headless_lms_server/programs/seed/
seed_oauth_clients.rs1use std::str::FromStr;
2
3use headless_lms_models::{
4 library::oauth::{Digest, GrantTypeName, pkce},
5 oauth_client,
6};
7use sqlx::{Pool, Postgres};
8use uuid::Uuid;
9
10pub struct SeedOAuthClientsResult {
11 pub client_db_id: Uuid,
12}
13
14pub async fn seed_oauth_clients(db_pool: Pool<Postgres>) -> anyhow::Result<SeedOAuthClientsResult> {
15 info!("Inserting OAuth Clients");
16 let secret =
17 Digest::from_str("396b544a35b29f7d613452a165dcaebf4d71b80e981e687e91ce6d9ba9679cb2")
18 .unwrap(); let mut conn = db_pool.acquire().await?;
20 let redirect_uris = vec!["http://127.0.0.1:8765/callback".to_string()];
21 let scopes = vec![
22 "openid".to_string(),
23 "profile".to_string(),
24 "email".to_string(),
25 "offline_access".to_string(),
26 ];
27 let allowed_grant_types = vec![
28 GrantTypeName::AuthorizationCode,
29 GrantTypeName::RefreshToken,
30 ];
31 let pkce_methods_allowed = vec![pkce::PkceMethod::S256];
32 let new_client_parms = oauth_client::NewClientParams {
33 client_name: "Test Client",
34 application_type: oauth_client::ApplicationType::Web,
35 client_id: "test-client-id",
36 client_secret: Some(&secret), client_secret_expires_at: None,
38 redirect_uris: redirect_uris.as_slice(),
39 allowed_grant_types: &allowed_grant_types,
40 scopes: scopes.as_slice(),
41 origin: "http://localhost",
42 bearer_allowed: true,
43 pkce_methods_allowed: &pkce_methods_allowed,
44 post_logout_redirect_uris: None,
45 require_pkce: true,
46 token_endpoint_auth_method: oauth_client::TokenEndpointAuthMethod::ClientSecretPost,
47 };
48
49 let client = oauth_client::OAuthClient::insert(&mut conn, new_client_parms).await?;
50
51 Ok(SeedOAuthClientsResult {
52 client_db_id: client.id,
53 })
54}