search

wso2 / carbon-apimgt

Apache License 2.0
166 stars 626 forks source link

Remove the Client Secret View option in OAUTH2 Endpoint security #12312

Closed shnrndk closed 6 months ago

shnrndk commented 7 months ago

Problem

For both Basic and digest auth, the password cant be seen by anyone who has access. But in case of OAuth 2.0, if the API is public, all the users can see the masked client secret by clicking on view option, which is not available for passwords.

Approach

Handled in the password scenario in Basic and Digest Authentication and used a similar approach for the clientSecret of OAuth secured endpoints.

codecov[bot] commented 6 months ago

Codecov Report

Attention: Patch coverage is 50.00000% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 44.43%. Comparing base (a5ceb8b) to head (b510103). Report is 13 commits behind head on master.

Files Patch % Lines
...i/publisher/v1/common/mappings/APIMappingUtil.java 50.00% 2 Missing and 2 partials :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #12312 +/- ## ============================================ - Coverage 47.25% 44.43% -2.83% + Complexity 4216 3816 -400 ============================================ Files 1869 1869 Lines 138187 138200 +13 Branches 19995 20000 +5 ============================================ - Hits 65304 61410 -3894 - Misses 65136 69332 +4196 + Partials 7747 7458 -289 ``` | [Flag](https://app.codecov.io/gh/wso2/carbon-apimgt/pull/12312/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=wso2) | Coverage Δ | | |---|---|---| | [integration_tests](https://app.codecov.io/gh/wso2/carbon-apimgt/pull/12312/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=wso2) | `38.78% <50.00%> (-3.19%)` | :arrow_down: | | [unit_tests](https://app.codecov.io/gh/wso2/carbon-apimgt/pull/12312/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=wso2) | `20.11% <0.00%> (+<0.01%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=wso2#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

tharikaGitHub commented 6 months ago

Merging as the test failure will be fixed with https://github.com/wso2/product-apim/pull/13466