Page MenuHomePhabricator

Hide OAuth server secrets behind "Show Secret" to defuse screenshot/over-the-shoulder leaks
Closed, ResolvedPublic

Description

Currently, we show OAuth server secrets in cleartext. It would be nice to put these behind a "Show Secret" link or action, maybe similar to how Passphrase works, to make it harder to accidentally disclose the secret in a screenshot or by having someone read it or / take a photo over your shoulder.

This is a very minor risk, but is consistent with how other OAuth servers I've seen work.

Event Timeline

epriestley raised the priority of this task from to Low.
epriestley updated the task description. (Show Details)
epriestley added projects: OAuthServer, Security.
epriestley added subscribers: epriestley, btrahan.

This is actually a blocker (for launch, not blocking anything in the short term) because the view policy is always "All Users", and you only need View to see the secret. We should modernize the application:

  • Add a proper CAN_VIEW policy, and require users to be able to view the application to log in with it.
  • Put the secret behind a link/action (original task).
  • Add a proper CAN_EDIT policy, and require it to see the secret.

Then I can set CAN_VIEW to "Members of instance X" and CAN_EDIT to the instance-client bot and we're in good shape.

I figure I'll toss this on my queue, though I want to do other things first.