owain/MileVault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix PocketID secret wiped on re-save; log token-exchange failures
Build and push images / validate (push) Successful in 19s
Details
Build and push images / build-backend (push) Successful in 29s
Details
Build and push images / build-worker (push) Successful in 29s
Details
Build and push images / build-frontend (push) Successful in 29s
Details

Browse Source 
save_pocketid_config cleared the stored client secret whenever the form was
submitted with a blank secret field — but the UI hint says blank means "keep
existing". Re-saving config (e.g. to set the allowed group) therefore wiped the
secret and broke token exchange ("Token exchange failed"). Now a blank field
keeps the existing secret; only a non-empty value overwrites it.

Also log PocketID's actual token-endpoint response body on failure so the cause
(invalid_client, redirect_uri mismatch, etc.) is visible in backend logs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Owain Jarrett
2026-06-08 13:26:35 +01:00
parent 0dd6eba589
commit 0e18ef2291
4 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
milevault_export/backend/app/api/profile.py
+4 -2
View File
@@ -154,8 +154,10 @@ async def save_pocketid_config(
current_user.pocketid_issuer = body.issuer.rstrip("/") if body.issuer else None
if body.client_id is not None:
current_user.pocketid_client_id = body.client_id or None
if body.client_secret is not None:
current_user.pocketid_client_secret = body.client_secret or None
# Only overwrite the secret when a non-empty value is supplied; a blank
# field means "keep the existing secret" (matches the UI hint).
if body.client_secret:
current_user.pocketid_client_secret = body.client_secret
if body.allowed_group is not None:
current_user.pocketid_allowed_group = body.allowed_group.strip() or None
await db.commit()