Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-316: More self-documenting reveal secret flag #591

Merged
merged 15 commits into from
Jan 10, 2023

Conversation

willvedd
Copy link
Contributor

@willvedd willvedd commented Jan 9, 2023

🔧 Changes

As noted by #488, the --reveal flag in the auth0 clients create and auth0 clients update commands is not very descriptive about what it is revealing. This PR is to make the flag more verbose to be clear about what behavior is being triggered. This is also important from a security perspective to reduce any accidental occurrences of revealing the secret unintentionally.

While this appears to be a very trivial change, it is important to get as many potential breaking changes in before the upcoming v1.0.0 release.

📚 References

Original issue: #488

🔬 Testing

No functional changes. Appropriate changes made to existing tests.

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@willvedd willvedd requested a review from a team as a code owner January 9, 2023 22:34
@@ -21,29 +21,29 @@ auth0 apps create [flags]
auth0 apps create --name myapp
auth0 apps create --name myapp --description <description>
auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m]
auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] --reveal
auth0 apps create --name myapp --description <description> --type [native|spa|regular|m2m] --reveal-client-secret
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that when passing the --json flag, the reveal flag will not only show the client secret, but the signing keys as well: https://github.com/auth0/auth0-cli/blob/v1/internal/display/apps.go#L244

Would it make sense to rename it to something a little more generic, like --reveal-secrets?

Copy link
Contributor

@sergiught sergiught Jan 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely makes sense 👍🏻 , updated in 9a0f016 (#591)

@sergiught sergiught force-pushed the DXCDT-316-more-descriptive-reveal-flag branch from 44d27bf to 9a0f016 Compare January 10, 2023 08:30
@sergiught sergiught merged commit 244dda5 into v1 Jan 10, 2023
@sergiught sergiught deleted the DXCDT-316-more-descriptive-reveal-flag branch January 10, 2023 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants