Skip to content

Commit 73a6873

Browse files
authored
Fix IDP not having same salt/passphrase across pods (#2346)
Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
1 parent de4c08c commit 73a6873

File tree

1 file changed

+3
-7
lines changed

1 file changed

+3
-7
lines changed

pkg/auth/idp/oauth2/config.go

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ import (
2222
"crypto/sha1"
2323
"strings"
2424

25-
"github.com/minio/console/pkg/auth/utils"
25+
"github.com/minio/console/pkg/auth/token"
2626
"github.com/minio/pkg/env"
2727
"golang.org/x/crypto/pbkdf2"
2828
)
@@ -86,18 +86,14 @@ func IsIDPEnabled() bool {
8686
GetIDPClientID() != ""
8787
}
8888

89-
var defaultPassphraseForIDPHmac = utils.RandomCharString(64)
90-
9189
// GetPassphraseForIDPHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
9290
func getPassphraseForIDPHmac() string {
93-
return env.Get(ConsoleIDPHmacPassphrase, defaultPassphraseForIDPHmac)
91+
return env.Get(ConsoleIDPHmacPassphrase, token.GetPBKDFPassphrase())
9492
}
9593

96-
var defaultSaltForIDPHmac = utils.RandomCharString(64)
97-
9894
// GetSaltForIDPHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
9995
func getSaltForIDPHmac() string {
100-
return env.Get(ConsoleIDPHmacSalt, defaultSaltForIDPHmac)
96+
return env.Get(ConsoleIDPHmacSalt, token.GetPBKDFSalt())
10197
}
10298

10399
// getIDPScopes return default scopes during the IDP login request

0 commit comments

Comments
 (0)