From 8382cbe0c3f335fae4cb929d70b547085e587c6f Mon Sep 17 00:00:00 2001
From: wangjianhong <546732225seven@gmail.com>
Date: Wed, 23 Jul 2025 22:18:48 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B3=A8=E5=86=8CCA=E5=AE=A2=E6=88=B7=E7=AB=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../RegisteredClientRepositoryStore.java      | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java b/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java
index 8e14862..ad03167 100644
--- a/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java
+++ b/src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java
@@ -73,6 +73,33 @@ public class RegisteredClientRepositoryStore {
                         .build())
                 .build();
 
-        return new InMemoryRegisteredClientRepository(oidcClient, gatewayClient);
+        RegisteredClient certificateClient = RegisteredClient.withId(UUID.randomUUID().toString())
+                .clientId("certificate-authority-client")
+                .clientSecret(bCryptPasswordEncoder.encode("certificate-authority-secret"))
+                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+                // 回调地址（授权码返回地址）
+                .redirectUris(uris -> uris.addAll(
+                        List.of(
+                                "http://127.0.0.1:8092/login/oauth2/code/messaging-client-oidc",
+                                "http://127.0.0.1:9529/callback"
+                        )
+                ))
+                .postLogoutRedirectUri("http://127.0.0.1:8082/logged-out")
+                .scope(OidcScopes.OPENID)
+                .scope(OidcScopes.PROFILE)
+                .scope("certificate.read")
+                .scope("certificate.write")
+                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
+                .tokenSettings(TokenSettings.builder()
+                        .accessTokenTimeToLive(Duration.ofHours(1))
+                        .refreshTokenTimeToLive(Duration.ofHours(10))
+                        .build())
+                .build();
+
+
+        return new InMemoryRegisteredClientRepository(oidcClient,gatewayClient, certificateClient);
     }
 }