OpenIDConnectClientFormBase exposes client secret

Created on 27 July 2023, 11 months ago

Updated 31 July 2023, 11 months ago

I have configured openid_connect so that my client_secret is stored in settings.php

$config['openid_connect.client.my_client']['settings']['client_secret'] = getenv('OIDC_SECRET');

because I do not want it saved to the config yml.

When I view the edit form, the secret is retrieved and displayed (this is not expected), and when I save the form, it is written to the yml file.

I would prefer to not display the secret in the config edit form.

Is that an option here, or is the permission `Administer OpenID Connect clients` the only failsafe?

✨ Feature request

Status

Closed: duplicate

Version

3.0

Component

Code

Created by

🇺🇸United States staceroni

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @staceroni
Comment 11 months ago →
🇵🇹Portugal jcnventura
The best way to handle this would be for you to test and maybe mark as RTBC the issue ✨ Integrate with the key module Needs work .

Maybe mark this as duplicate if you are OK with that solution.
Status changed to Postponed: needs info 11 months ago11:04am 29 July 2023
Comment 11 months ago →
🇵🇹Portugal jcnventura
Status changed to Closed: duplicate 11 months ago5:15pm 31 July 2023
Comment 11 months ago →
🇺🇸United States staceroni

Production build 0.69.0 2024