Skip to content

Commit 3abfcc1

Browse files
fix: reject clientSecret without clientId to prevent wrong-tenant data
If clientSecret (license key) is set without clientId, the SDK would silently use 'community' as the tenant identity. All data would be stored under the wrong tenant, causing data loss on upgrade when clientId is eventually set correctly.
1 parent b5c9c9f commit 3abfcc1

1 file changed

Lines changed: 11 additions & 0 deletions

File tree

src/main/java/com/getaxonflow/sdk/AxonFlow.java

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,17 @@ public final class AxonFlow implements Closeable {
133133

134134
private AxonFlow(AxonFlowConfig config) {
135135
this.config = Objects.requireNonNull(config, "config cannot be null");
136+
137+
// Reject clientSecret without clientId — licensed mode must specify tenant
138+
if (config.getClientSecret() != null
139+
&& !config.getClientSecret().isEmpty()
140+
&& (config.getClientId() == null || config.getClientId().isEmpty())) {
141+
throw new ConfigurationException(
142+
"clientId is required when clientSecret is set. "
143+
+ "Set clientId to your tenant identity to avoid data being stored under the wrong tenant.",
144+
"clientId");
145+
}
146+
136147
this.httpClient = HttpClientFactory.create(config);
137148
this.objectMapper = createObjectMapper();
138149
this.retryExecutor = new RetryExecutor(config.getRetryConfig());

0 commit comments

Comments
 (0)