Closed pranavkm closed 6 years ago
cc @dougbu \ @blowdart
Nothing about this is specific to the GitHub receiver. For example, one common receiver configuration is to simply stick the secret key into a code
query parameter. The secret key must be 32 to 128 characters long in that case.
We should remove the maximums everywhere except perhaps for the Salesforce receiver. In that one case, the sender provides the secret key and the limit ensures it was copied from the right spot. ("Perhaps" because I'm not sure that check is worthwhile either.)
Get rid of limit on thingie in our configuration store…
Realized (after staring at Identity's StoreOptions.MaxLengthForKeys
a bit) there is a good reason to limit the size of secret keys in a WebHooks application. The keys are stored in IConfiguration
and configuration stores may certainly include (say) a SQL database.
New idea: Instead of removing the maximum secret key length entirely, make the maximum a public
property (somewhere) or perhaps add our first WebHookOptions
property.
@blowdart do you have a preference on how this setting would be exposed?
Updated previous comment. Since user has control of the secret keys they use and the corresponding SQL schema, database restrictions are not a good reason to keep the maximum length restrictions.
30897e047f
We limit it to 128 characters. There really isn't a good reason to have a max limit.