注册CA客户端

src/main/java/com/arrokoth/standalone/authorization/store/RegisteredClientRepositoryStore.java

@@ -73,6 +73,33 @@ public class RegisteredClientRepositoryStore {
                         .build())
                 .build();
 
-        return new InMemoryRegisteredClientRepository(oidcClient, gatewayClient);
+        RegisteredClient certificateClient = RegisteredClient.withId(UUID.randomUUID().toString())
+                .clientId("certificate-authority-client")
+                .clientSecret(bCryptPasswordEncoder.encode("certificate-authority-secret"))
+                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+                // 回调地址（授权码返回地址）
+                .redirectUris(uris -> uris.addAll(
+                        List.of(
+                                "http://127.0.0.1:8092/login/oauth2/code/messaging-client-oidc",
+                                "http://127.0.0.1:9529/callback"
+                        )
+                ))
+                .postLogoutRedirectUri("http://127.0.0.1:8082/logged-out")
+                .scope(OidcScopes.OPENID)
+                .scope(OidcScopes.PROFILE)
+                .scope("certificate.read")
+                .scope("certificate.write")
+                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
+                .tokenSettings(TokenSettings.builder()
+                        .accessTokenTimeToLive(Duration.ofHours(1))
+                        .refreshTokenTimeToLive(Duration.ofHours(10))
+                        .build())
+                .build();
+
+
+        return new InMemoryRegisteredClientRepository(oidcClient,gatewayClient, certificateClient);
     }
 }