*: ClientIdentityXXX -> ClientXXX

Get rid of all outdated "ClientIdentity" terminology.
10 years ago · e5948ab3ce
32 changed files with 220 additions and 220 deletions
--- a/admin/api.go
+++ b/admin/api.go
@ -16,11 +16,11 @@ import (

 // AdminAPI provides the logic necessary to implement the Admin API.
 type AdminAPI struct {
-	userManager        *manager.UserManager
-	userRepo           user.UserRepo
-	passwordInfoRepo   user.PasswordInfoRepo
-	clientIdentityRepo client.ClientIdentityRepo
-	localConnectorID   string
+	userManager      *manager.UserManager
+	userRepo         user.UserRepo
+	passwordInfoRepo user.PasswordInfoRepo
+	clientRepo       client.ClientRepo
+	localConnectorID string
 }

 // TODO(ericchiang): Swap the DbMap for a storage interface. See #278
@ -30,11 +30,11 @@ func NewAdminAPI(dbMap *gorp.DbMap, userManager *manager.UserManager, localConne
 		panic("must specify non-blank localConnectorID")
 	}
 	return &AdminAPI{
-		userManager:        userManager,
-		userRepo:           db.NewUserRepo(dbMap),
-		passwordInfoRepo:   db.NewPasswordInfoRepo(dbMap),
-		clientIdentityRepo: db.NewClientIdentityRepo(dbMap),
-		localConnectorID:   localConnectorID,
+		userManager:      userManager,
+		userRepo:         db.NewUserRepo(dbMap),
+		passwordInfoRepo: db.NewPasswordInfoRepo(dbMap),
+		clientRepo:       db.NewClientRepo(dbMap),
+		localConnectorID: localConnectorID,
 	}
 }

@ -136,7 +136,7 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem

 	cli.Credentials.ID = id

-	creds, err := a.clientIdentityRepo.New(cli)
+	creds, err := a.clientRepo.New(cli)
 	if err != nil {
 		return adminschema.ClientCreateResponse{}, mapError(err)
 	}
--- a/client/client.go
+++ b/client/client.go
@ -23,7 +23,7 @@ type Client struct {
 	Admin       bool
 }

-type ClientIdentityRepo interface {
+type ClientRepo interface {
 	Get(clientID string) (Client, error)

 	// Metadata returns one matching ClientMetadata if the given client
@ -37,10 +37,10 @@ type ClientIdentityRepo interface {
 	// to make these assertions will a non-nil error be returned.
 	Authenticate(creds oidc.ClientCredentials) (bool, error)

-	// All returns all registered Client Identities.
+	// All returns all registered Clients
 	All() ([]Client, error)

-	// New registers a ClientIdentity with the repo for the given metadata.
+	// New registers a Client with the repo.
 	// An unused ID must be provided. A corresponding secret will be returned
 	// in a ClientCredentials struct along with the provided ID.
 	New(client Client) (*oidc.ClientCredentials, error)
--- a/cmd/dexctl/driver_db.go
+++ b/cmd/dexctl/driver_db.go
@ -14,7 +14,7 @@ func newDBDriver(dsn string) (driver, error) {
 	}

 	drv := &dbDriver{
-		ciRepo:  db.NewClientIdentityRepo(dbc),
+		ciRepo:  db.NewClientRepo(dbc),
 		cfgRepo: db.NewConnectorConfigRepo(dbc),
 	}

@ -22,7 +22,7 @@ func newDBDriver(dsn string) (driver, error) {
 }

 type dbDriver struct {
-	ciRepo  client.ClientIdentityRepo
+	ciRepo  client.ClientRepo
 	cfgRepo *db.ConnectorConfigRepo
 }

--- a/db/client.go
+++ b/db/client.go
@ -18,7 +18,7 @@ import (
 )

 const (
-	clientIdentityTableName = "client_identity"
+	clientTableName = "client_identity"

 	bcryptHashCost = 10

@ -34,19 +34,18 @@ const (

 func init() {
 	register(table{
-		name:    clientIdentityTableName,
-		model:   clientIdentityModel{},
+		name:    clientTableName,
+		model:   clientModel{},
 		autoinc: false,
 		pkey:    []string{"id"},
 	})
 }

-func newClientIdentityModel(cli client.Client) (*clientIdentityModel, error) {
+func newClientModel(cli client.Client) (*clientModel, error) {
 	secretBytes, err := base64.URLEncoding.DecodeString(cli.Credentials.Secret)
 	if err != nil {
 		return nil, err
 	}
-
 	hashed, err := bcrypt.GenerateFromPassword([]byte(
 		secretBytes),
 		bcryptHashCost)
@ -59,7 +58,7 @@ func newClientIdentityModel(cli client.Client) (*clientIdentityModel, error) {
 		return nil, err
 	}

-	cim := clientIdentityModel{
+	cim := clientModel{
 		ID:       cli.Credentials.ID,
 		Secret:   hashed,
 		Metadata: string(bmeta),
@ -69,14 +68,14 @@ func newClientIdentityModel(cli client.Client) (*clientIdentityModel, error) {
 	return &cim, nil
 }

-type clientIdentityModel struct {
+type clientModel struct {
 	ID       string `db:"id"`
 	Secret   []byte `db:"secret"`
 	Metadata string `db:"metadata"`
 	DexAdmin bool   `db:"dex_admin"`
 }

-func (m *clientIdentityModel) Client() (*client.Client, error) {
+func (m *clientModel) Client() (*client.Client, error) {
 	ci := client.Client{
 		Credentials: oidc.ClientCredentials{
 			ID:     m.ID,
@ -92,16 +91,16 @@ func (m *clientIdentityModel) Client() (*client.Client, error) {
 	return &ci, nil
 }

-func NewClientIdentityRepo(dbm *gorp.DbMap) client.ClientIdentityRepo {
-	return newClientIdentityRepo(dbm)
+func NewClientRepo(dbm *gorp.DbMap) client.ClientRepo {
+	return newClientRepo(dbm)
 }

-func newClientIdentityRepo(dbm *gorp.DbMap) *clientIdentityRepo {
-	return &clientIdentityRepo{db: &db{dbm}}
+func newClientRepo(dbm *gorp.DbMap) *clientRepo {
+	return &clientRepo{db: &db{dbm}}
 }

