Parameterize client secret#347
Merged
Merged
Conversation
If a non-Google authentication provider is used, the client secret stored in the OKpy database will be different from this hard-coded value which causes the ok-client to ok-server communication to fail. A work-around for this is to manually adjust the client secret in the ok-server database via the following command. ```sql UPDATE client SET client_secret='EWKtcCp5nICeYgVyCPypjs3aLORqQ3H' WHERE client_id='ok-client'; ``` However, a more long-term manageable fix is to parameterize the client secret and set it to the correct value for the authentication provider in each ok-client deployment.
Sumukh
approved these changes
Jul 10, 2018
Member
Sumukh
left a comment
Sumukh
left a comment
There was a problem hiding this comment.
Suggested a comment to make it clearer but looks good
| CLIENT_SECRET = 'EWKtcCp5nICeYgVyCPypjs3aLORqQ3H' | ||
| # However, for other authentication providers such as Azure Active Directory | ||
| # this might not be the case | ||
| CLIENT_SECRET = os.getenv('OK_CLIENT_SECRET', |
Member
There was a problem hiding this comment.
Could you make clear that this is the secret for the ok-client app on the ok service. I think that was unclear before. People can find the secret value at example.com/admin/clients/ok-client?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This issue was found by @taupalosaurus. If a non-Google authentication provider is used, the client secret stored in the OKpy database will be different from this hard-coded value which causes the ok-client to ok-server communication to fail.
A work-around for this is to manually adjust the client secret in the ok-server database via the following command.
However, a more long-term manageable fix is to parameterize the client secret and set it to the correct value for the authentication provider in each ok-client deployment.