Add clients.[].client_secret_file config option

2025-08-04 19:09:16 +02:00
parent 3f562684db
commit dd040220db
4 changed files with 167 additions and 65 deletions
--- a/docs/config.schema.json
+++ b/docs/config.schema.json
@@ -243,10 +243,6 @@
          "description": "Name of the `OAuth2` client",
          "type": "string"
        },
-        "client_secret": {
-          "description": "The client secret, used by the `client_secret_basic`, `client_secret_post` and `client_secret_jwt` authentication methods",
-          "type": "string"
-        },
        "jwks": {
          "description": "The JSON Web Key Set (JWKS) used by the `private_key_jwt` authentication method. Mutually exclusive with `jwks_uri`",
          "allOf": [
@@ -267,6 +263,14 @@
            "type": "string",
            "format": "uri"
          }
+        },
+        "client_secret_file": {
+          "description": "Path to the file containing the client secret. The client secret is used by the `client_secret_basic`, `client_secret_post` and `client_secret_jwt` authentication methods.",
+          "type": "string"
+        },
+        "client_secret": {
+          "description": "Alternative to `client_secret_file`: Reads the client secret directly from the config.",
+          "type": "string"
        }
      }
    },
--- a/docs/reference/configuration.md
+++ b/docs/reference/configuration.md
@@ -170,7 +170,8 @@ clients:
  # Confidential client
  - client_id: 000000000000000000000FIRST
    client_auth_method: client_secret_post
-    client_secret: secret
+    client_secret_file: secret
+    # OR client_secret: c1!3n753c237
    # List of authorized redirect URIs
    redirect_uris:
      - http://localhost:1234/callback