-func NewClientIdentityRepoFromClients(dbm *gorp.DbMap, clients []client.Client) (client.ClientIdentityRepo, error) {
-	repo := newClientIdentityRepo(dbm)
+func NewClientRepoFromClients(dbm *gorp.DbMap, clients []client.Client) (client.ClientRepo, error) {
+	repo := newClientRepo(dbm)
 	tx, err := repo.begin()
 	if err != nil {
 		return nil, err
@ -112,7 +111,7 @@ func NewClientIdentityRepoFromClients(dbm *gorp.DbMap, clients []client.Client)
 		if c.Credentials.Secret == "" {
 			return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
 		}
-		cm, err := newClientIdentityModel(c)
+		cm, err := newClientModel(c)
 		if err != nil {
 			return nil, err
 		}
@ -127,13 +126,12 @@ func NewClientIdentityRepoFromClients(dbm *gorp.DbMap, clients []client.Client)
 	return repo, nil
 }

-type clientIdentityRepo struct {
+type clientRepo struct {
 	*db
 }

-func (r *clientIdentityRepo) Get(clientID string) (client.Client, error) {
-	m, err := r.executor(nil).Get(clientIdentityModel{}, clientID)
-
+func (r *clientRepo) Get(clientID string) (client.Client, error) {
+	m, err := r.executor(nil).Get(clientModel{}, clientID)
 	if err == sql.ErrNoRows || m == nil {
 		return client.Client{}, client.ErrorNotFound
 	}
@ -141,7 +139,7 @@ func (r *clientIdentityRepo) Get(clientID string) (client.Client, error) {
 		return client.Client{}, err
 	}

-	cim, ok := m.(*clientIdentityModel)
+	cim, ok := m.(*clientModel)
 	if !ok {
 		log.Errorf("expected clientModel but found %v", reflect.TypeOf(m))
 		return client.Client{}, errors.New("unrecognized model")
@ -155,7 +153,7 @@ func (r *clientIdentityRepo) Get(clientID string) (client.Client, error) {
 	return *ci, nil
 }

-func (r *clientIdentityRepo) Metadata(clientID string) (*oidc.ClientMetadata, error) {
+func (r *clientRepo) Metadata(clientID string) (*oidc.ClientMetadata, error) {
 	c, err := r.Get(clientID)
 	if err != nil {
 		return nil, err
@ -164,22 +162,22 @@ func (r *clientIdentityRepo) Metadata(clientID string) (*oidc.ClientMetadata, er
 	return &c.Metadata, nil
 }

-func (r *clientIdentityRepo) IsDexAdmin(clientID string) (bool, error) {
-	m, err := r.executor(nil).Get(clientIdentityModel{}, clientID)
+func (r *clientRepo) IsDexAdmin(clientID string) (bool, error) {
+	m, err := r.executor(nil).Get(clientModel{}, clientID)
 	if m == nil || err != nil {
 		return false, err
 	}

-	cim, ok := m.(*clientIdentityModel)
+	cim, ok := m.(*clientModel)
 	if !ok {
-		log.Errorf("expected clientIdentityModel but found %v", reflect.TypeOf(m))
+		log.Errorf("expected clientModel but found %v", reflect.TypeOf(m))
 		return false, errors.New("unrecognized model")
 	}

 	return cim.DexAdmin, nil
 }

-func (r *clientIdentityRepo) SetDexAdmin(clientID string, isAdmin bool) error {
+func (r *clientRepo) SetDexAdmin(clientID string, isAdmin bool) error {
 	tx, err := r.begin()
 	if err != nil {
 		return err
@ -187,14 +185,14 @@ func (r *clientIdentityRepo) SetDexAdmin(clientID string, isAdmin bool) error {
 	defer tx.Rollback()
 	exec := r.executor(tx)

-	m, err := exec.Get(clientIdentityModel{}, clientID)
+	m, err := exec.Get(clientModel{}, clientID)
 	if m == nil || err != nil {
 		return err
 	}

-	cim, ok := m.(*clientIdentityModel)
+	cim, ok := m.(*clientModel)
 	if !ok {
-		log.Errorf("expected clientIdentityModel but found %v", reflect.TypeOf(m))
+		log.Errorf("expected clientModel but found %v", reflect.TypeOf(m))
 		return errors.New("unrecognized model")
 	}

@ -207,15 +205,15 @@ func (r *clientIdentityRepo) SetDexAdmin(clientID string, isAdmin bool) error {
 	return tx.Commit()
 }

-func (r *clientIdentityRepo) Authenticate(creds oidc.ClientCredentials) (bool, error) {
-	m, err := r.executor(nil).Get(clientIdentityModel{}, creds.ID)
+func (r *clientRepo) Authenticate(creds oidc.ClientCredentials) (bool, error) {
+	m, err := r.executor(nil).Get(clientModel{}, creds.ID)
 	if m == nil || err != nil {
 		return false, err
 	}

-	cim, ok := m.(*clientIdentityModel)
+	cim, ok := m.(*clientModel)
 	if !ok {
-		log.Errorf("expected clientIdentityModel but found %v", reflect.TypeOf(m))
+		log.Errorf("expected clientModel but found %v", reflect.TypeOf(m))
 		return false, errors.New("unrecognized model")
 	}

@ -252,14 +250,15 @@ func isAlreadyExistsErr(err error) bool {
 	return false
 }

-func (r *clientIdentityRepo) New(cli client.Client) (*oidc.ClientCredentials, error) {
+func (r *clientRepo) New(cli client.Client) (*oidc.ClientCredentials, error) {
 	secret, err := pcrypto.RandBytes(maxSecretLength)
 	if err != nil {
 		return nil, err
 	}

 	cli.Credentials.Secret = base64.URLEncoding.EncodeToString(secret)
-	cim, err := newClientIdentityModel(cli)
+	cim, err := newClientModel(cli)
+
 	if err != nil {
 		return nil, err
 	}
@ -279,19 +278,19 @@ func (r *clientIdentityRepo) New(cli client.Client) (*oidc.ClientCredentials, er
 	return &cc, nil
 }

-func (r *clientIdentityRepo) All() ([]client.Client, error) {
-	qt := r.quote(clientIdentityTableName)
+func (r *clientRepo) All() ([]client.Client, error) {
+	qt := r.quote(clientTableName)
 	q := fmt.Sprintf("SELECT * FROM %s", qt)
-	objs, err := r.executor(nil).Select(&clientIdentityModel{}, q)
+	objs, err := r.executor(nil).Select(&clientModel{}, q)
 	if err != nil {
 		return nil, err
 	}

 	cs := make([]client.Client, len(objs))
 	for i, obj := range objs {
-		m, ok := obj.(*clientIdentityModel)
+		m, ok := obj.(*clientModel)
 		if !ok {
-			return nil, errors.New("unable to cast client identity to clientIdentityModel")
+			return nil, errors.New("unable to cast client identity to clientModel")
 		}

 		ci, err := m.Client()
--- a/db/migrate_test.go
+++ b/db/migrate_test.go
@ -88,7 +88,7 @@ func TestMigrateClientMetadata(t *testing.T) {
 	}

 	for i, tt := range tests {
-		model := &clientIdentityModel{
+		model := &clientModel{
 			ID:       strconv.Itoa(i),
 			Secret:   []byte("verysecret"),
 			Metadata: tt.before,
@ -108,12 +108,12 @@ func TestMigrateClientMetadata(t *testing.T) {

 	for i, tt := range tests {
 		id := strconv.Itoa(i)
-		m, err := dbMap.Get(clientIdentityModel{}, id)
+		m, err := dbMap.Get(clientModel{}, id)
 		if err != nil {
 			t.Errorf("case %d: failed to get model: %v", i, err)
 			continue
 		}
-		cim, ok := m.(*clientIdentityModel)
+		cim, ok := m.(*clientModel)
 		if !ok {
 			t.Errorf("case %d: unrecognized model type: %T", i, m)
 			continue
--- a/db/refresh.go
+++ b/db/refresh.go
@ -189,9 +189,9 @@ func (r *refreshTokenRepo) RevokeTokensForClient(userID, clientID string) error
 func (r *refreshTokenRepo) ClientsWithRefreshTokens(userID string) ([]client.Client, error) {
 	q := `SELECT c.* FROM %s as c
 	INNER JOIN %s as r ON c.id = r.client_id WHERE r.user_id = $1;`
-	q = fmt.Sprintf(q, r.quote(clientIdentityTableName), r.quote(refreshTokenTableName))
+	q = fmt.Sprintf(q, r.quote(clientTableName), r.quote(refreshTokenTableName))

-	var clients []clientIdentityModel
+	var clients []clientModel
 	if _, err := r.executor(nil).Select(&clients, q, userID); err != nil {
 		return nil, err
 	}
--- a/functional/db_test.go
+++ b/functional/db_test.go
@ -181,8 +181,8 @@ func TestDBPrivateKeySetRepoSetGet(t *testing.T) {
 	}
 }

-func TestDBClientIdentityRepoMetadata(t *testing.T) {
-	r := db.NewClientIdentityRepo(connect(t))
+func TestDBClientRepoMetadata(t *testing.T) {
+	r := db.NewClientRepo(connect(t))

 	cm := oidc.ClientMetadata{
 		RedirectURIs: []url.URL{
@ -211,8 +211,8 @@ func TestDBClientIdentityRepoMetadata(t *testing.T) {
 	}
 }

-func TestDBClientIdentityRepoMetadataNoExist(t *testing.T) {
-	r := db.NewClientIdentityRepo(connect(t))
+func TestDBClientRepoMetadataNoExist(t *testing.T) {
+	r := db.NewClientRepo(connect(t))

 	got, err := r.Metadata("noexist")
 	if err != client.ErrorNotFound {
@ -223,8 +223,8 @@ func TestDBClientIdentityRepoMetadataNoExist(t *testing.T) {
 	}
 }

-func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
-	r := db.NewClientIdentityRepo(connect(t))
+func TestDBClientRepoNewDuplicate(t *testing.T) {
+	r := db.NewClientRepo(connect(t))

 	meta1 := oidc.ClientMetadata{
 		RedirectURIs: []url.URL{
@ -257,8 +257,8 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
 	}
 }

-func TestDBClientIdentityRepoAuthenticate(t *testing.T) {
-	r := db.NewClientIdentityRepo(connect(t))
+func TestDBClientRepoAuthenticate(t *testing.T) {
+	r := db.NewClientRepo(connect(t))

 	cm := oidc.ClientMetadata{
 		RedirectURIs: []url.URL{
@ -310,8 +310,8 @@ func TestDBClientIdentityRepoAuthenticate(t *testing.T) {
 	}
 }

-func TestDBClientIdentityAll(t *testing.T) {
-	r := db.NewClientIdentityRepo(connect(t))
+func TestDBClientAll(t *testing.T) {
+	r := db.NewClientRepo(connect(t))

 	cm := oidc.ClientMetadata{
 		RedirectURIs: []url.URL{
--- a/functional/repo/client_repo_test.go
+++ b/functional/repo/client_repo_test.go
@ -48,7 +48,7 @@ var (
 	}
 )

-func newClientIdentityRepo(t *testing.T) client.ClientIdentityRepo {
+func newClientRepo(t *testing.T) client.ClientRepo {
 	dsn := os.Getenv("DEX_TEST_DSN")
 	var dbMap *gorp.DbMap
 	if dsn == "" {
@ -56,7 +56,7 @@ func newClientIdentityRepo(t *testing.T) client.ClientIdentityRepo {
 	} else {
 		dbMap = connect(t)
 	}
-	repo, err := db.NewClientIdentityRepoFromClients(dbMap, testClients)
+	repo, err := db.NewClientRepoFromClients(dbMap, testClients)
 	if err != nil {
 		t.Fatalf("failed to create client repo from clients: %v", err)
 	}
@ -101,7 +101,7 @@ func TestGetSetAdminClient(t *testing.T) {

 Tests:
 	for i, tt := range tests {
-		repo := newClientIdentityRepo(t)
+		repo := newClientRepo(t)
 		for _, cid := range startAdmins {
 			err := repo.SetDexAdmin(cid, true)
 			if err != nil {
--- a/functional/repo/refresh_repo_test.go
+++ b/functional/repo/refresh_repo_test.go
@ -27,7 +27,7 @@ func newRefreshRepo(t *testing.T, users []user.UserWithRemoteIdentities, clients
 	if _, err := db.NewUserRepoFromUsers(dbMap, users); err != nil {
 		t.Fatalf("Unable to add users: %v", err)
 	}
-	if _, err := db.NewClientIdentityRepoFromClients(dbMap, clients); err != nil {
+	if _, err := db.NewClientRepoFromClients(dbMap, clients); err != nil {
 		t.Fatalf("Unable to add clients: %v", err)
 	}
 	return db.NewRefreshTokenRepo(dbMap)
--- a/integration/client_api_test.go
+++ b/integration/client_api_test.go
@ -73,7 +73,7 @@ func TestClientCreate(t *testing.T) {
 		t.Error("Expected non-empty Client Secret")
 	}

