feat(oidc-auth): support empty OIDC client secret

tarasglek · tarasglek · commit 7eee61b80870 · 2025-04-17T09:36:17.000+03:00
diff --git a/.changeset/every-pugs-wave.md b/.changeset/every-pugs-wave.md
@@ -0,0 +1,5 @@
+---
+'@hono/oidc-auth': major
+---
+
+Support empty OIDC_CLIENT_SECRET
diff --git a/packages/oidc-auth/src/index.ts b/packages/oidc-auth/src/index.ts
@@ -167,11 +167,18 @@ export const getClient = (c: Context): oauth2.Client => {
   const env = getOidcAuthEnv(c)
   let client = c.get('oidcClient')
   if (client === undefined) {
-    client = {
-      client_id: env.OIDC_CLIENT_ID,
-      client_secret: env.OIDC_CLIENT_SECRET,
-      token_endpoint_auth_method: 'client_secret_basic',
-    }
+    client =
+      env.OIDC_CLIENT_SECRET === ''
+        ? {
+            // No client secret provided, use 'none' auth method
+            client_id: env.OIDC_CLIENT_ID,
+            token_endpoint_auth_method: 'none',
+          }
+        : {
+            client_id: env.OIDC_CLIENT_ID,
+            client_secret: env.OIDC_CLIENT_SECRET,
+            token_endpoint_auth_method: 'client_secret_basic',
+          }
     c.set('oidcClient', client)
   }
   return client

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@hono/oidc-auth': major
 +---
++
 +Support empty OIDC_CLIENT_SECRET