Skip to content

[Bug]: /api/applications/home includes the App Client Secret #1453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
meretrout opened this issue Jan 21, 2025 · 3 comments
Closed
1 task done

[Bug]: /api/applications/home includes the App Client Secret #1453

meretrout opened this issue Jan 21, 2025 · 3 comments
Assignees
@dragonpoo
Labels
API-Service Backend Java Spring for the Lowcoder API Bug Something isn't working

Comments

@meretrout
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I have setup a Generic OAuth Provider using Azure. I noticed that the Client Secret is shown on /api/applications/home

Expected Behavior

This is an unnecessary security risk.

Steps to reproduce

Setup Generic OAuth Provider using Azure.

Environment

Clean install of 2.5.3 running in an all-in-one Docker container.

Additional Information

No response
@meretrout meretrout changed the title [Bug]: /api/applications/home includes includes the App Client Secret [Bug]: /api/applications/home includes the App Client Secret Jan 21, 2025
@FalkWolsky FalkWolsky added Bug Something isn't working API-Service Backend Java Spring for the Lowcoder API labels Jan 21, 2025
@FalkWolsky FalkWolsky moved this to 🆕 New in Lowcoder Jan 21, 2025
@dragonpoo
Copy link
Collaborator

Can you attach a screenshot here? @meretrout

@meretrout
Copy link
Author

meretrout commented Jan 24, 2025
edited
Loading

Here you go @dragonpoo

Image

It shows the client secrets of the Azure and Google oauth apps.

dragonpoo added a commit that referenced this issue Jan 28, 2025
@dragonpoo
#1453: Remove client secret from /home api
6b1be52
@adnanqaops
Copy link
Collaborator

This has been fixed and released in V2.6.1 . So, closing out this ticket.

@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Lowcoder Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dragonpoo dragonpoo

Labels
API-Service Backend Java Spring for the Lowcoder API Bug Something isn't working
Projects
Lowcoder
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@FalkWolsky @dragonpoo @meretrout @adnanqaops