Because Miniflux runs as a confidential service, a missing client secret is a mistake in configuration. An empty client secret appears to be valid per RFC 6749 (and is in fact the default set by Miniflux!), so we log a warning.
@@ -39,5 +39,9 @@ func NewManager(ctx context.Context, clientID, clientSecret, redirectURL, oidcDi
}
+ if clientSecret == "" {
+ slog.Warn("OIDC client secret is empty or missing.")
+ }
+
return m
Tali Auster