-	meta, err := srv.ClientIdentityRepo.Metadata(newClient.Id)
+	meta, err := srv.ClientRepo.Metadata(newClient.Id)
 	if err != nil {
 		t.Errorf("Error looking up client metadata: %v", err)
 	} else if meta == nil {
--- a/integration/oidc_test.go
+++ b/integration/oidc_test.go
@ -35,17 +35,17 @@ func mockServer(cis []client.Client) (*server.Server, error) {
 	if err != nil {
 		return nil, err
 	}
-	clientIdentityRepo, err := db.NewClientIdentityRepoFromClients(dbMap, cis)
+	clientRepo, err := db.NewClientRepoFromClients(dbMap, cis)
 	if err != nil {
 		return nil, err
 	}

 	sm := manager.NewSessionManager(db.NewSessionRepo(dbMap), db.NewSessionKeyRepo(dbMap))
 	srv := &server.Server{
-		IssuerURL:          url.URL{Scheme: "http", Host: "server.example.com"},
-		KeyManager:         km,
-		ClientIdentityRepo: clientIdentityRepo,
-		SessionManager:     sm,
+		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
+		KeyManager:     km,
+		ClientRepo:     clientRepo,
+		SessionManager: sm,
 	}

 	return srv, nil
@ -125,7 +125,7 @@ func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
 	}

 	dbMap := db.NewMemDB()
-	cir, err := db.NewClientIdentityRepoFromClients(dbMap, []client.Client{ci})
+	cir, err := db.NewClientRepoFromClients(dbMap, []client.Client{ci})
 	if err != nil {
 		t.Fatalf("Failed to create client identity repo: " + err.Error())
 	}
@ -161,15 +161,15 @@ func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
 	refreshTokenRepo := refreshtest.NewTestRefreshTokenRepo()

 	srv := &server.Server{
-		IssuerURL:          issuerURL,
-		KeyManager:         km,
-		SessionManager:     sm,
-		ClientIdentityRepo: cir,
-		Templates:          template.New(connector.LoginPageTemplateName),
-		Connectors:         []connector.Connector{},
-		UserRepo:           userRepo,
-		PasswordInfoRepo:   passwordInfoRepo,
-		RefreshTokenRepo:   refreshTokenRepo,
+		IssuerURL:        issuerURL,
+		KeyManager:       km,
+		SessionManager:   sm,
+		ClientRepo:       cir,
+		Templates:        template.New(connector.LoginPageTemplateName),
+		Connectors:       []connector.Connector{},
+		UserRepo:         userRepo,
+		PasswordInfoRepo: passwordInfoRepo,
+		RefreshTokenRepo: refreshTokenRepo,
 	}

 	if err = srv.AddConnector(cfg); err != nil {
--- a/integration/user_api_test.go
+++ b/integration/user_api_test.go
@ -101,8 +101,8 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
 	f := &userAPITestFixtures{}

 	dbMap, _, _, um := makeUserObjects(userUsers, userPasswords)
-	cir := func() client.ClientIdentityRepo {
-		repo, err := db.NewClientIdentityRepoFromClients(dbMap, []client.Client{
+	cir := func() client.ClientRepo {
+		repo, err := db.NewClientRepoFromClients(dbMap, []client.Client{
 			client.Client{
 				Credentials: oidc.ClientCredentials{
 					ID:     testClientID,
--- a/schema/adminschema/v1-json.go
+++ b/schema/adminschema/v1-json.go
@ -1,4 +1,5 @@
 package adminschema
+
 //
 // This file is automatically generated by schema/generator
 //
@ -180,4 +181,4 @@ const DiscoveryJSON = `{
      }
  }
 }
-`
+`
--- a/schema/workerschema/v1-json.go
+++ b/schema/workerschema/v1-json.go
@ -1,4 +1,5 @@
 package workerschema
+
 //
 // This file is automatically generated by schema/generator
 //
@ -419,4 +420,4 @@ const DiscoveryJSON = `{
    }
  }
 }
-`
+`
--- a/server/auth_middleware.go
+++ b/server/auth_middleware.go
@ -14,7 +14,7 @@ import (

 type clientTokenMiddleware struct {
 	issuerURL string
-	ciRepo    client.ClientIdentityRepo
+	ciRepo    client.ClientRepo
 	keysFunc  func() ([]key.PublicKey, error)
 	next      http.Handler
 }
@ -31,7 +31,7 @@ func (c *clientTokenMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request
 	}

 	if c.ciRepo == nil {
-		log.Errorf("Misconfigured clientTokenMiddleware, ClientIdentityRepo is not set")
+		log.Errorf("Misconfigured clientTokenMiddleware, ClientRepo is not set")
 		respondError()
 		return
 	}
--- a/server/auth_middleware_test.go
+++ b/server/auth_middleware_test.go
@ -37,7 +37,7 @@ func TestClientToken(t *testing.T) {
 			},
 		},
 	}
-	repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{ci})
+	repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{ci})
 	if err != nil {
 		t.Fatalf("Failed to create client identity repo: %v", err)
 	}
@ -65,7 +65,7 @@ func TestClientToken(t *testing.T) {

 	tests := []struct {
 		keys     []key.PublicKey
-		repo     client.ClientIdentityRepo
+		repo     client.ClientRepo
 		header   string
 		wantCode int
 	}{
@ -114,7 +114,7 @@ func TestClientToken(t *testing.T) {
 		// empty repo
 		{
 			keys:     []key.PublicKey{pubKey},
-			repo:     db.NewClientIdentityRepo(db.NewMemDB()),
+			repo:     db.NewClientRepo(db.NewMemDB()),
 			header:   fmt.Sprintf("BEARER %s", validJWT),
 			wantCode: http.StatusUnauthorized,
 		},
--- a/server/client_registration.go
+++ b/server/client_registration.go
@ -45,7 +45,7 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
 		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
 	}

-	creds, err := s.ClientIdentityRepo.New(client.Client{
+	creds, err := s.ClientRepo.New(client.Client{
 		Credentials: oidc.ClientCredentials{
 			ID: id,
 		},
--- a/server/client_registration_test.go
+++ b/server/client_registration_test.go
@ -143,7 +143,7 @@ func TestClientRegistration(t *testing.T) {
 				return fmt.Errorf("no client id in registration response")
 			}

-			metadata, err := fixtures.clientIdentityRepo.Metadata(r.ClientID)
+			metadata, err := fixtures.clientRepo.Metadata(r.ClientID)
 			if err != nil {
 				return fmt.Errorf("failed to lookup client id after creation")
 			}
--- a/server/client_resource.go
+++ b/server/client_resource.go
@ -14,10 +14,10 @@ import (
 )

 type clientResource struct {
-	repo client.ClientIdentityRepo
+	repo client.ClientRepo
 }

