New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Weird Client Secret behavior #1082

Closed
natt-tester opened this Issue Aug 13, 2018 · 0 comments

Comments

Projects
None yet
2 participants
@natt-tester

natt-tester commented Aug 13, 2018

Steps:

  1. Go to OpenID Connect -> Clients -> Add Client
  2. Enter "secret" as the Client Secret
  3. Complete all the required fields and click on Add
  4. Go to another menu section
  5. Go back to Clients
  6. Find the newly created client and click on their name
  7. Click on Auto-Generate Secret Key
  8. Click on Update
  9. Repeat steps 4-6
  10. Enter "secret" as the Client secret and click on Update
  11. Repeat steps 4-6 and check the value of the Client Secret

Expected: The CS is "secret"
Actual: The CS is a randomly generated string when you first check it after the creation. If you want to make a token call with the set "secret", it fails with 401.
Also, afterwards when I changed the CS to "secret" using the Change Client Secret button and clicked on Set Password, the field in the form was cleared.

@natt-tester natt-tester added the bug label Aug 13, 2018

@natt-tester natt-tester added this to the 3.1.4 milestone Aug 13, 2018

@earezki earezki self-assigned this Aug 15, 2018

earezki added a commit to earezki/oxTrust that referenced this issue Aug 16, 2018

earezki added a commit to earezki/oxTrust that referenced this issue Aug 16, 2018

yurem added a commit that referenced this issue Aug 17, 2018

yurem added a commit that referenced this issue Aug 17, 2018

@earezki earezki closed this Aug 17, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment