Secure setting gets parsed, even though I just nullified the setting

5 コメント

  • Bryan - Community Manager
    Zendesk Developer Support

    I don't think you're doing anything wrong Lasse Lentz Thomsen. There are a couple of issues when testing with secure settings from a locally running app (using the --app-id parameter):

    1. Even though you're asked to enter a value for the setting from the command line when running 'zat server', the values are still pulled from whatever was last set in the Zendesk Support > Admin > Apps/Manage > Change Settings page (or via the API).

    2. The second issue is that apparently once a secure setting is set, it cannot be set back to an empty value -- either from the App Change Settings UI page nor via the API.

    If you can confirm that #2 is what you're running into, I'll look into this more to find out if this is "as designed, but not as expected", or an issue that should be addressed. Thank you for the additional information!

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    Hi Lasse Lentz Thomsen - I received confirmation that #2 is indeed "as designed". Once a secure token is set, it can't be set back to "empty". Can you give any detail around your use case for having a secure setting empty? These are essentially encrypted values that the backend Zendesk proxy inserts into HTTP requests. Is this for a test scenario? Or a production scenario? While I'll pass along any use case information to our product management team, any change to this behavior would be considered a feature request (IOW, no ETA on when or even if this will change).

    I hope this at least sets expectations on behavior.

    0
  • Lasse Lentz Thomsen

    Hi Bryan, sorry for the late reply.

    Thank you for the feedback, it makes a lot more sense now.

    Regarding the use case where I want to set a secure setting as empty, it is when a user deauthorizes. Then we want to remove their token.

    Best regards

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    I see. Since this token is static, you could, as a workaround, set it to a "sentinel" value of some sort (ex: "abcde"), which can be looked for on the remote end to represent "empty". Just an idea.

    I've passed this feedback to product management in the meantime. Thank you Lasse Lentz Thomsen

    0
  • Lasse Lentz Thomsen

    Hi Bryan,

    I have passed this one to our team. Thank you for the clarification! :-)

    0

サインインしてコメントを残してください。

Powered by Zendesk