1
0
forked from baron/baron-sso

Server side app 클라이언트 키 표시

This commit is contained in:
2026-05-13 11:24:28 +09:00
parent b9a351ca59
commit 498fdd802c
3 changed files with 45 additions and 20 deletions

View File

@@ -39,6 +39,7 @@ import {
import { t } from "../../lib/i18n"; import { t } from "../../lib/i18n";
import { cn } from "../../lib/utils"; import { cn } from "../../lib/utils";
import { ClientDetailTabs } from "./ClientDetailTabs"; import { ClientDetailTabs } from "./ClientDetailTabs";
import { canDisplayClientSecret } from "./clientSecretPolicy";
function ClientDetailsPage() { function ClientDetailsPage() {
const params = useParams(); const params = useParams();
@@ -175,7 +176,6 @@ function ClientDetailsPage() {
} }
const client = data?.client; const client = data?.client;
const isHeadlessLogin = client?.metadata?.headless_login_enabled === true;
if (!client) { if (!client) {
return null; return null;
} }
@@ -214,18 +214,13 @@ function ClientDetailsPage() {
}, },
]; ];
const hasClientSecret = client.type === "private" && !isHeadlessLogin; const hasClientSecret = canDisplayClientSecret(client);
const secretPlaceholder = "SECRET_NOT_AVAILABLE"; const secretPlaceholder = "SECRET_NOT_AVAILABLE";
const clientSecret = hasClientSecret const clientSecret = hasClientSecret
? client?.clientSecret || secretPlaceholder ? client?.clientSecret || secretPlaceholder
: t("ui.common.na", "N/A"); : t("ui.common.na", "N/A");
const displaySecret = !hasClientSecret const displaySecret = !hasClientSecret
? isHeadlessLogin
? t( ? t(
"msg.dev.clients.details.secret_not_applicable_headless",
"이 앱은 Headless Login용 signed key 인증을 사용하므로 Client Secret을 사용하지 않습니다.",
)
: t(
"msg.dev.clients.details.secret_not_applicable", "msg.dev.clients.details.secret_not_applicable",
"PKCE 앱에는 Client Secret이 없습니다.", "PKCE 앱에는 Client Secret이 없습니다.",
) )
@@ -400,12 +395,7 @@ function ClientDetailsPage() {
</div> </div>
{!hasClientSecret ? ( {!hasClientSecret ? (
<p className="mt-2 text-sm text-muted-foreground"> <p className="mt-2 text-sm text-muted-foreground">
{isHeadlessLogin {t(
? t(
"msg.dev.clients.details.secret_not_applicable_headless",
"이 앱은 Headless Login용 signed key 인증을 사용하므로 Client Secret을 사용하지 않습니다.",
)
: t(
"msg.dev.clients.details.secret_not_applicable", "msg.dev.clients.details.secret_not_applicable",
"PKCE 앱에는 Client Secret이 없습니다.", "PKCE 앱에는 Client Secret이 없습니다.",
)} )}

View File

@@ -0,0 +1,28 @@
import { describe, expect, it } from "vitest";
import { canDisplayClientSecret } from "./clientSecretPolicy";
describe("client secret policy", () => {
it("allows client secret display for server-side apps", () => {
expect(
canDisplayClientSecret({
type: "private",
}),
).toBe(true);
});
it("still allows client secret display for server-side apps even when headless login is enabled in metadata", () => {
expect(
canDisplayClientSecret({
type: "private",
}),
).toBe(true);
});
it("does not allow client secret display for PKCE apps", () => {
expect(
canDisplayClientSecret({
type: "pkce",
}),
).toBe(false);
});
});

View File

@@ -0,0 +1,7 @@
type ClientSecretPolicyTarget = {
type: string;
};
export function canDisplayClientSecret(client: ClientSecretPolicyTarget) {
return client.type === "private";
}