Closed
Conversation
- Introduced a new build.sh script for region selection and OAuth login. - Added app.json to .gitignore and included manifest.json in API .gitignore. - Updated package dependencies for improved functionality. - Implemented saveOAuthToken endpoint for secure token handling. - Enhanced region configuration and API host management in constants. - Added error handling and logging improvements in auth service.
…cies - Removed redundant variables for client_id and client_secret in saveOAuthToken function. - Updated logging to use a centralized logger instead of console methods. - Removed unnecessary deletion of code_verifier from the request session. - Updated package.json to remove outdated "api" dependency.
- Modified build.sh to append '/v2/auth/save-token' to the redirect_uri. - Updated auth.service.ts to use the correct redirect_uri for token requests. - Ensured consistency in region configuration and API endpoint handling.
- Added new endpoints for retrieving app configuration and checking SSO authentication status. - Updated authentication service to handle SSO tokens and access tokens more effectively. - Enhanced error handling for SSO-related operations. - Updated UI components to support SSO login and added corresponding styles. - Refactored API service calls to accommodate new SSO logic and improved token management.
- Added logout endpoint to the authentication service for user session management. - Updated UI components to handle logout actions and provide user feedback during the process. - Enhanced error handling for SSO-related operations and improved user experience during authentication. - Introduced app.json for configuration management and updated related services to utilize this configuration. - Refactored authentication logic to streamline SSO checks and improve overall flow.
- Added app.json to the main .gitignore to prevent tracking of configuration files. - Included manifest.json in the api/.gitignore to exclude it from version control.
- Added isSSO property to the Project interface for better SSO handling. - Introduced requestWithSsoTokenRefresh utility to streamline SSO token management across services. - Updated various service methods to utilize SSO token refresh logic, improving authentication flow. - Refactored API calls in org.service.ts, migration.service.ts, and user.service.ts to support SSO. - Enhanced pagination utility to accommodate SSO token handling for paginated requests. - Updated configuration handling to prefer updated_at for OAuth token management.
- Changed default value of cmsType to 'cmsType' for clarity. - Updated localPath default to 'localPath' to standardize configuration settings.
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 25710850 | Triggered | Generic High Entropy Secret | 8fb61c2 | api/manifest.json | View secret |
| 25710851 | Triggered | Generic High Entropy Secret | 8fb61c2 | app.json | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.