SharepointToolbox-Web

kawa/SharepointToolbox-Web

Fork 0

Commit Graph

Author	SHA1	Message	Date
kawa	0a0c59319f	Make Entra app-registration flow secretless (public PKCE) The register flow exchanged the auth code as a confidential client (Oidc:ClientId + Oidc:ClientSecret), requiring a pre-provisioned backing app with a secret. Drop client_secret from the exchange so it uses PKCE only — the backing app is now a public client and no secret touches the client-tenant register/connect flows. The toolbox's own OIDC sign-in still uses Oidc:ClientSecret (unchanged). Also enable user-secrets (UserSecretsId) so Oidc config stays out of the committed appsettings.json. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-02 11:29:19 +02:00
kawa	d19092c84e	Initial commit	2026-06-02 10:56:03 +02:00

Author

SHA1

Message

Date

kawa

0a0c59319f

Make Entra app-registration flow secretless (public PKCE)

The register flow exchanged the auth code as a confidential client
(Oidc:ClientId + Oidc:ClientSecret), requiring a pre-provisioned
backing app with a secret. Drop client_secret from the exchange so it
uses PKCE only — the backing app is now a public client and no secret
touches the client-tenant register/connect flows.

The toolbox's own OIDC sign-in still uses Oidc:ClientSecret (unchanged).

Also enable user-secrets (UserSecretsId) so Oidc config stays out of
the committed appsettings.json.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-02 11:29:19 +02:00

kawa

d19092c84e

Initial commit

2026-06-02 10:56:03 +02:00

2 Commits