search

indigo-iam / iam

INDIGO Identity and Access Management Service
https://indigo-iam.github.io/
Other
102 stars 43 forks source link

Reset the client secret when the authentication is set to none #676

Closed federicaagostini closed 9 months ago

federicaagostini commented 10 months ago

When a clients is public (i.e. the "Token endpoint authentication method" box is checked to No authentication) the secret was still present in the db and a token request was resulting in a "Bad credentials" response.

Now the secret is set to null when the client is public and no more authentication is required at the token endpoint.

sonarcloud[bot] commented 9 months ago

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

60.0% 60.0% Coverage
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

enricovianello commented 9 months ago

Replaced by #677