mirror of
https://github.com/rclone/rclone.git
synced 2025-01-03 12:59:32 +01:00
oauthutil: clear client secret if client ID is set
When an external OAuth flow is being used (i.e. a client ID and an OAuth token are set in the config), a client secret should not be set. If one is, the server may reject a token refresh attempt. But there's no way to clear out a backend's default client secret via configuration, since empty-string config values are ignored. So instead, when a client ID is set, we should clear out any default client secret, since it wouldn't apply anyway.
This commit is contained in:
parent
5b8cdaff39
commit
cd76fd9219
@ -376,6 +376,9 @@ func overrideCredentials(name string, m configmap.Mapper, origConfig *oauth2.Con
|
|||||||
ClientID, ok := m.Get(config.ConfigClientID)
|
ClientID, ok := m.Get(config.ConfigClientID)
|
||||||
if ok && ClientID != "" {
|
if ok && ClientID != "" {
|
||||||
newConfig.ClientID = ClientID
|
newConfig.ClientID = ClientID
|
||||||
|
// Clear out any existing client secret since the ID changed.
|
||||||
|
// (otherwise it's impossible for a config to clear the secret)
|
||||||
|
newConfig.ClientSecret = ""
|
||||||
changed = true
|
changed = true
|
||||||
}
|
}
|
||||||
ClientSecret, ok := m.Get(config.ConfigClientSecret)
|
ClientSecret, ok := m.Get(config.ConfigClientSecret)
|
||||||
|
Loading…
Reference in New Issue
Block a user