Allow disabling registration, add Interactive module with tools

lib/sso_bsn/accounts.ex

@@ -60,6 +60,7 @@ defmodule SsoBsn.Accounts do
 
   """
   def register_user(attrs) do
+    if not Application.get_env(:sso_bsn, :enable_registration, false), do: raise "Cannot register a user: disabled"
     %User{}
     |> User.registration_changeset(attrs)
     |> Repo.insert()

lib/sso_bsn/interactive.ex

@@ -0,0 +1,47 @@
+defmodule SsoBsn.Interactive do
+  def allow_registrations(allow \\ true),
+    do: Application.put_env(:sso_bsn, :enable_registration, allow)
+
+  def migrate(),
+    do:
+      Ecto.Migrator.run(SsoBsn.Repo, Application.app_dir(:sso_bsn, "priv/repo/migrations"), :up,
+        all: true
+      )
+
+  def add_oauth_client(name, redirects, opts \\ []) do
+    id = SecureRandom.uuid()
+    secret = SecureRandom.hex(64)
+
+    Boruta.Ecto.Admin.create_client(
+      %{
+        # OAuth client_id
+        id: id,
+        # OAuth client_secret
+        secret: secret,
+        # Display name
+        name: name,
+        # OAuth client redirect_uris
+        redirect_uris: redirects,
+        # PKCE enabled
+        pkce: false,
+        # do not require client_secret for refreshing tokens
+        public_refresh_token: true,
+        # do not require client_secret for revoking tokens
+        public_revoke: false,
+        # see OAuth 2.0 confidentiality (requires client secret for some flows)
+        confidential: false,
+        # activable client authentication methods
+        token_endpoint_auth_methods: [
+          "client_secret_basic",
+          "client_secret_post",
+          "client_secret_jwt",
+          "private_key_jwt"
+        ]
+      }
+      |> Map.merge(opts |> Enum.into(%{}))
+    )
+    |> dbg()
+
+    {id, secret}
+  end
+end