nobodyiam
commented
1 year ago I think SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAME_VDISK_CLIENT_SECRET could be any environment variable key that contains the secret? cc @vdisk-group
Closed Shelby-Jiao closed 1 year ago
nobodyiam
commented
1 year ago I think SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAME_VDISK_CLIENT_SECRET could be any environment variable key that contains the secret? cc @vdisk-group
Shelby-Jiao
commented
1 year ago Do we need VDISK and REGISTRATION (not REGISTRATION_NAME) as well?
For instance if my config.yaml looks like as below
spring:
security:
oauth2:
client:
registration:
okta:
should it be SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENT_SECRET or SPRING_SECURITY_OAUTH2_CLIENT_OKTA_VDISK_CLIENT_SECRET?
vdiskg
commented
1 year ago Do we need
VDISKandREGISTRATION(notREGISTRATION_NAME) as well? For instance if my config.yaml looks like as below spring: security: oauth2: client: registration: okta: should it beSPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENT_SECRETorSPRING_SECURITY_OAUTH2_CLIENT_OKTA_VDISK_CLIENT_SECRET?
it should be SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENT_SECRET
vdiskg
commented
1 year ago I think
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAME_VDISK_CLIENT_SECRETcould be any environment variable key that contains the secret? cc @vdisk-group
yes, the variable contains the secret such as spring.datasource.password、spring.redis.password can also be treated like this.
how about we add jasypt to centralized protect the variable contains the secret?
描述bug refer to: https://www.apolloconfig.com/#/zh/development/portal-how-to-implement-user-login-function?id=%e5%ae%9e%e7%8e%b0%e6%96%b9%e5%bc%8f%e4%b8%89%ef%bc%9a-%e6%8e%a5%e5%85%a5oidc
spring.security.oauth2.client.registration.registration-name.client-secret -> SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAME_VDISK_CLIENT_SECRET, 其中的registration key在环境变量中并没有正确体现,直接到了后面的REGISTRATION_NAME,同时多了VDISK这个key,是否是文档错误?
复现
通过如下步骤可以复现:
期望
简介明了地描述你希望正常情况下应该发生什么
截图
如果可以,附上截图来描述你的问题
额外的细节和日志