patch browse 
10 files changed, 396 insertions(+), 97 deletions(-)

A => bearer.go
M go.mod
M go.sum
A => input.go
A => interfaces.go
A => models.go
M oauth2_clients.go
M oauth2_grants.go
M routes.go
M schema.sql

A => bearer.go +169 -0
@@ 0,0 1,169 @@ 
+package oauth2
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"git.sr.ht/~sircmpwn/go-bare"
+	"hg.code.netlandish.com/~netlandish/gobwebs/crypto"
+)
+
+// TokenVersion ...
+const TokenVersion uint = 0
+
+// Timestamp ...
+type Timestamp int64
+
+// Time ...
+func (t Timestamp) Time() time.Time {
+	return time.Unix(int64(t), 0).UTC()
+}
+
+// ToTimestamp ...
+func ToTimestamp(t time.Time) Timestamp {
+	return Timestamp(t.UTC().Unix())
+}
+
+// BearerToken ...
+type BearerToken struct {
+	Version  uint
+	Expires  Timestamp
+	Grants   string
+	ClientID string
+	UserID   int
+}
+
+// Encode ...
+func (bt *BearerToken) Encode(ctx context.Context) string {
+	kw := crypto.KWForContext(ctx)
+	plain, err := bare.Marshal(bt)
+	if err != nil {
+		panic(err)
+	}
+	enc, err := crypto.EncryptBytesB64(plain, kw.Keys[0])
+	if err != nil {
+		panic(err)
+	}
+	return enc
+}
+
+// DecodeBearerToken ...
+func DecodeBearerToken(ctx context.Context, token string) *BearerToken {
+	var (
+		found   bool
+		payload []byte
+		err     error
+	)
+	kw := crypto.KWForContext(ctx)
+	if len(kw.Keys) == 0 {
+		panic(fmt.Errorf("no crypto keys provided in KeyWallet instance"))
+	}
+
+	for _, key := range kw.Keys {
+		payload, err = crypto.DecryptBytesB64(token, key)
+		if err != nil {
+			log.Printf("Invalid bearer token: %v", err)
+			continue
+		}
+		found = true
+		break
+	}
+	if !found {
+		log.Printf("Invalid bearer token (exhausted all keys): %v", err)
+		return nil
+	}
+
+	var bt BearerToken
+	err = bare.Unmarshal(payload, &bt)
+	if err != nil {
+		log.Printf("Invalid bearer token: BARE unmarshal failed: %v", err)
+		return nil
+	}
+	if bt.Version != TokenVersion {
+		log.Printf("Invalid bearer token: invalid token version")
+		return nil
+	}
+	if time.Now().UTC().After(bt.Expires.Time()) {
+		log.Printf("Invalid bearer token: token expired")
+		return nil
+	}
+	return &bt
+}
+
+const (
+	// RO ...
+	RO = "RO"
+	// RW ...
+	RW = "RW"
+)
+
+// Grants ...
+type Grants struct {
+	ReadOnly bool
+
+	all     bool
+	grants  map[string]string
+	encoded string
+}
+
+// DecodeGrants ...
+func DecodeGrants(grants string) Grants {
+	if grants == "" {
+		// All permissions
+		return Grants{
+			all:     true,
+			grants:  nil,
+			encoded: "",
+		}
+	}
+	accessMap := make(map[string]string)
+	for _, grant := range strings.Split(grants, " ") {
+		var (
+			access string
+		)
+		parts := strings.Split(grant, ":")
+		scope := parts[0]
+		if len(parts) == 1 {
+			access = "RO"
+		} else {
+			access = parts[1]
+		}
+		accessMap[scope] = access
+	}
+	return Grants{
+		all:     false,
+		grants:  accessMap,
+		encoded: grants,
+	}
+}
+
+// Has ...
+func (g *Grants) Has(grant string, mode string) bool {
+	if mode != RO && mode != RW {
+		panic("Invalid access mode")
+	}
+	if g.ReadOnly && mode == RW {
+		return false
+	}
+
+	if g.all {
+		return true
+	}
+
+	access, ok := g.grants[grant]
+	if !ok {
+		return false
+	}
+	if mode == RO {
+		return true
+	}
+	return mode == access
+}
+
+// Encode ...
+func (g *Grants) Encode() string {
+	return g.encoded
+}

          
M go.mod +16 -12
@@ 3,9 3,16 @@ module hg.code.netlandish.com/~netlandis
 go 1.18
 
 require (
+	git.sr.ht/~sircmpwn/go-bare v0.0.0-20210406120253-ab86bc2846d9
+	github.com/Masterminds/squirrel v1.5.4
+	github.com/labstack/echo/v4 v4.10.2
+	github.com/segmentio/ksuid v1.0.4
+	hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230425200922-0a998d338bdd
+)
+
+require (
 	git.sr.ht/~sircmpwn/dowork v0.0.0-20221010085743-46c4299d76a1 // indirect
 	github.com/99designs/gqlgen v0.17.29 // indirect
-	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20220113124808-70ae35bab23f // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387 // indirect

          
@@ 17,9 24,9 @@ require (
 	github.com/emersion/go-message v0.15.0 // indirect
 	github.com/emersion/go-pgpmail v0.2.0 // indirect
 	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-playground/validator/v10 v10.10.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.12.0 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.1.1 // indirect

          
@@ 28,11 35,10 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.13.5 // indirect
 	github.com/klauspost/cpuid v1.3.1 // indirect
-	github.com/labstack/echo/v4 v4.10.2 // indirect
 	github.com/labstack/gommon v0.4.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/leodido/go-urn v1.2.2 // indirect
 	github.com/lib/pq v1.10.4 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect

          
@@ 49,20 55,18 @@ require (
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rs/xid v1.2.1 // indirect
-	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/spazzymoto/echo-scs-session v1.0.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec // indirect
 	github.com/vektah/gqlparser/v2 v2.5.1 // indirect
-	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/ini.v1 v1.57.0 // indirect
-	hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230425001539-2024875947c8 // indirect
 	petersanchez.com/carrier v0.1.1 // indirect
 )

          
M go.sum +43 -32
@@ 33,6 33,9 @@ cloud.google.com/go/storage v1.10.0/go.m
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 git.sr.ht/~sircmpwn/dowork v0.0.0-20221010085743-46c4299d76a1 h1:EvPKkneKkF/f7zEgKPqIZVyj3jWO8zSmsBOvMhAGqMA=
 git.sr.ht/~sircmpwn/dowork v0.0.0-20221010085743-46c4299d76a1/go.mod h1:8neHEO3503w/rNtttnR0JFpQgM/GFhaafVwvkPsFIDw=
+git.sr.ht/~sircmpwn/getopt v0.0.0-20191230200459-23622cc906b3/go.mod h1:wMEGFFFNuPos7vHmWXfszqImLppbc0wEhh6JBfJIUgw=
+git.sr.ht/~sircmpwn/go-bare v0.0.0-20210406120253-ab86bc2846d9 h1:Ahny8Ud1LjVMMAlt8utUFKhhxJtwBAualvsbc/Sk7cE=
+git.sr.ht/~sircmpwn/go-bare v0.0.0-20210406120253-ab86bc2846d9/go.mod h1:BVJwbDfVjCjoFiKrhkei6NdGcZYpkDkdyCdg1ukytRA=
 github.com/99designs/gqlgen v0.17.29 h1:z2MrNOFATCVgQLRCF6Uufz4uz2IQLB5BBMwPUMafJOA=
 github.com/99designs/gqlgen v0.17.29/go.mod h1:i4rEatMrzzu6RXaHydq1nmEPZkb3bKQsnxNRHS4DQB4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=

          
@@ 57,7 60,9 @@ github.com/alexedwards/scs/postgresstore
 github.com/alexedwards/scs/v2 v2.4.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
 github.com/alexedwards/scs/v2 v2.5.1 h1:EhAz3Kb3OSQzD8T+Ub23fKsiuvE0GzbF5Lgn0uTwM3Y=
 github.com/alexedwards/scs/v2 v2.5.1/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
+github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
+github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=

          
@@ 72,10 77,11 @@ github.com/chzyer/readline v0.0.0-201806
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=

          
@@ 100,13 106,13 @@ github.com/go-logfmt/logfmt v0.3.0/go.mo
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
-github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI=
+github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=

          
@@ 150,6 156,7 @@ github.com/google/go-cmp v0.5.0/go.mod h
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=

