[Feature request] Import clients on startup #140
Comments
|
what rights should the imported clients have? |
|
You mean scopes? |
|
by default, clients aren't allowed to read/write json web keys, create new clients, ... |
|
Oh, I thought that's the "hydra" scope. Of course I need those rights to be added to the imported clients. Those are the clients for the IDP instances. and idp_clients.json: Alll other clients that don't need admin rights will be created with |
|
we should figure out some better semantics - |
|
something like: |
|
If this client is only described by id/secret then a file is pointless and parameters will leak via /proc. So maybe good old env variable checked when client is starting? |
|
Ok just to check - so this would be fine for you? |
|
Yes, base64 of id:secret. Thought it might help with binary passwords.
No, that's the |
|
Oh yes, sorry. Looked like a peculiar env export :) I don't think accepting binary passwords is worth the extra function invocation. |
|
And with base64() I won't be able to fit this into docker-compose file... |
You're right - let's keep it simple :) |
* warden: rename `assertion` to `token` - closes #158 * config: do not log database credentials - closes #147 * oauth2: upgrade fosite - close #160 * config: do not store database config in hydra config - closes #164 * oauth2: id_token at_hash / c_hash is null - closes #129 * jwk: improve error message of wrong system secrect - closes #104 * readme: improve images, add benchmarks - closes #161 * cmd: improve connect dialogue - closes #170 * cmd: fix --dry option - closes #157 * firewall: document warden interface sdk * readme: link openid connect and oauth2 introduction * cmd: introduce FORCE_ROOT_CLIENT_CREDENTIALS env var - closes #140 * readme: document error redirect to identity provider - closes #96 * internal: fosite store must be consistent to avoid errors - closes #176 * client: add GetConcreteClient to http manager * cmd: host process now logs basic information on all http requests - closes #178 * all: add memory profiling - closes #179 * warden: resolve nil pointer issue - closes #181 * cmd: clean up env to struct mapping, add more controls * cmd: bcrypt cost should be configurable - closes #184 * cmd: token lifespans should be configurable - closes #183 * cmd: resolve issues with envirnoment config - closes #182 * cmd: implement tls termination capability - closes #177 * cmd: resolve issues with redirect logic and TLS * oauth2: implement default oauth2 consent endpoint - closes #185 * warden - closes #188 * oauth2: id token claims should be set by using id_token - closes #188 * oauth2: oauth2 implicit flow should allow custom protocols - closes #180 * oauth2: core scope should not be mandatory - closes #189 * warden: warden sdk should not make distinction between token and request - closes #190 * warden: rename authorized / allowed endpoints to something more meaningful - closes #162 * ci: improve travis config
Can we have an option to import clients when hydra's starting? Something like:
and clients.json:
There's
hydra clients import client.json, but it needs client's credentials and I don't want to paste this every time from command line.Use case:
The text was updated successfully, but these errors were encountered: