Fix Callback URL for staging and prod environments #4533
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting
codex-rs/login/src/server.rs
Outdated
| let client = reqwest::Client::new(); | ||
| let url = format!("{issuer}/oauth/token"); | ||
| eprintln!( | ||
| "SRK_SBG: url: {url}, redirect_uri: {redirect_uri}, client_id: {client_id}, code: {code}, code_verifier: {}", | ||
| pkce.code_verifier |
There was a problem hiding this comment.
During token exchange the new eprintln! logs the complete authorization code and the PKCE code_verifier. Both values can be used by anyone with access to the logs to mint tokens for the user, so printing them is a security regression. The login helper should avoid logging these secrets or at minimum hide them behind a debug-only flag.
Useful? React with 👍 / 👎.
rakesh-oai
force-pushed
the
rakesh/FixCallbackUrlBugs
branch
2 times, most recently
from
70bb62a to
20d9dac
Compare
rakesh-oai
changed the title
rakesh-oai
force-pushed
the
rakesh/FixCallbackUrlBugs
branch
from
20d9dac to
ee453b3
Compare
External (non-OpenAI) Pull Request Requirements
Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed:
https://github.com/openai/codex/blob/main/docs/contributing.md
If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.