From 81150ab0e88a43c07b1bbca01c70dbd9d0cbc362 Mon Sep 17 00:00:00 2001
From: "Aeneas Rekkas (arekkas)" <aeneas@ory.am>
Date: Mon, 25 Jul 2016 14:32:04 +0200
Subject: [PATCH] cmd: introduce FORCE_ROOT_CLIENT_CREDENTIALS env var

closes #140
---
 cmd/host.go           |  5 +++++
 cmd/server/handler.go | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/cmd/host.go b/cmd/host.go
index bd82a8f4d45..b243daf75e8 100644
--- a/cmd/host.go
+++ b/cmd/host.go
@@ -43,6 +43,11 @@ This command supports the following environment variables:
 - SYSTEM_SECRET: A secret that is at least 16 characters long. If none is provided, one will be generated. They key
 	is used to encrypt sensitive data using AES-GCM (256 bit) and validate HMAC signatures.
 
+- FORCE_ROOT_CLIENT_CREDENTIALS: On first start up, Hydra generates a root client with random id and secret. Use
+	this environment variable in the form of "FORCE_ROOT_CLIENT_CREDENTIALS=id:secret" to set
+	the client id and secret yourself.
+
+
 - HTTPS_TLS_CERT_PATH: The path to the TLS certificate (pem encoded).
 - HTTPS_TLS_KEY_PATH: The path to the TLS private key (pem encoded).
 - HTTPS_TLS_CERT: A pem encoded TLS certificate passed as string. Can be used instead of HTTPS_TLS_CERT_PATH.
diff --git a/cmd/server/handler.go b/cmd/server/handler.go
index c4a728bad3a..099c88bd749 100644
--- a/cmd/server/handler.go
+++ b/cmd/server/handler.go
@@ -14,6 +14,8 @@ import (
 	"github.com/ory-am/hydra/policy"
 	"github.com/ory-am/hydra/warden"
 	"github.com/ory-am/ladon"
+	"os"
+	"strings"
 )
 
 type Handler struct {
@@ -86,8 +88,21 @@ func (h *Handler) createRootIfNewInstall(c *config.Config) {
 	pkg.Must(err, "Could notgenerate secret because %s", err)
 	secret := string(rs)
 
+	id := ""
+	forceRoot := os.Getenv("FORCE_ROOT_CLIENT_CREDENTIALS")
+	if forceRoot != "" {
+		credentials := strings.Split(forceRoot, ":")
+		if len(credentials) == 2 {
+			id = credentials[0]
+			secret = credentials[1]
+		} else {
+			logrus.Warnln("You passed malformed root client credentials, falling back to random values.")
+		}
+	}
+
 	logrus.Warn("No clients were found. Creating a temporary root client...")
 	root := &client.Client{
+		ID: id,
 		Name:          "This temporary client is generated by hydra and is granted all of hydra's administrative privileges. It must be removed when everything is set up.",
 		ResponseTypes: []string{"id_token", "code", "token"},
 		GrantTypes:    []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"},