robotdan
commented
3 weeks ago Is this a duplicate of https://github.com/FusionAuth/fusionauth-issues/issues/1059?
Closed mooreds closed 2 weeks ago
robotdan
commented
3 weeks ago Is this a duplicate of https://github.com/FusionAuth/fusionauth-issues/issues/1059?
mooreds
commented
3 weeks ago Yes, I'd say 1059 is a superset of this request.
robotdan
commented
2 weeks ago Closing, will be handled under #1059
Obscure the client secret in the application screen
Problem
Auditors might be giving folks a hard time about client secrets being exposed in the admin UI.
Solution
The same way API keys are obscured, it'd be good to obscure the client secret in the admin UI. They should be available via clicking the secret (because there are times you need to be able to copy/paste them) but not fully visible by default.
Would need to do this both on the edit and view screen.
Alternatives/workarounds
Limit access to the application config screen.
Additional context
Came up on a customer call.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.