[GH-ISSUE #81] [Generic OIDC Providers] Client Secret Truncation #50

New issue

Closed

opened 2026-05-07 00:17:32 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:17:32 +02:00

Owner

Originally created by @insane-kane on GitHub (Jan 16, 2026).
Original GitHub issue: https://github.com/pelican-dev/plugins/issues/81

Upon installation of this plugin, it creates a new database table for OIDC providers in MariaDB (MySQL). In this table, it creates the row "client_secret" with type "string" which results in type "varchar(255)" in MairaDB. This is fine if you have a reasonably short client secret. But longer secrets, once hashed easily exceed 255 characters and are truncated, resulting in an immediate HTTP 500 error when creating a OIDC provider using too long of a secret. This can be easily mitigated by changing field types from "string" to "text."

Here is an excerpt from laravel*.log showing the result of creating a OIDC provider with a long client secret:
pelicanError.txt

Originally created by @insane-kane on GitHub (Jan 16, 2026). Original GitHub issue: https://github.com/pelican-dev/plugins/issues/81 Upon installation of this plugin, it creates a new database table for OIDC providers in MariaDB (MySQL). In this table, it creates the row "client_secret" with type "string" which results in type "varchar(255)" in MairaDB. This is fine if you have a reasonably short client secret. But longer secrets, once hashed easily exceed 255 characters and are truncated, resulting in an immediate HTTP 500 error when creating a OIDC provider using too long of a secret. This can be easily mitigated by changing field types from "string" to "text." Here is an excerpt from laravel*.log showing the result of creating a OIDC provider with a long client secret: [pelicanError.txt](https://github.com/user-attachments/files/24657301/pelicanError.txt)