-func registerClientResource(prefix string, repo client.ClientIdentityRepo) (string, http.Handler) {
+func registerClientResource(prefix string, repo client.ClientRepo) (string, http.Handler) {
 	mux := http.NewServeMux()
 	c := &clientResource{
 		repo: repo,
--- a/server/client_resource_test.go
+++ b/server/client_resource_test.go
@ -28,7 +28,7 @@ func makeBody(s string) io.ReadCloser {
 func TestCreateInvalidRequest(t *testing.T) {
 	u := &url.URL{Scheme: "http", Host: "example.com", Path: "clients"}
 	h := http.Header{"Content-Type": []string{"application/json"}}
-	repo := db.NewClientIdentityRepo(db.NewMemDB())
+	repo := db.NewClientRepo(db.NewMemDB())
 	res := &clientResource{repo: repo}
 	tests := []struct {
 		req      *http.Request
@ -119,7 +119,7 @@ func TestCreateInvalidRequest(t *testing.T) {
 }

 func TestCreate(t *testing.T) {
-	repo := db.NewClientIdentityRepo(db.NewMemDB())
+	repo := db.NewClientRepo(db.NewMemDB())
 	res := &clientResource{repo: repo}
 	tests := [][]string{
 		[]string{"http://example.com"},
@ -239,7 +239,7 @@ func TestList(t *testing.T) {
 	}

 	for i, tt := range tests {
-		repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), tt.cs)
+		repo, err := db.NewClientRepoFromClients(db.NewMemDB(), tt.cs)
 		if err != nil {
 			t.Errorf("case %d: failed to create client identity repo: %v", i, err)
 			continue
--- a/server/config.go
+++ b/server/config.go
@ -114,7 +114,7 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {
 	if err != nil {
 		return fmt.Errorf("unable to read clients from file %s: %v", cfg.ClientsFile, err)
 	}
-	ciRepo, err := db.NewClientIdentityRepoFromClients(dbMap, clients)
+	ciRepo, err := db.NewClientRepoFromClients(dbMap, clients)
 	if err != nil {
 		return fmt.Errorf("failed to create client identity repo: %v", err)
 	}
@ -155,7 +155,7 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {

 	txnFactory := db.TransactionFactory(dbMap)
 	userManager := usermanager.NewUserManager(userRepo, pwiRepo, cfgRepo, txnFactory, usermanager.ManagerOptions{})
-	srv.ClientIdentityRepo = ciRepo
+	srv.ClientRepo = ciRepo
 	srv.KeySetRepo = kRepo
 	srv.ConnectorConfigRepo = cfgRepo
 	srv.UserRepo = userRepo
@ -246,7 +246,7 @@ func (cfg *MultiServerConfig) Configure(srv *Server) error {
 		return fmt.Errorf("unable to create PrivateKeySetRepo: %v", err)
 	}

-	ciRepo := db.NewClientIdentityRepo(dbc)
+	ciRepo := db.NewClientRepo(dbc)
 	sRepo := db.NewSessionRepo(dbc)
 	skRepo := db.NewSessionKeyRepo(dbc)
 	cfgRepo := db.NewConnectorConfigRepo(dbc)
@ -257,7 +257,7 @@ func (cfg *MultiServerConfig) Configure(srv *Server) error {

 	sm := sessionmanager.NewSessionManager(sRepo, skRepo)

-	srv.ClientIdentityRepo = ciRepo
+	srv.ClientRepo = ciRepo
 	srv.KeySetRepo = kRepo
 	srv.ConnectorConfigRepo = cfgRepo
 	srv.UserRepo = userRepo
--- a/server/email_verification.go
+++ b/server/email_verification.go
@ -28,7 +28,7 @@ func handleVerifyEmailResendFunc(
 	srvKeysFunc func() ([]key.PublicKey, error),
 	emailer *useremail.UserEmailer,
 	userRepo user.UserRepo,
-	clientIdentityRepo client.ClientIdentityRepo) http.HandlerFunc {
+	clientRepo client.ClientRepo) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		decoder := json.NewDecoder(r.Body)
 		var params struct {
@ -57,7 +57,7 @@ func handleVerifyEmailResendFunc(
 			return
 		}

-		cm, err := clientIdentityRepo.Metadata(clientID)
+		cm, err := clientRepo.Metadata(clientID)
 		if err == client.ErrorNotFound {
 			log.Errorf("No such client: %v", err)
 			writeAPIError(w, http.StatusBadRequest,
--- a/server/email_verification_test.go
+++ b/server/email_verification_test.go
@ -130,7 +130,7 @@ func TestHandleVerifyEmailResend(t *testing.T) {
 			keysFunc,
 			f.srv.UserEmailer,
 			f.userRepo,
-			f.clientIdentityRepo)
+			f.clientRepo)

 		w := httptest.NewRecorder()
 		u := "http://example.com"
--- a/server/http_test.go
+++ b/server/http_test.go
@ -78,8 +78,8 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
 	srv := &Server{
 		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
 		SessionManager: manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB())),
-		ClientIdentityRepo: func() client.ClientIdentityRepo {
-			repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+		ClientRepo: func() client.ClientRepo {
+			repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 				client.Client{
 					Credentials: oidc.ClientCredentials{
 						ID:     "XXX",
@ -230,8 +230,8 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 	srv := &Server{
 		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
 		SessionManager: manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB())),
-		ClientIdentityRepo: func() client.ClientIdentityRepo {
-			repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+		ClientRepo: func() client.ClientRepo {
+			repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 				client.Client{
 					Credentials: oidc.ClientCredentials{
 						ID:     "XXX",
--- a/server/password.go
+++ b/server/password.go
@ -29,7 +29,7 @@ type SendResetPasswordEmailHandler struct {
 	tpl     *template.Template
 	emailer *useremail.UserEmailer
 	sm      *sessionmanager.SessionManager
-	cr      client.ClientIdentityRepo
+	cr      client.ClientRepo
 }

 func (h *SendResetPasswordEmailHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
--- a/server/password_test.go
+++ b/server/password_test.go
@ -267,7 +267,7 @@ func TestSendResetPasswordEmailHandler(t *testing.T) {
 			tpl:     f.srv.SendResetPasswordEmailTemplate,
 			emailer: f.srv.UserEmailer,
 			sm:      f.sessionManager,
-			cr:      f.clientIdentityRepo,
+			cr:      f.clientRepo,
 		}

