Open jordan0day opened 1 month ago
I can confirm that removing the opts here fixes the issue. I guess the goal is to be able to easily pass options to the client downstream to the Tesla adapter. However, as @jordan0day suggests, we should probably remove the unnecessary attributes. I'm happy to open a pull request if you have any thoughts.
Looking through application logs today, I noticed that I was seeing some log messages like:
and
[notice] Invalid option {client_secret,<<"...snipped...">} ignored
.It appears these log messages are coming from
httpc
, which is the default HTTP client used in theOAuth2.Request
module (viaTesla.Adapter.Httpc
).These are cropping up as part of the
handle_callback!
flow, duringfetch_user/2
.In
fetch_user/2
, it looks like we're loading up all the oauth config options (viaadd_oauth_options/1
) and passing them through as-is ever since #23. Maybe these more-sensitive options should be getting stripped out before being passed-along inUeberauth.Strategy.Okta.Oauth.get_user_info/2
? (Or maybeopts
doesn't need to be passed along at all toClient.get/4
, as the opts were already used to initalize the client?)