chore: add config for DCR public/private client (#36)

Author: kosmoz

config/config.go

@@ -18,10 +18,30 @@ type Config struct {
 }
 
 type Authorization struct {
-	Server                           string `yaml:"server" json:"server"`
-	ServerMetadataProxyEnabled       bool   `yaml:"serverMetadataProxyEnabled" json:"serverMetadataProxyEnabled"`
-	AuthorizationProxyEnabled        bool   `yaml:"authorizationProxyEnabled" json:"authorizationProxyEnabled"`
-	DynamicClientRegistrationEnabled bool   `yaml:"dynamicClientRegistrationEnabled" json:"dynamicClientRegistrationEnabled"`
+	Server                     string `yaml:"server" json:"server"`
+	ServerMetadataProxyEnabled bool   `yaml:"serverMetadataProxyEnabled" json:"serverMetadataProxyEnabled"`
+	AuthorizationProxyEnabled  bool   `yaml:"authorizationProxyEnabled" json:"authorizationProxyEnabled"`
+	// DynamicClientRegistrationEnabled
+	//
+	// Deprecated: use DynamicClientRegistration instead
+	DynamicClientRegistrationEnabled *bool                      `yaml:"dynamicClientRegistrationEnabled" json:"dynamicClientRegistrationEnabled"`
+	DynamicClientRegistration        *DynamicClientRegistration `yaml:"dynamicClientRegistration" json:"dynamicClientRegistration"`
+}
+
+func (c *Authorization) GetDynamicClientRegistration() DynamicClientRegistration {
+	if c.DynamicClientRegistration != nil {
+		return *c.DynamicClientRegistration
+	} else if c.DynamicClientRegistrationEnabled != nil && *c.DynamicClientRegistrationEnabled {
+		return DynamicClientRegistration{true, true}
+	} else {
+		return DynamicClientRegistration{false, false}
+	}
+
+}
+
+type DynamicClientRegistration struct {
+	Enabled      bool `yaml:"enabled" json:"enabled"`
+	PublicClient bool `yaml:"publicClient" json:"publicClient"`
 }
 
 type DexGRPCClient struct {
@@ -122,7 +142,7 @@ func (c *Config) Validate() error {
 		return fmt.Errorf("authorization server is required")
 	}
 
-	if c.Authorization.DynamicClientRegistrationEnabled {
+	if c.Authorization.GetDynamicClientRegistration().Enabled {
 		if !c.Authorization.ServerMetadataProxyEnabled {
 			return fmt.Errorf("serverMetadataProxyEnabled must be true when dynamicClientRegistrationEnabled is true")
 		}

examples/who-am-i/docker-compose.yaml

@@ -40,7 +40,7 @@ services:
         required: true
 
   who-am-i:
-    image: ghcr.io/hyprmcp/mcp-who-am-i:0.1.1
+    image: ghcr.io/hyprmcp/mcp-who-am-i:0.1.2
     ports:
       - 3000:3000
 

oauth/authorization_server_metadata.go

@@ -22,7 +22,7 @@ func NewAuthorizationServerMetadataHandler(config *config.Config) http.Handler {
 			http.Error(w, "Failed to retrieve authorization server metadata", http.StatusInternalServerError)
 		}
 
-		if config.Authorization.DynamicClientRegistrationEnabled {
+		if config.Authorization.GetDynamicClientRegistration().Enabled {
 			if _, ok := metadata["registration_endpoint"]; !ok {
 				registrationURI, _ := url.Parse(config.Host.String())
 				registrationURI.Path = DynamicClientRegistrationPath

oauth/dynamic_client_registration.go

@@ -54,6 +54,10 @@ func NewDynamicClientRegistrationHandler(config *config.Config, meta map[string]
 			Public:       true,
 		}
 
+		if !config.Authorization.GetDynamicClientRegistration().PublicClient {
+			client.Secret = genRandom()
+		}
+
 		clientResponse, err := dexClient.CreateClient(r.Context(), &api.CreateClientReq{Client: &client})
 		if err != nil {
 			log.Get(r.Context()).Error(err, "failed to create client")

oauth/oauth.go

@@ -63,7 +63,7 @@ func (mgr *Manager) Register(mux *http.ServeMux) error {
 		mux.Handle(AuthorizationServerMetadataPath, NewAuthorizationServerMetadataHandler(mgr.config))
 	}
 
-	if mgr.config.Authorization.DynamicClientRegistrationEnabled {
+	if mgr.config.Authorization.GetDynamicClientRegistration().Enabled {
 		if handler, err := NewDynamicClientRegistrationHandler(mgr.config, mgr.authServerMeta); err != nil {
 			return err
 		} else {