Validate the token in settings form

I suspect it works ok in 99% of the cases but I am wondering in case we use $config['cloudflare_stream.settings']['api_token'] = 'xxxxxxx' in a secrets.settings.php (to avoid exposing this in config), it may make impossible to submit the form. I should probably give a check at other modules exposing form for settings that we tend to exclude from config for security reason.

I can confirm that the code you provided is correct for the form. But very good thinking about overwriting the config from settings. We indeed need to make sure that everything still works then also.

I think the current approach is OK with overwriting the config from settings. There is no difference with other modules which the config may be managed via settings.

On my local I have remove the token from the config (using drush cset), I added a fake token via $config['cloudflare_stream.settings']['api_token'] = 'dummy'; in the settings file. The API calls are failing as expected. I then changed it to a real token and the API calls are working as expected.

I follow your advice and I'm happy you have tested this. I did this myself also and everything worked ok.
There are 2 CS issues that needs resolving before I can merge this. For the rest it looks good.

Hi vbouchet, thanks again for the really nice addition to this module.
I've removed the TypedConfigManagerInterface for now as this is not yet required and PHPSTAN would point this out as a warning.
I would rather have this added as a separate issue to easier explain why this is added.

For the record and anyone looking for the info => https://www.drupal.org/node/3404140 →

Follow up in 📌 Add TypedConfigManagerInterface to the settings form Active

Automatically closed - issue fixed for 2 weeks with no activity.