          
@@ 165,10 172,10 @@ github.com/google/uuid v1.1.1 h1:Gkbcsh/
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/gopherjs/gopherjs v0.0.0-20220221023154-0b2280d3ff96 h1:QJq7UBOuoynsywLk+aC75rC2Cbi2+lQRDaLaizhA+fA=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru/v2 v2.0.1 h1:5pv5N1lT1fjLg2VQ5KWc7kmucp2x/kvFOnxuVTqZ6x4=
 github.com/hashicorp/golang-lru/v2 v2.0.1/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=

          
@@ 181,6 188,7 @@ github.com/json-iterator/go v1.1.12 h1:P
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=

          
@@ 193,11 201,8 @@ github.com/konsorten/go-windows-terminal
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/labstack/echo/v4 v4.3.0/go.mod h1:PvmtTvhVqKDzDQy4d3bWzPjZLzom4iQbAZy2sgZ/qI8=
 github.com/labstack/echo/v4 v4.10.2 h1:n1jAhnq/elIFTHr1EYpiYtyKgx4RW9ccVgkqByZaN2M=
 github.com/labstack/echo/v4 v4.10.2/go.mod h1:OEyqf2//K1DFdE57vw2DRgWY0M7s65IVQO2FzvI4J5k=

          
@@ 208,8 213,8 @@ github.com/lann/builder v0.0.0-201808022
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.2.2 h1:7z68G0FCGvDk646jz1AelTYNYWrTNm0bEcFAo147wt4=
+github.com/leodido/go-urn v1.2.2/go.mod h1:kUaIbLZWttglzwNuG0pgsh5vuV6u2YcGBYz1hIPjtOQ=
 github.com/lib/pq v1.4.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk=
 github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=

          
@@ 247,10 252,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=

          
@@ 278,27 283,35 @@ github.com/prometheus/procfs v0.7.3/go.m
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
+github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
+github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/smartystreets/assertions v1.2.1 h1:bKNHfEv7tSIjZ8JbKaFjzFINljxG4lzZvmHUnElzOIg=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/spazzymoto/echo-scs-session v1.0.0 h1:2m1AHXRCSY9j6fjz0MpuIE/3L9GiHk1kux5mhhQh3WI=
 github.com/spazzymoto/echo-scs-session v1.0.0/go.mod h1:wd6nyO726b2b1+w+IBHYEG5vY+MqUYSnbBJFcTeWwOM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=

          
@@ 324,11 337,10 @@ golang.org/x/crypto v0.0.0-2019060512303
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

          
@@ 393,8 405,8 @@ golang.org/x/net v0.0.0-20210525063256-a
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

          
@@ 454,14 466,13 @@ golang.org/x/sys v0.0.0-20210423082822-0
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

          
@@ 471,8 482,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9s
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

          
@@ 604,7 615,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=

          
@@ 614,13 624,14 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XB
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230420010146-72d7927457af h1:NJoWSCJ9qp8vhmUF0qMRrODJGsNVpnKgxpo7ViOiQkQ=
-hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230420010146-72d7927457af/go.mod h1:ZQOJcrnVvJYk+Ophr5PPq2sh8knLxwtvVIJS3/RjV+c=
-hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230425001539-2024875947c8 h1:+tBiSehFsB2nmtd6tovWsfooEuiobeIvbqoY2I0tOt0=
-hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230425001539-2024875947c8/go.mod h1:ZQOJcrnVvJYk+Ophr5PPq2sh8knLxwtvVIJS3/RjV+c=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230425200922-0a998d338bdd h1:l2Z28g5798LK5/jkAPozA6hBqKjHgOcNjJfU9fAoew4=
+hg.code.netlandish.com/~netlandish/gobwebs v0.0.0-20230425200922-0a998d338bdd/go.mod h1:+gStIFMqfW/W36PtW25x86MFS0FtXzbhnltOcB6hNf4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

