As an admin when Accessing GitLab UI admin/applications shows full application configuration details
Proposal
When accessing admin/applications and you drill down into a specific application, this then shows the full application configuration details.
Feedback from a user
So, I noticed that if you go into the Admin Area, click on Applications, and then click on one of the specific applications, you can get both the Application ID and the Secret. While the first isn’t a problem, it seems rather inconsistent and poor security for the Secret to just hang out there, available. This is inconsistent with other places where we have secrets such as the Personal Access Key.
System OAuth applications page | System OAuth applications VIEW page |
---|---|
This comment has also been highlighted in
The ask here is to review how these are presented in the Admin, whether
- showing masked value
- secret storage
- ?