forked from baron/baron-sso
Server side app 클라이언트 키 표시
This commit is contained in:
@@ -39,6 +39,7 @@ import {
|
|||||||
import { t } from "../../lib/i18n";
|
import { t } from "../../lib/i18n";
|
||||||
import { cn } from "../../lib/utils";
|
import { cn } from "../../lib/utils";
|
||||||
import { ClientDetailTabs } from "./ClientDetailTabs";
|
import { ClientDetailTabs } from "./ClientDetailTabs";
|
||||||
|
import { canDisplayClientSecret } from "./clientSecretPolicy";
|
||||||
|
|
||||||
function ClientDetailsPage() {
|
function ClientDetailsPage() {
|
||||||
const params = useParams();
|
const params = useParams();
|
||||||
@@ -175,7 +176,6 @@ function ClientDetailsPage() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const client = data?.client;
|
const client = data?.client;
|
||||||
const isHeadlessLogin = client?.metadata?.headless_login_enabled === true;
|
|
||||||
if (!client) {
|
if (!client) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@@ -214,18 +214,13 @@ function ClientDetailsPage() {
|
|||||||
},
|
},
|
||||||
];
|
];
|
||||||
|
|
||||||
const hasClientSecret = client.type === "private" && !isHeadlessLogin;
|
const hasClientSecret = canDisplayClientSecret(client);
|
||||||
const secretPlaceholder = "SECRET_NOT_AVAILABLE";
|
const secretPlaceholder = "SECRET_NOT_AVAILABLE";
|
||||||
const clientSecret = hasClientSecret
|
const clientSecret = hasClientSecret
|
||||||
? client?.clientSecret || secretPlaceholder
|
? client?.clientSecret || secretPlaceholder
|
||||||
: t("ui.common.na", "N/A");
|
: t("ui.common.na", "N/A");
|
||||||
const displaySecret = !hasClientSecret
|
const displaySecret = !hasClientSecret
|
||||||
? isHeadlessLogin
|
|
||||||
? t(
|
? t(
|
||||||
"msg.dev.clients.details.secret_not_applicable_headless",
|
|
||||||
"이 앱은 Headless Login용 signed key 인증을 사용하므로 Client Secret을 사용하지 않습니다.",
|
|
||||||
)
|
|
||||||
: t(
|
|
||||||
"msg.dev.clients.details.secret_not_applicable",
|
"msg.dev.clients.details.secret_not_applicable",
|
||||||
"PKCE 앱에는 Client Secret이 없습니다.",
|
"PKCE 앱에는 Client Secret이 없습니다.",
|
||||||
)
|
)
|
||||||
@@ -400,12 +395,7 @@ function ClientDetailsPage() {
|
|||||||
</div>
|
</div>
|
||||||
{!hasClientSecret ? (
|
{!hasClientSecret ? (
|
||||||
<p className="mt-2 text-sm text-muted-foreground">
|
<p className="mt-2 text-sm text-muted-foreground">
|
||||||
{isHeadlessLogin
|
{t(
|
||||||
? t(
|
|
||||||
"msg.dev.clients.details.secret_not_applicable_headless",
|
|
||||||
"이 앱은 Headless Login용 signed key 인증을 사용하므로 Client Secret을 사용하지 않습니다.",
|
|
||||||
)
|
|
||||||
: t(
|
|
||||||
"msg.dev.clients.details.secret_not_applicable",
|
"msg.dev.clients.details.secret_not_applicable",
|
||||||
"PKCE 앱에는 Client Secret이 없습니다.",
|
"PKCE 앱에는 Client Secret이 없습니다.",
|
||||||
)}
|
)}
|
||||||
|
|||||||
28
devfront/src/features/clients/clientSecretPolicy.test.ts
Normal file
28
devfront/src/features/clients/clientSecretPolicy.test.ts
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
import { describe, expect, it } from "vitest";
|
||||||
|
import { canDisplayClientSecret } from "./clientSecretPolicy";
|
||||||
|
|
||||||
|
describe("client secret policy", () => {
|
||||||
|
it("allows client secret display for server-side apps", () => {
|
||||||
|
expect(
|
||||||
|
canDisplayClientSecret({
|
||||||
|
type: "private",
|
||||||
|
}),
|
||||||
|
).toBe(true);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("still allows client secret display for server-side apps even when headless login is enabled in metadata", () => {
|
||||||
|
expect(
|
||||||
|
canDisplayClientSecret({
|
||||||
|
type: "private",
|
||||||
|
}),
|
||||||
|
).toBe(true);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("does not allow client secret display for PKCE apps", () => {
|
||||||
|
expect(
|
||||||
|
canDisplayClientSecret({
|
||||||
|
type: "pkce",
|
||||||
|
}),
|
||||||
|
).toBe(false);
|
||||||
|
});
|
||||||
|
});
|
||||||
7
devfront/src/features/clients/clientSecretPolicy.ts
Normal file
7
devfront/src/features/clients/clientSecretPolicy.ts
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
type ClientSecretPolicyTarget = {
|
||||||
|
type: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export function canDisplayClientSecret(client: ClientSecretPolicyTarget) {
|
||||||
|
return client.type === "private";
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user