fix: default value for cookie secrets

NithinKuruba · NithinKuruba · commit cc1cf81894ef · 2025-06-16T13:34:16.000-07:00
diff --git a/docker/otp-provider/src/config.ts b/docker/otp-provider/src/config.ts
@@ -26,5 +26,5 @@ export const config = {
   OTP_ATTEMPTS_ALLOWED: process.env.OTP_ATTEMPTS_ALLOWED || '5',
   OTP_RESENDS_ALLOWED_PER_DAY: process.env.OTP_RESENDS_ALLOWED_PER_DAY || '4',
   OTP_RESEND_INTERVAL_MINUTES: process.env.OTP_RESEND_INTERVAL_MINUTES || '[1,2,5,60]',
-  COOKIE_SECRET: process.env.COOKIE_SECRET || 'default_secret',
+  COOKIE_SECRETS: process.env.COOKIE_SECRETS || 's3cr3t1,s3cr3t1,s3cr3t2',
 };
diff --git a/docker/otp-provider/src/modules/oidc-provider.ts b/docker/otp-provider/src/modules/oidc-provider.ts
@@ -6,7 +6,7 @@ import { isOrigin, hashEmail } from '../utils/helpers';
 import { getClients } from './sequelize/queries/client';
 import type { Response } from 'express';
 
-const { JWKS } = config;
+const { JWKS, COOKIE_SECRETS } = config;
 
 const jwks = JWKS || {};
 
@@ -27,7 +27,7 @@ export const getConfig = (): Configuration => {
     jwks,
     adapter: SequelizeAdapter,
     cookies: {
-      keys: new Keygrip(process.env.COOKIE_SECRETS!?.split(','), 'sha256', 'base64'),
+      keys: new Keygrip(COOKIE_SECRETS!?.split(','), 'sha256', 'base64'),
     },
     clientAuthMethods: ['client_secret_basic', 'client_secret_post', 'none'],
     issueRefreshToken() {
