From ff933812f580670e085f594522cb127f26680bef Mon Sep 17 00:00:00 2001
From: Bobby Rullo <bobby.rullo@coreos.com>
Date: Thu, 16 Jun 2016 10:50:13 -0700
Subject: [PATCH] schema: add public clients to schema

and update docs
---
 schema/adminschema/README.md  |  3 ++-
 schema/adminschema/v1-gen.go  | 30 +++++++++++++++++++-----------
 schema/adminschema/v1-json.go |  8 ++++++--
 schema/adminschema/v1.json    |  8 ++++++--
 4 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/schema/adminschema/README.md b/schema/adminschema/README.md
index a3f0650b..133df9ba 100644
--- a/schema/adminschema/README.md
+++ b/schema/adminschema/README.md
@@ -26,11 +26,12 @@ __Version:__ v1
 
 ```
 {
-    clientName: string // OPTIONAL. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) .,
+    clientName: string // OPTIONAL for normal cliens. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public clients,
     clientURI: string // OPTIONAL. URL of the home page of the Client. The value of this field MUST point to a valid Web page. If present, the server SHOULD display this URL to the End-User in a followable fashion. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) .,
     id: string // The client ID. Ignored in client create requests.,
     isAdmin: boolean,
     logoURI: string // OPTIONAL. URL that references a logo for the Client application. If present, the server SHOULD display this image to the End-User during approval. The value of this field MUST point to a valid image file. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) .,
+    public: boolean // OPTIONAL. Determines if the client is public. Public clients have certain restrictions: They cannot use their credentials to obtain a client JWT. Their redirects URLs cannot be specified: they are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob,
     redirectURIs: [
         string
     ],
diff --git a/schema/adminschema/v1-gen.go b/schema/adminschema/v1-gen.go
index 2f897d09..c441eae5 100644
--- a/schema/adminschema/v1-gen.go
+++ b/schema/adminschema/v1-gen.go
@@ -110,10 +110,11 @@ type Admin struct {
 }
 
 type Client struct {
-	// ClientName: OPTIONAL. Name of the Client to be presented to the
-	// End-User. If desired, representation of this Claim in different
-	// languages and scripts is represented as described in Section 2.1 (
-	// Metadata Languages and Scripts ) .
+	// ClientName: OPTIONAL for normal cliens. Name of the Client to be
+	// presented to the End-User. If desired, representation of this Claim
+	// in different languages and scripts is represented as described in
+	// Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public
+	// clients
 	ClientName string `json:"clientName,omitempty"`
 
 	// ClientURI: OPTIONAL. URL of the home page of the Client. The value of
@@ -137,13 +138,20 @@ type Client struct {
 	// Section 2.1 ( Metadata Languages and Scripts ) .
 	LogoURI string `json:"logoURI,omitempty"`
 
-	// RedirectURIs: REQUIRED. Array of Redirection URI values used by the
-	// Client. One of these registered Redirection URI values MUST exactly
-	// match the redirect_uri parameter value used in each Authorization
-	// Request, with the matching performed as described in Section 6.2.1 of
-	// [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter,
-	// “Uniform Resource Identifier (URI): Generic Syntax,” January
-	// 2005. ) (Simple String Comparison).
+	// Public: OPTIONAL. Determines if the client is public. Public clients
+	// have certain restrictions: They cannot use their credentials to
+	// obtain a client JWT. Their redirects URLs cannot be specified: they
+	// are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob
+	Public bool `json:"public,omitempty"`
+
+	// RedirectURIs: REQUIRED for normal clients. Array of Redirection URI
+	// values used by the Client. One of these registered Redirection URI
+	// values MUST exactly match the redirect_uri parameter value used in
+	// each Authorization Request, with the matching performed as described
+	// in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L.
+	// Masinter, “Uniform Resource Identifier (URI): Generic Syntax,”
+	// January 2005. ) (Simple String Comparison). DISALLOWED for public
+	// clients.
 	RedirectURIs []string `json:"redirectURIs,omitempty"`
 
 	// Secret: The client secret. Ignored in client create requests.
diff --git a/schema/adminschema/v1-json.go b/schema/adminschema/v1-json.go
index aebdbfae..acb2345d 100644
--- a/schema/adminschema/v1-json.go
+++ b/schema/adminschema/v1-json.go
@@ -72,11 +72,11 @@ const DiscoveryJSON = `{
           "items": {
             "type": "string"
           },
-          "description": "REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison)."
+          "description": "REQUIRED for normal clients. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison). DISALLOWED for public clients."
         },
         "clientName": {
           "type": "string",
-          "description": "OPTIONAL. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ."
+          "description": "OPTIONAL for normal cliens. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public clients"
         },
         "logoURI": {
           "type": "string",
@@ -92,6 +92,10 @@ const DiscoveryJSON = `{
             "type": "string"
           },
           "description": "Array of ClientIDs of clients that are allowed to mint ID tokens for the client being created."
+        },
+        "public": {
+          "type": "boolean",
+          "description": "OPTIONAL. Determines if the client is public. Public clients have certain restrictions: They cannot use their credentials to obtain a client JWT. Their redirects URLs cannot be specified: they are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob"
         }
       }
     },
diff --git a/schema/adminschema/v1.json b/schema/adminschema/v1.json
index 6e868461..7ca75c1d 100644
--- a/schema/adminschema/v1.json
+++ b/schema/adminschema/v1.json
@@ -65,11 +65,11 @@
           "items": {
             "type": "string"
           },
-          "description": "REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison)."
+          "description": "REQUIRED for normal clients. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison). DISALLOWED for public clients."
         },
         "clientName": {
           "type": "string",
-          "description": "OPTIONAL. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ."
+          "description": "OPTIONAL for normal cliens. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public clients"
         },
         "logoURI": {
           "type": "string",
@@ -85,6 +85,10 @@
             "type": "string"
           },
           "description": "Array of ClientIDs of clients that are allowed to mint ID tokens for the client being created."
+        },
+        "public": {
+          "type": "boolean",
+          "description": "OPTIONAL. Determines if the client is public. Public clients have certain restrictions: They cannot use their credentials to obtain a client JWT. Their redirects URLs cannot be specified: they are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob."
         }
       }
     },