feat: integrate idpyoidc server into app lifespan

src/fastapi_oidc_op/app.py

@@ -16,6 +16,7 @@ from fastapi_oidc_op.authn.webauthn import WebAuthnService
 from fastapi_oidc_op.config import Settings, StorageBackend
 from fastapi_oidc_op.invite.service import MagicLinkService
 from fastapi_oidc_op.manage.routes import router as manage_router
+from fastapi_oidc_op.oidc.provider import create_oidc_server
 from fastapi_oidc_op.store.sqlite.migrations import run_migrations
 from fastapi_oidc_op.store.sqlite.repositories import (
     SQLiteCredentialRepository,
@@ -57,6 +58,24 @@ async def lifespan(app: FastAPI) -> AsyncIterator[None]:
             ttl=settings.invite_ttl,
         )
 
+        # OIDC Server
+        oidc_server = create_oidc_server(settings)
+        app.state.oidc_server = oidc_server
+
+        # Register management client
+        manage_secret = settings.session_secret or secrets.token_hex(32)
+        oidc_server.context.cdb[settings.manage_client_id] = {
+            "client_id": settings.manage_client_id,
+            "client_secret": manage_secret,
+            "redirect_uris": [(f"{settings.issuer}/manage/callback", {})],
+            "response_types_supported": ["code"],
+            "token_endpoint_auth_method": "client_secret_basic",
+            "scope": ["openid", "profile", "email"],
+            "allowed_scopes": ["openid", "profile", "email"],
+            "client_salt": secrets.token_hex(8),
+        }
+        oidc_server.keyjar.add_symmetric(settings.manage_client_id, manage_secret)
+
         yield
         await db.close()
     else: