I was surprised that the Secret field (The client secret registered on the provider) is a plain text field in Admin / Other / Entra ID section. Yes, that page is only available to admins but even then App secrets should be handled very carefully. Shouldn’t it at least use a password field?
Hi @tjhvx !
Please note that this forum is only for questions related to the org related subjects.
Your question is about the Entra ID Application developed by XWikiSAS. You can report a ticket directly on the github repo GitHub - xwikisas/integration-azure-oauth: MicroSoft Azure Active Directory Single Sign-On (SSO) or send a request to support@xwiki.com . You will receive a response easier like this
Thanks Oana-Lavinia. I’ve sent an email to support.
1 Like