Skip to content

fix: reject clientSecret without clientId to prevent wrong-tenant data#122

Merged
saurabhjain1592 merged 1 commit intomainfrom
fix/require-client-id-with-secret
Apr 5, 2026
Merged

fix: reject clientSecret without clientId to prevent wrong-tenant data#122
saurabhjain1592 merged 1 commit intomainfrom
fix/require-client-id-with-secret

Conversation

@saurabhjain1592
Copy link
Copy Markdown
Member

@saurabhjain1592 saurabhjain1592 commented Apr 4, 2026

Summary

Reject client_secret/clientSecret when client_id/clientId is not set. Without this check, the SDK silently uses community as the tenant identity, causing all licensed data to be stored under the wrong tenant.

Three valid configurations:

  • Neither set → community mode (clientId=community, no license)
  • clientId only → community mode with custom tenant
  • Both set → licensed mode with explicit tenant

Aligns with getaxonflow/axonflow-enterprise#1492 unified identity model.

Test plan

  • client_secret without client_id throws clear error
  • client_id without client_secret works (community with custom tenant)
  • Both omitted works (community mode)
  • Both set works (licensed mode)

@saurabhjain1592
fix: reject clientSecret without clientId to prevent wrong-tenant data
3abfcc1 
If clientSecret (license key) is set without clientId, the SDK
would silently use 'community' as the tenant identity. All data
would be stored under the wrong tenant, causing data loss on
upgrade when clientId is eventually set correctly.
@saurabhjain1592 saurabhjain1592 merged commit 3d77ad6 into main Apr 5, 2026
9 checks passed
@saurabhjain1592 saurabhjain1592 deleted the fix/require-client-id-with-secret branch April 7, 2026 10:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@saurabhjain1592