dex/client"
 	clientmanager "github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/db"
 	"github.com/coreos/go-oidc/jose"
@@ -33,7 +34,10 @@ func TestClientToken(t *testing.T) {
 	dbm := db.NewMemDB()
 	clientRepo := db.NewClientRepo(dbm)
 	clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbm), clientmanager.ManagerOptions{})
-	creds, err := clientManager.New(clientMetadata)
+	cli := client.Client{
+		Metadata: clientMetadata,
+	}
+	creds, err := clientManager.New(cli)
 	if err != nil {
 		t.Fatalf("Failed to create client: %v", err)
 	}

server/client_registration.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/coreos/dex/client"
 	"github.com/coreos/dex/pkg/log"
 
 	"github.com/coreos/go-oidc/oauth2"
@@ -38,7 +39,10 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
 	}
 
 	// metadata is guarenteed to have at least one redirect_uri by earlier validation.
-	creds, err := s.ClientManager.New(clientMetadata)
+	cli := client.Client{
+		Metadata: clientMetadata,
+	}
+	creds, err := s.ClientManager.New(cli)
 	if err != nil {
 		log.Errorf("Failed to create new client identity: %v", err)
 		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")

server/client_resource.go

@@ -87,7 +87,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
 		writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
 		return
 	}
-	creds, err := c.manager.New(ci.Metadata)
+	creds, err := c.manager.New(ci)
 
 	if err != nil {
 		log.Errorf("Failed creating client: %v", err)