diff --git a/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java b/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java index 8e14862..ad03167 100644 --- a/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java +++ b/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java @@ -73,6 +73,33 @@ public class RegisteredClientRepositoryStore { .build()) .build(); - return new InMemoryRegisteredClientRepository(oidcClient, gatewayClient); + RegisteredClient certificateClient = RegisteredClient.withId(UUID.randomUUID().toString()) + .clientId("certificate-authority-client") + .clientSecret(bCryptPasswordEncoder.encode("certificate-authority-secret")) + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) + .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) + // 回调地址(授权码返回地址) + .redirectUris(uris -> uris.addAll( + List.of( + "http://127.0.0.1:8092/login/oauth2/code/messaging-client-oidc", + "http://127.0.0.1:9529/callback" + ) + )) + .postLogoutRedirectUri("http://127.0.0.1:8082/logged-out") + .scope(OidcScopes.OPENID) + .scope(OidcScopes.PROFILE) + .scope("certificate.read") + .scope("certificate.write") + .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build()) + .tokenSettings(TokenSettings.builder() + .accessTokenTimeToLive(Duration.ofHours(1)) + .refreshTokenTimeToLive(Duration.ofHours(10)) + .build()) + .build(); + + + return new InMemoryRegisteredClientRepository(oidcClient,gatewayClient, certificateClient); } }