          
A => input.go +35 -0
@@ 0,0 1,35 @@ 
+package oauth2
+
+import (
+	"fmt"
+
+	"github.com/labstack/echo/v4"
+	"hg.code.netlandish.com/~netlandish/gobwebs/validate"
+)
+
+type AddClientForm struct {
+	Name        string `form:"name" validate:"required"`
+	Description string `form:"description" validate:"-"`
+	RedirectURL string `form:"redirect_url" validate:"required,http_url"`
+	ClientURL   string `form:"client_url" validate:"http_url"`
+}
+
+func (a *AddClientForm) Validate(c echo.Context) error {
+	// Binding each field specifically to use BindErrors
+	errs := validate.FormFieldBinder(c, a).
+		FailFast(false).
+		String("name", &a.Name).
+		String("description", &a.Description).
+		String("redirect_url", &a.RedirectURL).
+		String("client_url", &a.ClientURL).
+		BindErrors()
+	if errs != nil {
+		return validate.GetInputErrors(errs)
+	}
+
+	if err := c.Validate(a); err != nil {
+		return err
+	}
+	fmt.Println("foo")
+	return nil
+}

          
A => interfaces.go +9 -0
@@ 0,0 1,9 @@ 
+package oauth2
+
+import "github.com/labstack/echo/v4"
+
+// Helper is an interface to allow you to customize behavior
+// after a specific action from the application routes
+type Helper interface {
+	ProcessSuccessfulClientAdd(c echo.Context) error
+}

          
A => models.go +30 -0
@@ 0,0 1,30 @@ 
+package oauth2
+
+import "time"
+
+// Client ...
+type Client struct {
+	ID            int       `db:"id"`
+	OwnerID       int       `db:"owner_id"`
+	Name          string    `db:"name"`
+	Description   string    `db:"description"`
+	Key           string    `db:"key"`
+	SecretHash    string    `db:"secret_hash"`
+	SecretPartial string    `db:"secret_partial"`
+	RedirectURL   string    `db:"redirect_url"`
+	ClientURL     string    `db:"client_url"`
+	Revoked       bool      `db:"revoked"`
+	CreatedOn     time.Time `db:"created_on"`
+	UpdatedOn     time.Time `db:"updated_on"`
+}
+
+// Grant ...
+type Grant struct {
+	ID        int       `db:"id"`
+	Issued    time.Time `db:"issued"`
+	Expires   time.Time `db:"expires"`
+	Comment   time.Time `db:"comment"`
+	TokenHash string    `db:"token_hash"`
+	UserID    int       `db:"user_id"`
+	ClientID  int       `db:"client_id"`
+}

          
M oauth2_clients.go +36 -31
@@ 2,30 2,18 @@ package oauth2
 
 import (
 	"context"
+	"crypto/rand"
+	"crypto/sha512"
 	"database/sql"
+	"encoding/base64"
+	"encoding/hex"
 	"fmt"
-	"time"
 
 	sq "github.com/Masterminds/squirrel"
+	"github.com/segmentio/ksuid"
 	"hg.code.netlandish.com/~netlandish/gobwebs/database"
 )
 
-// Client ...
-type Client struct {
-	ID                  int       `db:"id"`
-	OwnerID             int       `db:"owner_id"`
-	ClientName          string    `db:"client_name"`
-	ClientDescription   string    `db:"client_description"`
-	ClientKey           string    `db:"client_key"`
-	ClientSecretHash    string    `db:"client_secret_hash"`
-	ClientSecretPartial string    `db:"client_secret_partial"`
-	RedirectURL         string    `db:"redirect_url"`
-	ClientURL           string    `db:"client_url"`
-	Revoked             bool      `db:"revoked"`
-	CreatedOn           time.Time `db:"created_on"`
-	UpdatedOn           time.Time `db:"updated_on"`
-}
-
 // GetClients retuns oauth2 clients using the given filters
 func GetClients(ctx context.Context, opts *database.FilterOptions) ([]*Client, error) {
 	if opts == nil {

          
@@ 35,8 23,8 @@ func GetClients(ctx context.Context, opt
 	if err := database.WithTx(ctx, database.TxOptionsRO, func(tx *sql.Tx) error {
 		q := opts.GetBuilder(nil)
 		rows, err := q.
-			Columns("id", "owner_id", "client_name", "client_description", "client_key",
-				"client_secret_hash", "client_secret_partial", "redirect_url", "client_url",
+			Columns("id", "owner_id", "name", "description", "key",
+				"secret_hash", "secret_partial", "redirect_url", "client_url",
 				"revoked", "created_on", "updated_on").
 			From("oauth2_clients").
 			PlaceholderFormat(sq.Dollar).

