Remove passage of private key to auth - it shouldn't be necessary wit…

…h PKCE. Revisit if we switch to the JWT method.
GSA-TTS · Aug 9, 2024 · 6b9008b · 6b9008b
1 parent 43c274b
commit 6b9008b
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/apps/server-doj/src/server.ts b/apps/server-doj/src/server.ts
@@ -14,24 +14,25 @@ export const createCustomServer = async (): Promise<any> => {
   );
   const db = createDatabaseGateway(dbCtx);
 
-  const secrets = getServerSecrets();
   return createServer({
     title: 'DOJ Form Service',
     db,
     loginGovOptions: {
       loginGovUrl: 'https://idp.int.identitysandbox.gov',
       clientId:
         'urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:tts-10x-atj-dev-server-doj',
-      clientSecret: secrets.loginGovClientSecret,
+      clientSecret: '', // secrets.loginGovClientSecret,
     },
   });
 };
 
-export const getServerSecrets = () => {
+/*
+const getServerSecrets = () => {
   const services = JSON.parse(process.env.VCAP_SERVICES || '{}');
   const loginClientSecret =
     services['user-provided']?.credentials?.SECRET_LOGIN_GOV_PRIVATE_KEY;
   return {
     loginGovClientSecret: loginClientSecret,
   };
 };
+*/
diff --git a/apps/server-kansas/src/server.ts b/apps/server-kansas/src/server.ts
@@ -14,24 +14,25 @@ export const createCustomServer = async (): Promise<any> => {
   );
   const db = createDatabaseGateway(dbCtx);
 
-  const secrets = getServerSecrets();
   return createServer({
     title: 'KS Courts Form Service',
     db,
     loginGovOptions: {
       loginGovUrl: 'https://idp.int.identitysandbox.gov',
       clientId:
         'urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:tts-10x-atj-dev-server-doj',
-      clientSecret: secrets.loginGovClientSecret,
+      clientSecret: '', // secrets.loginGovClientSecret,
     },
   });
 };
 
-export const getServerSecrets = () => {
+/*
+const getServerSecrets = () => {
   const services = JSON.parse(process.env.VCAP_SERVICES || '{}');
   const loginClientSecret =
     services['user-provided']?.credentials?.SECRET_LOGIN_GOV_PRIVATE_KEY;
   return {
     loginGovClientSecret: loginClientSecret,
   };
 };
+*/
diff --git a/packages/auth/src/provider.ts b/packages/auth/src/provider.ts
@@ -66,7 +66,7 @@ export class LoginGov implements OAuth2ProviderWithPKCE {
         code,
         {
           authenticateWith: 'request_body',
-          credentials: this.clientSecret,
+          //credentials: this.clientSecret,
           codeVerifier,
         }
       );