 		w := httptest.NewRecorder()
--- a/server/server.go
+++ b/server/server.go
@ -60,7 +60,7 @@ type Server struct {
 	KeyManager                     key.PrivateKeyManager
 	KeySetRepo                     key.PrivateKeySetRepo
 	SessionManager                 *sessionmanager.SessionManager
-	ClientIdentityRepo             client.ClientIdentityRepo
+	ClientRepo                     client.ClientRepo
 	ConnectorConfigRepo            connector.ConnectorConfigRepo
 	Templates                      *template.Template
 	LoginTemplate                  *template.Template
@ -213,13 +213,13 @@ func (s *Server) HTTPHandler() http.Handler {
 		s.KeyManager.PublicKeys,
 		s.UserEmailer,
 		s.UserRepo,
-		s.ClientIdentityRepo)))
+		s.ClientRepo)))

 	mux.Handle(httpPathSendResetPassword, &SendResetPasswordEmailHandler{
 		tpl:     s.SendResetPasswordEmailTemplate,
 		emailer: s.UserEmailer,
 		sm:      s.SessionManager,
-		cr:      s.ClientIdentityRepo,
+		cr:      s.ClientRepo,
 	})

 	mux.Handle(httpPathResetPassword, &ResetPasswordHandler{
@ -256,11 +256,11 @@ func (s *Server) HTTPHandler() http.Handler {
 	apiBasePath := path.Join(httpPathAPI, APIVersion)
 	registerDiscoveryResource(apiBasePath, mux)

-	clientPath, clientHandler := registerClientResource(apiBasePath, s.ClientIdentityRepo)
+	clientPath, clientHandler := registerClientResource(apiBasePath, s.ClientRepo)
 	mux.Handle(path.Join(apiBasePath, clientPath), s.NewClientTokenAuthHandler(clientHandler))

 	usersAPI := usersapi.NewUsersAPI(s.dbMap, s.UserManager, s.UserEmailer, s.localConnectorID)
-	handler := NewUserMgmtServer(usersAPI, s.JWTVerifierFactory(), s.UserManager, s.ClientIdentityRepo).HTTPHandler()
+	handler := NewUserMgmtServer(usersAPI, s.JWTVerifierFactory(), s.UserManager, s.ClientRepo).HTTPHandler()

 	mux.Handle(apiBasePath+"/", handler)

@ -271,14 +271,14 @@ func (s *Server) HTTPHandler() http.Handler {
 func (s *Server) NewClientTokenAuthHandler(handler http.Handler) http.Handler {
 	return &clientTokenMiddleware{
 		issuerURL: s.IssuerURL.String(),
-		ciRepo:    s.ClientIdentityRepo,
+		ciRepo:    s.ClientRepo,
 		keysFunc:  s.KeyManager.PublicKeys,
 		next:      handler,
 	}
 }

 func (s *Server) ClientMetadata(clientID string) (*oidc.ClientMetadata, error) {
-	return s.ClientIdentityRepo.Metadata(clientID)
+	return s.ClientRepo.Metadata(clientID)
 }

 func (s *Server) NewSession(ipdcID, clientID, clientState string, redirectURL url.URL, nonce string, register bool, scope []string) (string, error) {
@ -365,7 +365,7 @@ func (s *Server) Login(ident oidc.Identity, key string) (string, error) {
 }

 func (s *Server) ClientCredsToken(creds oidc.ClientCredentials) (*jose.JWT, error) {
-	ok, err := s.ClientIdentityRepo.Authenticate(creds)
+	ok, err := s.ClientRepo.Authenticate(creds)
 	if err != nil {
 		log.Errorf("Failed fetching client %s from repo: %v", creds.ID, err)
 		return nil, oauth2.NewError(oauth2.ErrorServerError)
@ -397,7 +397,7 @@ func (s *Server) ClientCredsToken(creds oidc.ClientCredentials) (*jose.JWT, erro
 }

 func (s *Server) CodeToken(creds oidc.ClientCredentials, sessionKey string) (*jose.JWT, string, error) {
-	ok, err := s.ClientIdentityRepo.Authenticate(creds)
+	ok, err := s.ClientRepo.Authenticate(creds)
 	if err != nil {
 		log.Errorf("Failed fetching client %s from repo: %v", creds.ID, err)
 		return nil, "", oauth2.NewError(oauth2.ErrorServerError)
@ -466,7 +466,7 @@ func (s *Server) CodeToken(creds oidc.ClientCredentials, sessionKey string) (*jo
 }

 func (s *Server) RefreshToken(creds oidc.ClientCredentials, token string) (*jose.JWT, error) {
-	ok, err := s.ClientIdentityRepo.Authenticate(creds)
+	ok, err := s.ClientRepo.Authenticate(creds)
 	if err != nil {
 		log.Errorf("Failed fetching client %s from repo: %v", creds.ID, err)
 		return nil, oauth2.NewError(oauth2.ErrorServerError)
--- a/server/server_test.go
+++ b/server/server_test.go
@ -194,8 +194,8 @@ func TestServerLogin(t *testing.T) {
 			},
 		},
 	}
-	ciRepo := func() client.ClientIdentityRepo {
-		repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{ci})
+	ciRepo := func() client.ClientRepo {
+		repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{ci})
 		if err != nil {
 			t.Fatalf("Failed to create client identity repo: %v", err)
 		}
@ -219,11 +219,11 @@ func TestServerLogin(t *testing.T) {
 	}

 	srv := &Server{
-		IssuerURL:          url.URL{Scheme: "http", Host: "server.example.com"},
-		KeyManager:         km,
-		SessionManager:     sm,
-		ClientIdentityRepo: ciRepo,
-		UserRepo:           userRepo,
+		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
+		KeyManager:     km,
+		SessionManager: sm,
+		ClientRepo:     ciRepo,
+		UserRepo:       userRepo,
 	}

 	ident := oidc.Identity{ID: "YYY", Name: "elroy", Email: "elroy@example.com"}
@ -244,8 +244,8 @@ func TestServerLogin(t *testing.T) {
 }

 func TestServerLoginUnrecognizedSessionKey(t *testing.T) {
-	ciRepo := func() client.ClientIdentityRepo {
-		repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+	ciRepo := func() client.ClientRepo {
+		repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 			client.Client{
 				Credentials: oidc.ClientCredentials{
 					ID: "XXX", Secret: clientTestSecret,
@ -263,10 +263,10 @@ func TestServerLoginUnrecognizedSessionKey(t *testing.T) {
 	}
 	sm := manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB()))
 	srv := &Server{
-		IssuerURL:          url.URL{Scheme: "http", Host: "server.example.com"},
-		KeyManager:         km,
-		SessionManager:     sm,
-		ClientIdentityRepo: ciRepo,
+		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
+		KeyManager:     km,
+		SessionManager: sm,
+		ClientRepo:     ciRepo,
 	}

