From 401eac814f1eadc6065d28050912749ee111a3c5 Mon Sep 17 00:00:00 2001 From: Garrett Ladley <92384606+garrettladley@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:35:00 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20chore:=20remove=20client=20secre?= =?UTF-8?q?t=20from=20msft=20oauth=20token=20request=20(#1045)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/config/oauth_microsoft.go | 9 +-------- backend/integrations/oauth/soth/msft/msft.go | 9 +++------ backend/server/server.go | 2 +- config/.env.template | 1 - 4 files changed, 5 insertions(+), 16 deletions(-) diff --git a/backend/config/oauth_microsoft.go b/backend/config/oauth_microsoft.go index 011b9dda..f1c14012 100644 --- a/backend/config/oauth_microsoft.go +++ b/backend/config/oauth_microsoft.go @@ -13,8 +13,7 @@ type MicrosoftOAuthSettings struct { } type intermediateMicrosoftOAuthSetting struct { - Key string `env:"KEY"` - Secret string `env:"SECRET"` + Key string `env:"KEY"` } func (i *intermediateMicrosoftOAuthSetting) into() (*MicrosoftOAuthSettings, error) { @@ -23,14 +22,8 @@ func (i *intermediateMicrosoftOAuthSetting) into() (*MicrosoftOAuthSettings, err return nil, err } - secretSecret, err := m.NewSecret(i.Secret) - if err != nil { - return nil, err - } - return &MicrosoftOAuthSettings{ Key: secretKey, - Secret: secretSecret, Tenant: tenantID, }, nil } diff --git a/backend/integrations/oauth/soth/msft/msft.go b/backend/integrations/oauth/soth/msft/msft.go index d7732160..624b1ce3 100644 --- a/backend/integrations/oauth/soth/msft/msft.go +++ b/backend/integrations/oauth/soth/msft/msft.go @@ -31,10 +31,9 @@ var defaultScopes = []string{"openid", "offline_access", "user.read", "calendars // New creates a new microsoftonline Provider, and sets up important connection details. // You should always call `msft.New` to get a new Provider. Never try to create // one manually. -func New(clientKey *m.Secret[string], secret *m.Secret[string], callbackURL string, tenant string, scopes ...string) *Provider { +func New(clientKey *m.Secret[string], callbackURL string, tenant string, scopes ...string) *Provider { p := &Provider{ ClientKey: clientKey, - Secret: secret, CallbackURL: callbackURL, ProviderName: "microsoftonline", tenant: tenant, @@ -47,7 +46,6 @@ func New(clientKey *m.Secret[string], secret *m.Secret[string], callbackURL stri // Provider is the implementation of `soth.Provider` for accessing microsoftonline. type Provider struct { ClientKey *m.Secret[string] - Secret *m.Secret[string] CallbackURL string config *oauth2.Config ProviderName string @@ -138,9 +136,8 @@ func newConfig(provider *Provider, scopes []string) *oauth2.Config { } c := &oauth2.Config{ - ClientID: provider.ClientKey.Expose(), - ClientSecret: provider.Secret.Expose(), - RedirectURL: provider.CallbackURL, + ClientID: provider.ClientKey.Expose(), + RedirectURL: provider.CallbackURL, Endpoint: oauth2.Endpoint{ AuthURL: authURL, TokenURL: tokenURL, diff --git a/backend/server/server.go b/backend/server/server.go index 3896d0f9..76bdf3a9 100644 --- a/backend/server/server.go +++ b/backend/server/server.go @@ -58,7 +58,7 @@ func Init(db *gorm.DB, stores *store.Stores, integrations integrations.Integrati applicationURL := settings.Application.ApplicationURL() - msftProvider := msft.New(settings.Microsft.Key, settings.Microsft.Secret, fmt.Sprintf("%s/api/v1/auth/microsoftonline/callback", applicationURL), settings.Microsft.Tenant) + msftProvider := msft.New(settings.Microsft.Key, fmt.Sprintf("%s/api/v1/auth/microsoftonline/callback", applicationURL), settings.Microsft.Tenant) googProvider := goog.New(settings.Google.Key, settings.Google.Secret, fmt.Sprintf("%s/api/v1/auth/google/callback", applicationURL)) authMiddleware := authMiddleware.New( diff --git a/config/.env.template b/config/.env.template index 03def4f2..542b2a0d 100644 --- a/config/.env.template +++ b/config/.env.template @@ -50,6 +50,5 @@ SAC_GOOGLE_OAUTH_SECRET=GOOGLE_OAUTH_CLIENT_SECRET SAC_GOOGLE_API_KEY=GOOGLE_API_KEY SAC_MICROSOFT_OAUTH_KEY=test -SAC_MICROSOFT_OAUTH_SECRET=test SAC_SEARCH_URI="http://127.0.0.1:9200" \ No newline at end of file