fix(admin-api): omit clientSecret from getConfig response for security & add OIDC scope.

2025-05-08 11:39:44 -04:00
parent 8c70783d5a
commit 2f391d11db
6 changed files with 148 additions and 129 deletions
--- a/public/js/auth.js
+++ b/public/js/auth.js
@@ -23,8 +23,8 @@ import { initializeApp } from './main.js';
 // Production OIDC configuration (override via API as needed)
 const currentOIDCConfig = {
  providerUrl: "https://your-oidc-provider.com",
-  clientId: "YOUR_CLIENT_ID",
-  clientSecret: "YOUR_CLIENT_SECRET",
+  clientId: "",
+  clientSecret: "",
  redirectUri: "https://yourdomain.com/api/auth/auth.php?oidc=callback",
  globalOtpauthUrl: ""
 };