          
@@ 52,8 40,8 @@ func GetClients(ctx context.Context, opt
 
 		for rows.Next() {
 			var c Client
-			if err = rows.Scan(&c.ID, &c.OwnerID, &c.ClientName, &c.ClientDescription, &c.ClientKey,
-				&c.ClientSecretHash, &c.ClientSecretPartial, &c.RedirectURL, &c.ClientURL,
+			if err = rows.Scan(&c.ID, &c.OwnerID, &c.Name, &c.Description, &c.Key,
+				&c.SecretHash, &c.SecretPartial, &c.RedirectURL, &c.ClientURL,
 				&c.Revoked, &c.CreatedOn, &c.UpdatedOn); err != nil {
 				return err
 			}

          
@@ 73,11 61,11 @@ func (c *Client) Store(ctx context.Conte
 		if c.ID == 0 {
 			err = sq.
 				Insert("oauth2_clients").
-				Columns("owner_id", "client_name", "client_description", "client_key",
-					"client_secret_hash", "client_secret_partial", "redirect_url", "client_url",
+				Columns("owner_id", "name", "description", "key",
+					"secret_hash", "secret_partial", "redirect_url", "client_url",
 					"revoked").
-				Values(c.OwnerID, c.ClientName, c.ClientDescription, c.ClientKey,
-					c.ClientSecretHash, c.ClientSecretPartial, c.RedirectURL, c.ClientURL,
+				Values(c.OwnerID, c.Name, c.Description, c.Key,
+					c.SecretHash, c.SecretPartial, c.RedirectURL, c.ClientURL,
 					c.Revoked).
 				Suffix(`RETURNING id, created_on, updated_on`).
 				PlaceholderFormat(sq.Dollar).

          
@@ 87,11 75,11 @@ func (c *Client) Store(ctx context.Conte
 			err = sq.
 				Update("oauth2_clients").
 				Set("owner_id", c.OwnerID).
-				Set("client_name", c.ClientName).
-				Set("client_description", c.ClientDescription).
-				Set("client_key", c.ClientKey).
-				Set("client_secret_hash", c.ClientSecretHash).
-				Set("client_secret_partial", c.ClientSecretPartial).
+				Set("name", c.Name).
+				Set("description", c.Description).
+				Set("key", c.Key).
+				Set("secret_hash", c.SecretHash).
+				Set("secret_partial", c.SecretPartial).
 				Set("redirect_url", c.RedirectURL).
 				Set("client_url", c.ClientURL).
 				Set("revoked", c.Revoked).

          
@@ 106,7 94,24 @@ func (c *Client) Store(ctx context.Conte
 	return err
 }
 
-// Delete will delete this rate
+// GenerateKeys will create keys for client
+func (c *Client) GenerateKeys() {
+	var seed [64]byte
+	n, err := rand.Read(seed[:])
+	if err != nil || n != len(seed) {
+		panic(err)
+	}
+	secret := base64.StdEncoding.EncodeToString(seed[:])
+	hash := sha512.Sum512(seed[:])
+	partial := secret[:8]
+	clientID := ksuid.New()
+
+	c.Key = clientID.String()
+	c.SecretHash = hex.EncodeToString(hash[:])
+	c.SecretPartial = partial
+}
+
+// Delete will delete this client
 func (c *Client) Delete(ctx context.Context) error {
 	if c.ID == 0 {
 		return fmt.Errorf("Client object is not populated")

          
M oauth2_grants.go +0 -12
@@ 4,23 4,11 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"time"
 
 	sq "github.com/Masterminds/squirrel"
 	"hg.code.netlandish.com/~netlandish/gobwebs/database"
 )
 
-// Grant ...
-type Grant struct {
-	ID        int       `db:"id"`
-	Issued    time.Time `db:"issued"`
-	Expires   time.Time `db:"expires"`
-	Comment   time.Time `db:"comment"`
-	TokenHash string    `db:"token_hash"`
-	UserID    int       `db:"user_id"`
-	ClientID  int       `db:"client_id"`
-}
-
 // GetGrants retuns oauth2 grants using the given filters
 func GetGrants(ctx context.Context, opts *database.FilterOptions) ([]*Grant, error) {
 	if opts == nil {