 	ident := oidc.Identity{ID: "YYY", Name: "elroy", Email: "elroy@example.com"}
@ -296,8 +296,8 @@ func TestServerLoginDisabledUser(t *testing.T) {
 			},
 		},
 	}
-	ciRepo := func() client.ClientIdentityRepo {
-		repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{ci})
+	ciRepo := func() client.ClientRepo {
+		repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{ci})
 		if err != nil {
 			t.Fatalf("Failed to create client identity repo: %v", err)
 		}
@ -335,11 +335,11 @@ func TestServerLoginDisabledUser(t *testing.T) {
 	})

 	srv := &Server{
-		IssuerURL:          url.URL{Scheme: "http", Host: "server.example.com"},
-		KeyManager:         km,
-		SessionManager:     sm,
-		ClientIdentityRepo: ciRepo,
-		UserRepo:           userRepo,
+		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
+		KeyManager:     km,
+		SessionManager: sm,
+		ClientRepo:     ciRepo,
+		UserRepo:       userRepo,
 	}

 	ident := oidc.Identity{ID: "disabled-connector-id", Name: "elroy", Email: "elroy@example.com"}
@ -361,8 +361,8 @@ func TestServerCodeToken(t *testing.T) {
 			Secret: clientTestSecret,
 		},
 	}
-	ciRepo := func() client.ClientIdentityRepo {
-		repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{ci})
+	ciRepo := func() client.ClientRepo {
+		repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{ci})
 		if err != nil {
 			t.Fatalf("Failed to create client identity repo: %v", err)
 		}
@ -381,12 +381,12 @@ func TestServerCodeToken(t *testing.T) {
 	refreshTokenRepo := refreshtest.NewTestRefreshTokenRepo()

 	srv := &Server{
-		IssuerURL:          url.URL{Scheme: "http", Host: "server.example.com"},
-		KeyManager:         km,
-		SessionManager:     sm,
-		ClientIdentityRepo: ciRepo,
-		UserRepo:           userRepo,
-		RefreshTokenRepo:   refreshTokenRepo,
+		IssuerURL:        url.URL{Scheme: "http", Host: "server.example.com"},
+		KeyManager:       km,
+		SessionManager:   sm,
+		ClientRepo:       ciRepo,
+		UserRepo:         userRepo,
+		RefreshTokenRepo: refreshTokenRepo,
 	}

 	tests := []struct {
@ -447,8 +447,8 @@ func TestServerTokenUnrecognizedKey(t *testing.T) {
 			Secret: clientTestSecret,
 		},
 	}
-	ciRepo := func() client.ClientIdentityRepo {
-		repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{ci})
+	ciRepo := func() client.ClientRepo {
+		repo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{ci})
 		if err != nil {
 			t.Fatalf("Failed to create client identity repo: %v", err)
 		}
@ -460,10 +460,10 @@ func TestServerTokenUnrecognizedKey(t *testing.T) {
 	sm := manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB()))

 	srv := &Server{
-		IssuerURL:          url.URL{Scheme: "http", Host: "server.example.com"},
-		KeyManager:         km,
-		SessionManager:     sm,
-		ClientIdentityRepo: ciRepo,
+		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
+		KeyManager:     km,
+		SessionManager: sm,
+		ClientRepo:     ciRepo,
 	}

 	sessionID, err := sm.NewSession("connector_id", ci.Credentials.ID, "bogus", url.URL{}, "", false, []string{"openid", "offline_access"})
@ -569,7 +569,7 @@ func TestServerTokenFail(t *testing.T) {
 		km := &StaticKeyManager{
 			signer: tt.signer,
 		}
-		ciRepo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+		ciRepo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 			client.Client{Credentials: ccFixture},
 		})
 		if err != nil {
@ -590,12 +590,12 @@ func TestServerTokenFail(t *testing.T) {
 		refreshTokenRepo := refreshtest.NewTestRefreshTokenRepo()

 		srv := &Server{
-			IssuerURL:          issuerURL,
-			KeyManager:         km,
-			SessionManager:     sm,
-			ClientIdentityRepo: ciRepo,
-			UserRepo:           userRepo,
-			RefreshTokenRepo:   refreshTokenRepo,
+			IssuerURL:        issuerURL,
+			KeyManager:       km,
+			SessionManager:   sm,
+			ClientRepo:       ciRepo,
+			UserRepo:         userRepo,
+			RefreshTokenRepo: refreshTokenRepo,
 		}

 		_, err = sm.NewSessionKey(sessionID)
@ -731,7 +731,7 @@ func TestServerRefreshToken(t *testing.T) {
 			signer: tt.signer,
 		}

-		ciRepo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+		ciRepo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 			client.Client{Credentials: credXXX},
 			client.Client{Credentials: credYYY},
 		})
@ -748,11 +748,11 @@ func TestServerRefreshToken(t *testing.T) {
 		refreshTokenRepo := refreshtest.NewTestRefreshTokenRepo()

 		srv := &Server{
-			IssuerURL:          issuerURL,
-			KeyManager:         km,
-			ClientIdentityRepo: ciRepo,
-			UserRepo:           userRepo,
-			RefreshTokenRepo:   refreshTokenRepo,
+			IssuerURL:        issuerURL,
+			KeyManager:       km,
+			ClientRepo:       ciRepo,
+			UserRepo:         userRepo,
+			RefreshTokenRepo: refreshTokenRepo,
 		}

 		if _, err := refreshTokenRepo.Create("testid-1", tt.clientID); err != nil {
@ -784,7 +784,7 @@ func TestServerRefreshToken(t *testing.T) {
 		signer: signerFixture,
 	}

