From 89b122d96922320d70e621a7695cabcca816644d Mon Sep 17 00:00:00 2001
From: Leonid Bugaev <leonsbox@gmail.com>
Date: Mon, 18 Nov 2024 16:58:53 +0300
Subject: [PATCH] Merging to release-5.7: [TT-13535/TT-13566] Make upstream
 oauth flow client secret omitempty (#6708)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[TT-13535/TT-13566] Make upstream oauth flow client secret omitempty (#6708)

### **User description**
<details open>
<summary><a href="https://tyktech.atlassian.net/browse/TT-13566"
title="TT-13566" target="_blank">TT-13566</a></summary>
  <br />
  <table>
    <tr>
      <th>Summary</th>
<td>Make upstream auth oauth password client secret not required in oas
schema</td>
    </tr>
    <tr>
      <th>Type</th>
      <td>
<img alt="Sub-task"
src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10316?size=medium"
/>
        Sub-task
      </td>
    </tr>
    <tr>
      <th>Status</th>
      <td>Ready for Testing</td>
    </tr>
    <tr>
      <th>Points</th>
      <td>N/A</td>
    </tr>
    <tr>
      <th>Labels</th>
      <td>-</td>
    </tr>
  </table>
</details>
<!--
  do not remove this marker as it will break jira-lint's functionality.
  added_by_jira_lint
-->

---

<!-- Provide a general summary of your changes in the Title above -->

## Description

Make upstream oauth flow client secret omitempty to not break when an
API is created without `clientSecret` and saved later.

## Related Issue
Parent: https://tyktech.atlassian.net/browse/TT-13535
Subtask: https://tyktech.atlassian.net/browse/TT-13566

## Motivation and Context

<!-- Why is this change required? What problem does it solve? -->

## How This Has Been Tested

<!-- Please describe in detail how you tested your changes -->
<!-- Include details of your testing environment, and the tests -->
<!-- you ran to see how your change affects other areas of the code,
etc. -->
<!-- This information is helpful for reviewers and QA. -->

## Screenshots (if appropriate)

## Types of changes

<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)

## Checklist

<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->

- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why


___

### **PR Type**
enhancement


___

### **Description**
- Updated the `ClientAuthData` struct in `apidef/api_definitions.go` to
make the `ClientSecret` field optional by adding the `omitempty` tag.
- This change prevents errors when an API is created without a
`clientSecret` and saved later.



___



### **Changes walkthrough** 📝
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
  <td>
    <details>
<summary><strong>api_definitions.go</strong><dd><code>Make
`ClientSecret` optional in OAuth client auth data</code>&nbsp; &nbsp;
&nbsp; </dd></summary>
<hr>

apidef/api_definitions.go

<li>Made <code>ClientSecret</code> field optional by adding
<code>omitempty</code> tag.<br> <li> Updated JSON and BSON tags for
<code>ClientSecret</code> to reflect optional <br>status.<br>


</details>


  </td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/6708/files#diff-9961ccc89a48d32db5b47ba3006315ef52f6e5007fb4b09f8c5d6d299c669d67">+1/-1</a>&nbsp;
&nbsp; &nbsp; </td>

</tr>
</table></td></tr></tr></tbody></table>

___

> 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull
request to receive relevant information
---
 apidef/api_definitions.go      |  2 +-
 apidef/api_definitions_test.go | 22 ++++++++++++++++++++++
 apidef/oas/upstream.go         |  2 +-
 apidef/schema.go               |  1 -
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/apidef/api_definitions.go b/apidef/api_definitions.go
index 53a536c0807..d8bc35864ec 100644
--- a/apidef/api_definitions.go
+++ b/apidef/api_definitions.go
@@ -849,7 +849,7 @@ type ClientAuthData struct {
 	// ClientID is the application's ID.
 	ClientID string `bson:"client_id" json:"client_id"`
 	// ClientSecret is the application's secret.
-	ClientSecret string `bson:"client_secret" json:"client_secret"`
+	ClientSecret string `bson:"client_secret,omitempty" json:"client_secret,omitempty"` // client secret is optional for password flow
 }
 
 // ClientCredentials holds the client credentials for upstream OAuth2 authentication.
diff --git a/apidef/api_definitions_test.go b/apidef/api_definitions_test.go
index b3408b7ec98..8b488c9b2cc 100644
--- a/apidef/api_definitions_test.go
+++ b/apidef/api_definitions_test.go
@@ -15,6 +15,17 @@ func TestSchema(t *testing.T) {
 	schemaLoader := schema.NewBytesLoader([]byte(Schema))
 
 	spec := DummyAPI()
+	spec.UpstreamAuth = UpstreamAuth{
+		Enabled: true,
+		OAuth: UpstreamOAuth{
+			Enabled: true,
+			ClientCredentials: ClientCredentials{
+				ClientAuthData: ClientAuthData{
+					ClientSecret: "dummy", // workaround to fix schema error
+				},
+			},
+		},
+	}
 	goLoader := schema.NewGoLoader(spec)
 	result, err := schema.Validate(schemaLoader, goLoader)
 	if err != nil {
@@ -100,6 +111,17 @@ func TestSchemaGraphqlConfig(t *testing.T) {
 	schemaLoader := schema.NewBytesLoader([]byte(Schema))
 
 	spec := DummyAPI()
+	spec.UpstreamAuth = UpstreamAuth{
+		Enabled: true,
+		OAuth: UpstreamOAuth{
+			Enabled: true,
+			ClientCredentials: ClientCredentials{
+				ClientAuthData: ClientAuthData{
+					ClientSecret: "dummy", // workaround to fix schema error
+				},
+			},
+		},
+	}
 	spec.GraphQL.ExecutionMode = ""
 
 	goLoader := schema.NewGoLoader(spec)
diff --git a/apidef/oas/upstream.go b/apidef/oas/upstream.go
index 84e503a6061..6a5505a8cf8 100644
--- a/apidef/oas/upstream.go
+++ b/apidef/oas/upstream.go
@@ -681,7 +681,7 @@ type ClientAuthData struct {
 	// ClientID is the application's ID.
 	ClientID string `bson:"clientId" json:"clientId"`
 	// ClientSecret is the application's secret.
-	ClientSecret string `bson:"clientSecret" json:"clientSecret"`
+	ClientSecret string `bson:"clientSecret,omitempty" json:"clientSecret,omitempty"` // client secret is optional for password flow
 }
 
 // ClientCredentials holds the configuration for OAuth2 Client Credentials flow.
diff --git a/apidef/schema.go b/apidef/schema.go
index 34c48674e61..f3c62b8576b 100644
--- a/apidef/schema.go
+++ b/apidef/schema.go
@@ -1107,7 +1107,6 @@ const Schema = `{
               },
               "required": [
                 "client_id",
-                "client_secret",
                 "token_url",
                 "username",
                 "password"