Client Secret is Empty for Application OIDC Resource Output about terraform-provider-zitadel HOT 13 CLOSED

Using data also doesn't work:

data "zitadel_application_oidc" "default" {
  org_id     = zitadel_org.default.id
  project_id = zitadel_project.default.id
  app_id     = zitadel_application_oidc.default.id
}

output "application_oidc" {
  value = nonsensitive(zitadel_application_oidc.default.client_secret)
}

from terraform-provider-zitadel.

I am wondering if whatever call is happening for GetClientSecret() is not structured properly in the terraform? I am trying to tease it apart, but it seems like it aligns with grpc or api zitadel endpoints.

from terraform-provider-zitadel.

In zitadel-go/pkg/client/zitadel/management.pb.go I have noticed:

func (x *AddOIDCAppResponse) GetClientSecret() string {
	if x != nil {
		return x.ClientSecret
	}
	return ""
}

type AddOIDCAppResponse struct {
        ...
	ClientSecret       string                      `protobuf:"bytes,4,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
        ...
}
}``` 
Which is leading me to believe that x is evaluating to nil. Tracing from here

from terraform-provider-zitadel.

Will be diving into here later: https://github.com/zitadel/zitadel/tree/main/pkg/grpc

update to not forget:
https://github.com/zitadel/zitadel/blob/main/internal/api/grpc/management/project_application.go#L96 -> https://github.com/zitadel/zitadel/blob/main/internal/command/project_application_oidc.go (Potentially relevant lines: 170, 175, 211)

from terraform-provider-zitadel.

I need to compare calls from web client and calls from go client, but currently think that the Terraform and Web Client application uses the same code from Zitadel Repo. I have never written a Terraform Provider before, so I will try to determine what Terraform uses to interact with Zitadel host. I had trouble finding relevant code in Terraform module before, so I will look to imports. I thought it was using Go Client based on. Hoping this is just user error on my end, but don't know yet.

from terraform-provider-zitadel.

Now on TF Provider 1.0.4 and Zitadel 2.40.2

from terraform-provider-zitadel.

I have verified that secret is empty in state as well:

from terraform-provider-zitadel.

I have also tried manually defining resource "zitadel_org_idp_oidc" with an explicit client id and secret, and the app secret is still empty.

from terraform-provider-zitadel.

Could the Go crypto module be having issues

from terraform-provider-zitadel.

Was crypto module recently upgraded? golang/go#63987

from terraform-provider-zitadel.

Crypto update 3 weeks ago to 0.14: on Oct 17, 2023 zitadel/zitadel@3bbcc34

from terraform-provider-zitadel.

Regression tested with 2.38.1. Likely not crypto module. Will test with 2.37.3 just in case. 2.40.4 also didn't fix.

update: also tested with 2.37.3 - same issue.

Saw no issues @
/debug/metrics

from terraform-provider-zitadel.

Closing this, and slightly angry at documentation or error messages.
Please indicate that Zitadel PKCE does not return a client secret. Everywhere else I have used this auth method, I have had a client secret as well. Zitadel is the first place I have not used Client Secret with PKCE, and it is nice that I don't have to, but I definitely wasted days of time.

from terraform-provider-zitadel.