Skip to content

Fix: Remove client secret references for public client configuration for all affected versions (Product IS issue #26189) #5818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wso2-engineering-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix: Remove client secret references for public client configuration for all affected versions (Product IS issue #26189) #5818

wso2-engineering-bot wants to merge 1 commit into from

Conversation

@wso2-engineering-bot
Copy link

@wso2-engineering-bot wso2-engineering-bot commented Jan 6, 2026
edited by coderabbitai bot
Loading

This PR was automatically generated by Claude AI.

  • Fixes Doc Feedback: product-is#26189
  • Type: Documentation inconsistency
  • Summary: Resolved inconsistency where the guide instructed users to enable the application as a public client but then incorrectly asked them to note and use a client secret in the .env file. Public clients do not require or generate client secrets.
  • Affected Versions: 7.1.0, 7.2.0, and next (all versions that use the Pet Care B2B use case)
  • Style Scope Verification: Microsoft Style Guidelines have been applied ONLY to newly added content without modifying existing content style unless specifically requested.

Changes Made

  1. Protocol Configuration Section (Step 3):

    • Removed instruction to take note of client_secret after enabling public client
    • Added explanatory note that public clients don't generate client secrets and explained why

  2. Environment Configuration Section (.env file):

    • Removed CLIENT_SECRET variable from the .env file example
    • Added explanatory note clarifying that CLIENT_SECRET is not required for public clients

Technical Details

The fix was applied to the shared include file: en/includes/guides/organization-management/try-a-b2b-use-case-pet-care.md

This file is used by versions 7.1.0, 7.2.0, and next for the B2B Pet Care use case. Version 7.0.0 uses a different use case (Guardio Insurance) which does not have this issue.

  • Verification: Documentation builds successfully without errors

Summary by CodeRabbit

  • Documentation
    • Updated the B2B Pet Care guide to clarify that the application uses a public client configuration, which requires only a client ID. Added explanatory notes throughout the guide explaining that public clients cannot securely store credentials and therefore do not use a client secret.

✏️ Tip: You can customize this high-level summary in your review settings.

Fix: Remove client secret references for public client configuration …
b794bee 
…for all affected versions (product-is#26189)

- Removed instruction to note client_secret when application is configured as public client
- Added note explaining that public clients don't generate client secrets
- Removed CLIENT_SECRET from .env file example
- Added note in .env section clarifying that CLIENT_SECRET is not required for public clients

This fix applies to versions 7.1.0, 7.2.0, and next which use the Pet Care B2B use case.
@CLAassistant
Copy link

CLAassistant commented Jan 6, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

wso2-engineering-bot seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@wso2-engineering-bot wso2-engineering-bot mentioned this pull request Jan 6, 2026
Open
@coderabbitai
Copy link

coderabbitai bot commented Jan 6, 2026
edited
Loading

Walkthrough

Updated the B2B Pet Care guide documentation to remove references to client_secret from a public client application setup. Added clarifying notes explaining that public clients cannot securely store credentials, removing the inconsistency where steps contradicted the public client configuration guidance.

Changes

Cohort / File(s) Summary
Documentation update
en/includes/guides/organization-management/try-a-b2b-use-case-pet-care.md		 Removed client_secret references from prerequisites and environment configuration sections; added inline notes clarifying that public clients do not generate or require a client secret due to credential storage security limitations.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 No secrets in the air today,
Just honest docs to light the way,
Public clients, safe and true,
Clarity shines right on through! ✨

Pre-merge checks

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The description is comprehensive and covers purpose, changes made, technical details, and affected versions. However, it does not follow the required template structure (Purpose section with issue links, Related PRs, Test environment, or Security checks). Reorganize the description to follow the template structure: add a clear Purpose section with issue link, confirm Test environment details, and complete the Security checks checklist.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: removing client secret references for public client configuration, matching the documented changes in the B2B Pet Care guide.
Linked Issues check ✅ Passed The PR successfully addresses the requirements from issue #26189 by removing client_secret references from both the protocol configuration section and the .env file example, with explanatory notes added for clarity.
Out of Scope Changes check ✅ Passed All changes are directly related to resolving issue #26189. The PR modifies only the affected documentation file to remove inconsistent client_secret references for public clients, with no extraneous changes detected.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb6f204 and b794bee.

📒 Files selected for processing (1)
  • en/includes/guides/organization-management/try-a-b2b-use-case-pet-care.md
🔇 Additional comments (2)
en/includes/guides/organization-management/try-a-b2b-use-case-pet-care.md (2)

186-189: Clear and accurate public client explanation in protocol configuration.

The added note correctly explains that public clients cannot generate or require client secrets and appropriately contextualizes this with real-world examples (SPAs, mobile apps). The placement immediately after the client_id step reinforces the correct behavior.

512-513: Proper clarification for environment variables configuration.

The note effectively explains why CLIENT_SECRET is omitted from the .env configuration, directly addressing the inconsistency reported in product-is#26189. The statement is clear and properly integrated with the existing environment variable documentation.

Please confirm that these changes have been consistently applied to all affected documentation versions (7.1.0, 7.2.0, and next) as mentioned in the PR objectives.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Doc Feedback:

3 participants

@wso2-engineering-bot @CLAassistant