*: add isAdmin option to client repo when creating a client

client/client.go

@@ -33,7 +33,7 @@ type ClientIdentityRepo interface {
 	// New registers a ClientIdentity with the repo for the given metadata.
 	// An unused ID must be provided. A corresponding secret will be returned
 	// in a ClientCredentials struct along with the provided ID.
-	New(id string, meta oidc.ClientMetadata) (*oidc.ClientCredentials, error)
+	New(id string, meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error)
 
 	SetDexAdmin(clientID string, isAdmin bool) error
 

cmd/dexctl/driver_db.go

@@ -36,7 +36,7 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
 		return nil, err
 	}
 
-	return d.ciRepo.New(clientID, meta)
+	return d.ciRepo.New(clientID, meta, false)
 }
 
 func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {

db/client.go

@@ -234,7 +234,7 @@ func isAlreadyExistsErr(err error) bool {
 	return false
 }
 
-func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
+func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error) {
 	secret, err := pcrypto.RandBytes(maxSecretLength)
 	if err != nil {
 		return nil, err
@@ -244,6 +244,7 @@ func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata) (*oidc.Cli
 	if err != nil {
 		return nil, err
 	}
+	cim.DexAdmin = admin
 
 	if err := r.executor(nil).Insert(cim); err != nil {
 		if isAlreadyExistsErr(err) {

functional/db_test.go

@@ -191,7 +191,7 @@ func TestDBClientIdentityRepoMetadata(t *testing.T) {
 		},
 	}
 
-	_, err := r.New("foo", cm)
+	_, err := r.New("foo", cm, false)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
@@ -227,7 +227,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
 		},
 	}
 
-	if _, err := r.New("foo", meta1); err != nil {
+	if _, err := r.New("foo", meta1, false); err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
@@ -237,7 +237,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
 		},
 	}
 
-	if _, err := r.New("foo", meta2); err == nil {
+	if _, err := r.New("foo", meta2, false); err == nil {
 		t.Fatalf("expected non-nil error")
 	}
 }
@@ -251,7 +251,7 @@ func TestDBClientIdentityRepoAuthenticate(t *testing.T) {
 		},
 	}
 
-	cc, err := r.New("baz", cm)
+	cc, err := r.New("baz", cm, false)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
@@ -299,7 +299,7 @@ func TestDBClientIdentityAll(t *testing.T) {
 		},
 	}
 
-	_, err := r.New("foo", cm)
+	_, err := r.New("foo", cm, false)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
@@ -322,7 +322,7 @@ func TestDBClientIdentityAll(t *testing.T) {
 			url.URL{Scheme: "http", Host: "foo.com", Path: "/cb"},
 		},
 	}
-	_, err = r.New("bar", cm)
+	_, err = r.New("bar", cm, false)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}

server/client_registration.go

@@ -43,7 +43,7 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
 		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
 	}
 
-	creds, err := s.ClientIdentityRepo.New(id, clientMetadata)
+	creds, err := s.ClientIdentityRepo.New(id, clientMetadata, false)
 	if err != nil {
 		log.Errorf("Failed to create new client identity: %v", err)
 		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")

server/client_resource.go

@@ -96,7 +96,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	creds, err := c.repo.New(clientID, ci.Metadata)
+	creds, err := c.repo.New(clientID, ci.Metadata, false)
 	if err != nil {
 		log.Errorf("Failed creating client: %v", err)
 		writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to create client"))