Open dansailer opened 2 years ago
Hi @dansailer thanks for reporting this, and thank you for providing possible solution!
We'll try to investigate this a bit deeper when possible, but indeed this weird behavior should also happen with any other plugins that would try to tap into the send
render purpose.
I'd encourage you to move your suggested pull request into Insomnia's pull requests and the team can follow-up with you there to try to get a fix completed and merged 👍
It would be great if someone could have a look at https://github.com/Kong/insomnia/pull/4779
Expected Behavior
The plugin receives the rendering purpose even during oauth2 token refresh and is able to render secrets accordingly
is rendered to
Actual Behavior
The client secret in oauth2 token refresh when using a plugin is rendered wrong, as it is rendered without the
RenderPurpose
set tosend
. A security aware plugin that only wants to render an actual secret when going over the wire, can therefore not be used for client secret.is rendered to
Reproduction Steps
Is there an existing issue for this?
Additional Information
Possible quickfix solution is to add optional parameter for RenderPurpose to
use-nunjucks.ts
ando-auth-2-auth.tsx
https://github.com/dansailer/insomnia/pull/1/files
Insomnia Version
2022.3.0
What operating system are you using?
macOS
Operating System Version
Windows 10 and macOS 12.3.1
Installation method
homebrew (MacOS), Installer exe (Windows)
Last Known Working Insomnia version
No response