#fix BOT-336: Replaced credential authorization workflow with PKCE workflow #1
Conversation
There was a problem hiding this comment.
We no longer need to have a secrets.json file unless we want to (for the Auth0 config that is set up in auth.ts.
None of the Auth0Config fields can be considered sensitive information.
| */ | ||
| private static waitForAuthCode(): Promise<{ authCode: string | null, receivedState: string | null }> { | ||
| return new Promise((resolve) => { | ||
| const server = http.createServer((req, res) => { |
There was a problem hiding this comment.
I have not been able to find an alternative approach for this. We need to somehow been able to handle the Auth0 callback. The problem with this approach is that we are creating a http server using the 3000 port (we can change it). This port may be in use in the developer (that uses this extension) machine and also we can't choose the port dynamically because the URL for the callback needs to be statically added to the applicacion in Auth0 dashboard.
There was a problem hiding this comment.
Some of the dependencies we were using had vulnerabilities according to npm. I ran npm audit fix to fix those
No description provided.