fix: log warning on an empty client secret · b3d385861f - Gogs

fix: log warning on an empty client secret

Because Miniflux runs as a confidential service, a missing client secret
is a mistake in configuration. An empty client secret appears to be
valid per RFC 6749 (and is in fact the default set by Miniflux!), so we
log a warning.

Tali Auster 1 year ago

parent

cc5a8fa4b3

commit

b3d385861f

1 changed files with 4 additions and 0 deletions

Split View Show Diff Stats

						
							+ 4
							
							- 0
						
internal/oauth2/manager.go
							 
								View File
							
				@@ -39,5 +39,9 @@ func NewManager(ctx context.Context, clientID, clientSecret, redirectURL, oidcDi
			
				 		}
			
				 	}
			
				+	if clientSecret == "" {
			
				+		slog.Warn("OIDC client secret is empty or missing.")
			
				+	}
			
				+
			
				 	return m
			
				 }