          
M routes.go +53 -5
@@ 2,9 2,11 @@ package oauth2
 
 import (
 	"fmt"
+	"net/http"
 
 	sq "github.com/Masterminds/squirrel"
 	"github.com/labstack/echo/v4"
+	"hg.code.netlandish.com/~netlandish/gobwebs"
 	"hg.code.netlandish.com/~netlandish/gobwebs/accounts"
 	"hg.code.netlandish.com/~netlandish/gobwebs/database"
 	"hg.code.netlandish.com/~netlandish/gobwebs/server"

          
@@ 12,26 14,69 @@ import (
 
 // Service is the base accounts service struct
 type Service struct {
-	name string
-	eg   *echo.Group
+	name   string
+	eg     *echo.Group
+	helper Helper
 }
 
 // RegisterRoutes ...
 func (s *Service) RegisterRoutes() {
 	s.eg.Use(accounts.AuthRequired())
 	s.eg.GET("/clients", s.ListClients).Name = s.RouteName("list_clients")
+	s.eg.GET("/clients/add", s.AddClient).Name = s.RouteName("add_client")
+	s.eg.POST("/clients/add", s.AddClient).Name = s.RouteName("add_client_post")
 }
 
 // ListClients ...
 func (s *Service) ListClients(c echo.Context) error {
 	gctx := c.(*server.Context)
 	opts := &database.FilterOptions{
-		Filter: sq.Eq{"user_id": gctx.User.GetID()},
+		Filter: sq.Eq{"owner_id": gctx.User.GetID()},
 	}
 	clients, err := GetClients(c.Request().Context(), opts)
 	if err != nil {
 		return err
 	}
+	return gctx.Render(http.StatusOK, "oauth2_clients_list.html", gobwebs.Map{
+		"clients": clients,
+	})
+}
+
+// AddClient
+func (s *Service) AddClient(c echo.Context) error {
+	gctx := c.(*server.Context)
+	form := &AddClientForm{}
+	gmap := gobwebs.Map{
+		"form": form,
+	}
+
+	req := c.Request()
+	if req.Method == "POST" {
+		if err := form.Validate(c); err != nil {
+			gmap["errors"] = err
+			return gctx.Render(http.StatusOK, "oauth2_add_client.html", gmap)
+		}
+		client := &Client{
+			OwnerID:     int(gctx.User.GetID()),
+			Name:        form.Name,
+			Description: form.Description,
+			RedirectURL: form.RedirectURL,
+			ClientURL:   form.ClientURL,
+		}
+		client.GenerateKeys()
+		if err := client.Store(c.Request().Context()); err != nil {
+			return err
+		}
+		if s.helper != nil {
+			c.Set("client", client)
+			if err := s.helper.ProcessSuccessfulClientAdd(c); err != nil {
+				return err
+			}
+		}
+		gmap["client"] = client
+		return gctx.Render(http.StatusOK, "oauth2_add_client_done.html", gmap)
+	}
+	return gctx.Render(http.StatusOK, "oauth2_add_client.html", gmap)
 }
 
 // RouteName ...

          
@@ 40,8 85,11 @@ func (s *Service) RouteName(value string
 }
 
 // NewService return service
-func NewService(eg *echo.Group) *Service {
-	service := &Service{name: "oauth2", eg: eg}
+func NewService(eg *echo.Group, name string, helper Helper) *Service {
+	if name == "" {
+		name = "oauth2"
+	}
+	service := &Service{name: name, eg: eg, helper: helper}
 	service.RegisterRoutes()
 	return service
 }

          
M schema.sql +5 -5
@@ 14,11 14,11 @@ 
 CREATE TABLE oauth2_clients (
         id serial PRIMARY KEY,
         owner_id integer NOT NULL REFERENCES users (id) ON DELETE CASCADE NOT NULL,
-        client_name character varying(256) NOT NULL,
-        client_description character varying,
-        client_key character varying NOT NULL UNIQUE
-        client_secret_hash character varying(128) NOT NULL,
-        client_secret_partial character varying(8) NOT NULL,
+        name character varying(256) NOT NULL,
+        description character varying,
+        key character varying NOT NULL UNIQUE,
+        secret_hash character varying(128) NOT NULL,
+        secret_partial character varying(8) NOT NULL,
         redirect_url character varying,
         client_url character varying,
         revoked boolean DEFAULT false NOT NULL,