Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie adapter does not use client secret passed in AuthHandlerParams or AppSessionCookieStoreFactoryParams #47

Open
dovca opened this issue Oct 16, 2024 · 0 comments
Open

Cookie adapter does not use client secret passed in AuthHandlerParams or AppSessionCookieStoreFactoryParams #47

dovca opened this issue Oct 16, 2024 · 0 comments

Comments

@dovca
Copy link

dovca commented Oct 16, 2024
edited
Loading

Describe the bug
Although clientSecret is a required property in AuthHandlerParams and is internally available, cookie adapter in createCookieAdapter still takes its own value from process.env['CLIENT_SECRET']. This is unusable, when the environment variable needs to have a different name or come from a different source.

To Reproduce
Steps to reproduce the behavior:

  1. Leave the CLIENT_SECRET env variable undefined
  2. Pass a clientSecret to getSessionStore as a constant string
  3. Call getSessionStore
  4. Session token fails to verify inside cookie adapter because process.env['CLIENT_SECRET'] is undefined

Expected behavior
The cookie adapter can take the client secret from the params passed to getSessionStore(params)

Additional context
Pull request will be provided.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dovca