From b3d385861feb3216501ac654df83f8ac4e499882 Mon Sep 17 00:00:00 2001
From: Tali Auster <me@tali.network>
Date: Thu, 27 Mar 2025 18:04:33 -0600
Subject: [PATCH] fix: log warning on an empty client secret

Because Miniflux runs as a confidential service, a missing client secret
is a mistake in configuration. An empty client secret appears to be
valid per RFC 6749 (and is in fact the default set by Miniflux!), so we
log a warning.
---
 internal/oauth2/manager.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/oauth2/manager.go b/internal/oauth2/manager.go
index 7ee10015..862babb6 100644
--- a/internal/oauth2/manager.go
+++ b/internal/oauth2/manager.go
@@ -39,5 +39,9 @@ func NewManager(ctx context.Context, clientID, clientSecret, redirectURL, oidcDi
 		}
 	}
 
+	if clientSecret == "" {
+		slog.Warn("OIDC client secret is empty or missing.")
+	}
+
 	return m
 }