Skip to content

Commit dede00a

Browse files
premtsd-codepremtsd-code
committed
Fix OAuth provider secret field mappings
1 parent b797f38 commit dede00a

1 file changed

Lines changed: 18 additions & 4 deletions

File tree

src/Migration/Resources/Auth/OAuth2/OAuth2Provider.php

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ final class OAuth2Provider extends Resource
1919
* - target `appId` -> the provider's `{key}Appid` attribute (one per provider)
2020
* - target `secret` -> merged into the `{key}Secret` JSON blob, renamed via `key`
2121
*
22-
* Anything not listed here (clientSecret, Apple's p8File, ) is never copied,
22+
* Anything not listed here (clientSecret, Apple's p8File, etc.) is never copied,
2323
* so a secret field the server may add upstream cannot leak into a migration.
2424
*
2525
* @var array<string, array<string, array{target: string, key?: string}>>
@@ -48,13 +48,27 @@ final class OAuth2Provider extends Resource
4848
'github' => ['clientId' => ['target' => self::TARGET_APP_ID]],
4949
'gitlab' => ['clientId' => ['target' => self::TARGET_APP_ID], 'endpoint' => ['target' => self::TARGET_SECRET]],
5050
'google' => ['clientId' => ['target' => self::TARGET_APP_ID], 'prompt' => ['target' => self::TARGET_SECRET]],
51-
'keycloak' => ['clientId' => ['target' => self::TARGET_APP_ID], 'endpoint' => ['target' => self::TARGET_SECRET]],
51+
'keycloak' => [
52+
'clientId' => ['target' => self::TARGET_APP_ID],
53+
'endpoint' => ['target' => self::TARGET_SECRET, 'key' => 'keycloakDomain'],
54+
'realmName' => ['target' => self::TARGET_SECRET, 'key' => 'keycloakRealm'],
55+
],
5256
'kick' => ['clientId' => ['target' => self::TARGET_APP_ID]],
5357
'linkedin' => ['clientId' => ['target' => self::TARGET_APP_ID]],
5458
'microsoft' => ['clientId' => ['target' => self::TARGET_APP_ID], 'tenant' => ['target' => self::TARGET_SECRET]],
5559
'notion' => ['clientId' => ['target' => self::TARGET_APP_ID]],
56-
'oidc' => ['clientId' => ['target' => self::TARGET_APP_ID], 'endpoint' => ['target' => self::TARGET_SECRET]],
57-
'okta' => ['clientId' => ['target' => self::TARGET_APP_ID], 'endpoint' => ['target' => self::TARGET_SECRET]],
60+
'oidc' => [
61+
'clientId' => ['target' => self::TARGET_APP_ID],
62+
'wellKnownURL' => ['target' => self::TARGET_SECRET, 'key' => 'wellKnownEndpoint'],
63+
'authorizationURL' => ['target' => self::TARGET_SECRET, 'key' => 'authorizationEndpoint'],
64+
'tokenURL' => ['target' => self::TARGET_SECRET, 'key' => 'tokenEndpoint'],
65+
'userInfoURL' => ['target' => self::TARGET_SECRET, 'key' => 'userInfoEndpoint'],
66+
],
67+
'okta' => [
68+
'clientId' => ['target' => self::TARGET_APP_ID],
69+
'domain' => ['target' => self::TARGET_SECRET, 'key' => 'oktaDomain'],
70+
'authorizationServerId' => ['target' => self::TARGET_SECRET],
71+
],
5872
'paypal' => ['clientId' => ['target' => self::TARGET_APP_ID]],
5973
'paypalSandbox' => ['clientId' => ['target' => self::TARGET_APP_ID]],
6074
'podio' => ['clientId' => ['target' => self::TARGET_APP_ID]],

0 commit comments

Comments
 (0)