Page MenuHomePhabricator

Client secret shared between clients
Closed, ResolvedPublic3 Estimated Story Points

Description

Expected behavior

  1. Clients created via the experimental create client endpoint do not share client secrets.
  2. Resetting the client secret changes the value.

Observed behavior

  1. At least four of clients I created via the endpoint have the same client secret.
  2. Resetting the secret does not change the value.

Event Timeline

apaskulin raised the priority of this task from Medium to High.Oct 5 2020, 3:00 PM
Helga_sf set the point value for this task to 3.Oct 6 2020, 10:18 AM

Change 632974 had a related patch set uploaded (by Art.tsymbar; owner: arttsymbar):
[mediawiki/extensions/WikimediaApiPortalOAuth@master] Adding ":" to Client secret label (visible after a Client created) in Client creation popup.

https://gerrit.wikimedia.org/r/632974

Change 632974 merged by jenkins-bot:
[mediawiki/extensions/WikimediaApiPortalOAuth@master] Adding ":" to Client secret label (visible after a Client created) in Client creation popup.

https://gerrit.wikimedia.org/r/632974

Change 633551 had a related patch set uploaded (by Art.tsymbar; owner: arttsymbar):
[mediawiki/extensions/OAuth@master] Making Client secret visible.

https://gerrit.wikimedia.org/r/633551

Change 633551 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Making Client secret visible after a Client created.

https://gerrit.wikimedia.org/r/633551

Verified on beta. Thanks, Art!