-	ciRepo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+	ciRepo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 		client.Client{Credentials: credXXX},
 		client.Client{Credentials: credYYY},
 	})
@ -808,11 +808,11 @@ func TestServerRefreshToken(t *testing.T) {
 	refreshTokenRepo := refreshtest.NewTestRefreshTokenRepo()

 	srv := &Server{
-		IssuerURL:          issuerURL,
-		KeyManager:         km,
-		ClientIdentityRepo: ciRepo,
-		UserRepo:           userRepo,
-		RefreshTokenRepo:   refreshTokenRepo,
+		IssuerURL:        issuerURL,
+		KeyManager:       km,
+		ClientRepo:       ciRepo,
+		UserRepo:         userRepo,
+		RefreshTokenRepo: refreshTokenRepo,
 	}

 	if _, err := refreshTokenRepo.Create("testid-2", credXXX.ID); err != nil {
--- a/server/testutil.go
+++ b/server/testutil.go
@ -73,12 +73,12 @@ var (
 )

 type testFixtures struct {
-	srv                *Server
-	userRepo           user.UserRepo
-	sessionManager     *sessionmanager.SessionManager
-	emailer            *email.TemplatizedEmailer
-	redirectURL        url.URL
-	clientIdentityRepo client.ClientIdentityRepo
+	srv            *Server
+	userRepo       user.UserRepo
+	sessionManager *sessionmanager.SessionManager
+	emailer        *email.TemplatizedEmailer
+	redirectURL    url.URL
+	clientRepo     client.ClientRepo
 }

 func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
@ -136,7 +136,7 @@ func makeTestFixtures() (*testFixtures, error) {
 		return nil, err
 	}

-	clientIdentityRepo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []client.Client{
+	clientRepo, err := db.NewClientRepoFromClients(db.NewMemDB(), []client.Client{
 		client.Client{
 			Credentials: oidc.ClientCredentials{
 				ID:     "XXX",
@ -167,14 +167,14 @@ func makeTestFixtures() (*testFixtures, error) {
 	}

 	srv := &Server{
-		IssuerURL:          testIssuerURL,
-		SessionManager:     sessionManager,
-		ClientIdentityRepo: clientIdentityRepo,
-		Templates:          tpl,
-		UserRepo:           userRepo,
-		PasswordInfoRepo:   pwRepo,
-		UserManager:        manager,
-		KeyManager:         km,
+		IssuerURL:        testIssuerURL,
+		SessionManager:   sessionManager,
+		ClientRepo:       clientRepo,
+		Templates:        tpl,
+		UserRepo:         userRepo,
+		PasswordInfoRepo: pwRepo,
+		UserManager:      manager,
+		KeyManager:       km,
 	}

 	err = setTemplates(srv, tpl)
@ -201,11 +201,11 @@ func makeTestFixtures() (*testFixtures, error) {
 	)

 	return &testFixtures{
-		srv:                srv,
-		redirectURL:        testRedirectURL,
-		userRepo:           userRepo,
-		sessionManager:     sessionManager,
-		emailer:            emailer,
-		clientIdentityRepo: clientIdentityRepo,
+		srv:            srv,
+		redirectURL:    testRedirectURL,
+		userRepo:       userRepo,
+		sessionManager: sessionManager,
+		emailer:        emailer,
+		clientRepo:     clientRepo,
 	}, nil
 }
--- a/server/user.go
+++ b/server/user.go
@ -39,10 +39,10 @@ type UserMgmtServer struct {
 	api         *api.UsersAPI
 	jwtvFactory JWTVerifierFactory
 	um          *manager.UserManager
-	cir         client.ClientIdentityRepo
+	cir         client.ClientRepo
 }

-func NewUserMgmtServer(userMgmtAPI *api.UsersAPI, jwtvFactory JWTVerifierFactory, um *manager.UserManager, cir client.ClientIdentityRepo) *UserMgmtServer {
+func NewUserMgmtServer(userMgmtAPI *api.UsersAPI, jwtvFactory JWTVerifierFactory, um *manager.UserManager, cir client.ClientRepo) *UserMgmtServer {
 	return &UserMgmtServer{
 		api:         userMgmtAPI,
 		jwtvFactory: jwtvFactory,
--- a/user/api/api.go
+++ b/user/api/api.go
@ -88,11 +88,11 @@ func (e Error) Error() string {
 // calling User. It is assumed that the clientID has already validated as an
 // admin app before calling.
 type UsersAPI struct {
-	manager            *manager.UserManager
-	localConnectorID   string
-	clientIdentityRepo client.ClientIdentityRepo
-	refreshRepo        refresh.RefreshTokenRepo
-	emailer            Emailer
+	manager          *manager.UserManager
+	localConnectorID string
+	clientRepo       client.ClientRepo
+	refreshRepo      refresh.RefreshTokenRepo
+	emailer          Emailer
 }

 type Emailer interface {
@ -107,11 +107,11 @@ type Creds struct {
 // TODO(ericchiang): Don't pass a dbMap. See #385.
 func NewUsersAPI(dbMap *gorp.DbMap, userManager *manager.UserManager, emailer Emailer, localConnectorID string) *UsersAPI {
 	return &UsersAPI{
-		manager:            userManager,
-		refreshRepo:        db.NewRefreshTokenRepo(dbMap),
-		clientIdentityRepo: db.NewClientIdentityRepo(dbMap),
-		localConnectorID:   localConnectorID,
-		emailer:            emailer,
+		manager:          userManager,
+		refreshRepo:      db.NewRefreshTokenRepo(dbMap),
+		clientRepo:       db.NewClientRepo(dbMap),
+		localConnectorID: localConnectorID,
+		emailer:          emailer,
 	}
 }

@ -157,7 +157,7 @@ func (u *UsersAPI) CreateUser(creds Creds, usr schema.User, redirURL url.URL) (s
 		return schema.UserCreateResponse{}, mapError(err)
 	}

-	metadata, err := u.clientIdentityRepo.Metadata(creds.ClientID)
+	metadata, err := u.clientRepo.Metadata(creds.ClientID)
 	if err != nil {
 		return schema.UserCreateResponse{}, mapError(err)
 	}
@ -202,7 +202,7 @@ func (u *UsersAPI) ResendEmailInvitation(creds Creds, userID string, redirURL ur
 		return schema.ResendEmailInvitationResponse{}, ErrorUnauthorized
 	}

-	metadata, err := u.clientIdentityRepo.Metadata(creds.ClientID)
+	metadata, err := u.clientRepo.Metadata(creds.ClientID)
 	if err != nil {
 		return schema.ResendEmailInvitationResponse{}, mapError(err)
 	}
--- a/user/api/api_test.go
+++ b/user/api/api_test.go
@ -167,8 +167,7 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) {
 			},
 		},
 	}
-
-	if _, err := db.NewClientIdentityRepoFromClients(dbMap, []client.Client{ci}); err != nil {
+	if _, err := db.NewClientRepoFromClients(dbMap, []client.Client{ci}); err != nil {
 		panic("Failed to create client  repo: " + err.Error())
 	}