When creating multiple new OIDC clients via /admin/providers/openidc/admin/new the 2nd and 3rd got prefilled with information from the previously created one. That is nice.
However, it invisibly also prefilled the client_secret field that is marked as read-only in the web-UI. Thus the new credentials looked like this:
foo AmLgs62e3P3d42WUQgJgVDGo0hKwRrDA
bar AmLgs62e3P3d42WUQgJgVDGo0hKwRrDA
Even a logout+login did not help. Even switching from firefox to chromium did not help.
Because the secret field is also read-only after creation, a workaround was to
cd /usr/lib/python3.6/site-packages/ipsilon && python3 -c 'import util.security; print(util.security.generate_random_secure_string())'
to generate 3 new random secrets and
sqlite3 /var/lib/ipsilon/root/openidc.static.sqlite UPDATE client SET value="""XXX""" WHERE name="foo" AND option="client_secret";
It seems, an apache restart cleared the cache.
Log in to comment on this ticket.