starred/hoppscotch
1
0
Fork 0
mirror of https://github.com/hoppscotch/hoppscotch.git synced 2026-04-26 09:16:03 +03:00
Code Issues 711 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #5651] [bug]: InfraConfig MICROSOFT_CLIENT_SECRET is never updated from ENV #2190

New issue
Open
opened 2026-03-16 23:30:55 +03:00 by kerem · 13 comments
kerem commented 2026-03-16 23:30:55 +03:00
Owner
Copy link

Originally created by @muellerst-hg on GitHub (Dec 3, 2025).
Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/5651

Originally assigned to: @mirarifhasan on GitHub.

Is there an existing issue for this?

  • I have searched existing issues and this bug hasn't been reported yet

Platform

Web App

Browser

Chrome

Operating System

Linux

Bug Description

We use containerized self-hosted instance with Microsoft OAuth. Our ENV variable MICROSOFT_CLIENT_SECRET is automatically rotated on a regular basis, because the secret has a limited lifetime.

After upgrading from 2025.6.1 to 2025.7.0, changes to ENV variable have no more effect. (a similar issue happened before, see #4116). Upgrading to 2025.11.0 does not help.
Login to admin UI is not possible anymore because the secret reached the end of lifetime.

What do we expect?

When you set a new value for ENV variable MICROSOFT_CLIENT_SECRET and restart the backend, then the corresponding value in DB table InfraConfig will be updated to the value from the ENV variable. That's the behavior until 2025.6.1

What happens instead?

MICROSOFT_CLIENT_SECRET is not updated in DB table InfraConfig. When secret reached end of lifetime, it becomes invalid and cannot be updated.

Steps to reproduce

  • create docker compose setup:
  • mkdir db/
  • create .env file:
DATABASE_URL=postgresql://postgres:testpass@hoppscotch-db:5432/hoppscotch

MICROSOFT_CLIENT_ID="xxxxxxxxxxx"
MICROSOFT_CLIENT_SECRET="xxxxxxxxxx"
MICROSOFT_CALLBACK_URL="http://localhost:3170/v1/auth/microsoft/callback"
MICROSOFT_SCOPE="user.read"
MICROSOFT_TENANT="xxxxxxxxxx"

VITE_ALLOWED_AUTH_PROVIDERS="MICROSOFT"

DATA_ENCRYPTION_KEY="asdfghjklqwertzuiopyxcvbnm123456"

WHITELISTED_ORIGINS="http://localhost:3170,http://localhost:3000,http://localhost:3100,app://localhost_3200,app://hoppscotch"
VITE_BASE_URL=http://localhost:3000
JWT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
TOKEN_SALT_COMPLEXITY="10"
MAGIC_LINK_TOKEN_VALIDITY="3"
REFRESH_TOKEN_VALIDITY="604800000"
ACCESS_TOKEN_VALIDITY="86400000"
SESSION_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
ALLOW_SECURE_COOKIES="true"
REDIRECT_URL="http://localhost:3000"
MAILER_SMTP_ENABLE="false"
RATE_LIMIT_TTL="60"
RATE_LIMIT_MAX="100"
  • create compose.yml file
services:
 # The service that spins up all 3 services at once in one container
  hoppscotch-aio:
    container_name: hoppscotch-aio
    restart: unless-stopped
    command: ["sh", "-c", "pnpm exec prisma migrate deploy && echo $MICROSOFT_CLIENT_SECRET && node /usr/src/app/aio_run.mjs"]
    image: hoppscotch/hoppscotch:2025.6.1
    env_file:
      - ./.env
    depends_on:
      - hoppscotch-db
    ports:
      - "3000:3000"
      - "3100:3100"
      - "3170:3170"
      - "3080:8080"
  # postgresql
  hoppscotch-db:
    image: postgres:15
    user: postgres
    volumes:
      - ./db:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: testpass
      POSTGRES_DB: hoppscotch
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "sh -c 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'"
        ]
      interval: 5s
      timeout: 5s
      retries: 10
  • Run docker compose -f compose.yml up, wait until initial setup is completed.
  • check value in DB:
docker exec -it hoppscotch-hoppscotch-db-1 psql hoppscotch --pset=pager=off -c "select * from \"InfraConfig\" WHERE name='MICROSOFT_CLIENT_SECRET';"
  • shutdown and remove container.
  • change MICROSOFT_CLIENT_SECRET in .env
  • Run docker compose -f compose.yml up, wait until initial setup is completed.
  • check value in DB: 
    docker exec -it hoppscotch-hoppscotch-db-1 psql hoppscotch --pset=pager=off -c "select * from \"InfraConfig\" WHERE name='MICROSOFT_CLIENT_SECRET';"
    --> value has changed
  • shutdown and remove container.
  • again, change MICROSOFT_CLIENT_SECRET in .env
  • update compose.yml to use 2025.7.0 as hoppscotch version: image: hoppscotch/hoppscotch:2025.7.0
  • Run docker compose -f compose.yml up, wait until initial setup is completed.
  • check value in DB: 
    docker exec -it hoppscotch-hoppscotch-db-1 psql hoppscotch --pset=pager=off -c "select * from \"InfraConfig\" WHERE name='MICROSOFT_CLIENT_SECRET';"
    --> value has NOT changed

Deployment Type

Self-hosted (on-prem deployment)

Version

2025.11.0

Originally created by @muellerst-hg on GitHub (Dec 3, 2025). Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/5651 Originally assigned to: @mirarifhasan on GitHub. ### Is there an existing issue for this? - [x] I have searched existing issues and this bug hasn't been reported yet ### Platform Web App ### Browser Chrome ### Operating System Linux ### Bug Description We use containerized self-hosted instance with Microsoft OAuth. Our ENV variable MICROSOFT_CLIENT_SECRET is automatically rotated on a regular basis, because the secret has a limited lifetime. After upgrading from 2025.6.1 to 2025.7.0, changes to ENV variable have no more effect. (a similar issue happened before, see #4116). Upgrading to 2025.11.0 does not help. Login to admin UI is not possible anymore because the secret reached the end of lifetime. ## What do we expect? When you set a new value for ENV variable `MICROSOFT_CLIENT_SECRET` and restart the backend, then the corresponding value in DB table `InfraConfig` will be updated to the value from the ENV variable. That's the behavior until 2025.6.1 ## What happens instead? MICROSOFT_CLIENT_SECRET is not updated in DB table `InfraConfig`. When secret reached end of lifetime, it becomes invalid and cannot be updated. ## Steps to reproduce - create docker compose setup: - mkdir db/ - create .env file: ```.env DATABASE_URL=postgresql://postgres:testpass@hoppscotch-db:5432/hoppscotch MICROSOFT_CLIENT_ID="xxxxxxxxxxx" MICROSOFT_CLIENT_SECRET="xxxxxxxxxx" MICROSOFT_CALLBACK_URL="http://localhost:3170/v1/auth/microsoft/callback" MICROSOFT_SCOPE="user.read" MICROSOFT_TENANT="xxxxxxxxxx" VITE_ALLOWED_AUTH_PROVIDERS="MICROSOFT" DATA_ENCRYPTION_KEY="asdfghjklqwertzuiopyxcvbnm123456" WHITELISTED_ORIGINS="http://localhost:3170,http://localhost:3000,http://localhost:3100,app://localhost_3200,app://hoppscotch" VITE_BASE_URL=http://localhost:3000 JWT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" TOKEN_SALT_COMPLEXITY="10" MAGIC_LINK_TOKEN_VALIDITY="3" REFRESH_TOKEN_VALIDITY="604800000" ACCESS_TOKEN_VALIDITY="86400000" SESSION_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxx" ALLOW_SECURE_COOKIES="true" REDIRECT_URL="http://localhost:3000" MAILER_SMTP_ENABLE="false" RATE_LIMIT_TTL="60" RATE_LIMIT_MAX="100" ``` - create compose.yml file ```compose.yml services: # The service that spins up all 3 services at once in one container hoppscotch-aio: container_name: hoppscotch-aio restart: unless-stopped command: ["sh", "-c", "pnpm exec prisma migrate deploy && echo $MICROSOFT_CLIENT_SECRET && node /usr/src/app/aio_run.mjs"] image: hoppscotch/hoppscotch:2025.6.1 env_file: - ./.env depends_on: - hoppscotch-db ports: - "3000:3000" - "3100:3100" - "3170:3170" - "3080:8080" # postgresql hoppscotch-db: image: postgres:15 user: postgres volumes: - ./db:/var/lib/postgresql/data environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: testpass POSTGRES_DB: hoppscotch healthcheck: test: [ "CMD-SHELL", "sh -c 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'" ] interval: 5s timeout: 5s retries: 10 ``` - Run `docker compose -f compose.yml up`, wait until initial setup is completed. - check value in DB: ``` docker exec -it hoppscotch-hoppscotch-db-1 psql hoppscotch --pset=pager=off -c "select * from \"InfraConfig\" WHERE name='MICROSOFT_CLIENT_SECRET';" ``` - shutdown and remove container. - change MICROSOFT_CLIENT_SECRET in `.env` - Run `docker compose -f compose.yml up`, wait until initial setup is completed. - check value in DB: ``` docker exec -it hoppscotch-hoppscotch-db-1 psql hoppscotch --pset=pager=off -c "select * from \"InfraConfig\" WHERE name='MICROSOFT_CLIENT_SECRET';" ``` --> value has changed - shutdown and remove container. - again, change MICROSOFT_CLIENT_SECRET in `.env` - update compose.yml to use 2025.7.0 as hoppscotch version: `image: hoppscotch/hoppscotch:2025.7.0` - Run `docker compose -f compose.yml up`, wait until initial setup is completed. - check value in DB: ``` docker exec -it hoppscotch-hoppscotch-db-1 psql hoppscotch --pset=pager=off -c "select * from \"InfraConfig\" WHERE name='MICROSOFT_CLIENT_SECRET';" ``` --> value has **NOT** changed ### Deployment Type Self-hosted (on-prem deployment) ### Version 2025.11.0
kerem commented 2026-03-16 23:31:06 +03:00
Author
Owner
Copy link

@ambouh1 commented on GitHub (Dec 4, 2025):

We Have the same issue, hoppscotch installed on EKS with many versions even the latest one.

<!-- gh-comment-id:3611324006 --> @ambouh1 commented on GitHub (Dec 4, 2025): We Have the same issue, hoppscotch installed on EKS with many versions even the latest one.
kerem commented 2026-03-16 23:31:11 +03:00
Author
Owner
Copy link

@jmarquez84 commented on GitHub (Dec 5, 2025):

We have the same issue.

<!-- gh-comment-id:3616851929 --> @jmarquez84 commented on GitHub (Dec 5, 2025): We have the same issue.
kerem commented 2026-03-16 23:31:16 +03:00
Author
Owner
Copy link

@mirarifhasan commented on GitHub (Dec 7, 2025):

Hello @muellerst-hg, @ambouh1, @jmarquez84,

Thank you for reporting this issue and providing detailed reproduction steps.

From version 2025.7.0 onwards, we have reduced the number of environment variables to make configuration less troublesome for our users. Previously, there were too many variables that made the setup process cumbersome.

All auth-related secrets can now be set up and modified from the Admin UI. This decision was made to keep user onboarding frictionless, so that users don't need to juggle with the .env file too much.

You can find the currently supported environment variables here:
https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment

Since you mentioned:

Login to admin UI is not possible anymore because the secret reached the end of lifetime.

In your situation, you can do one of the following:

(Option 1) Reset the onboarding flag
From the InfraConfig table in the Database, find the row where name='ONBOARDING_COMPLETED', and set the value='false'. This will allow you to go through the onboarding process (in Admin UI) and set up your authentication provider.

(Option 2) Hard reset the configuration
Follow the hard reset instructions in our documentation:
https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations

After performing either option, you'll be able to configure your Microsoft OAuth settings (including the client secret) through the Admin UI, which will persist the changes to the database properly.

Thank you for your patience and understanding!

<!-- gh-comment-id:3621562120 --> @mirarifhasan commented on GitHub (Dec 7, 2025): Hello @muellerst-hg, @ambouh1, @jmarquez84, Thank you for reporting this issue and providing detailed reproduction steps. From version 2025.7.0 onwards, we have reduced the number of environment variables to make configuration less troublesome for our users. Previously, there were too many variables that made the setup process cumbersome. **All auth-related secrets can now be set up and modified from the Admin UI.** This decision was made to keep user onboarding frictionless, so that users don't need to juggle with the [.env](https://github.com/hoppscotch/hoppscotch/blob/main/.env.example) file too much. You can find the currently supported environment variables here: [https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment](https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment) --- Since you mentioned: > Login to admin UI is not possible anymore because the secret reached the end of lifetime. In your situation, you can do one of the following: **(Option 1) Reset the onboarding flag** From the InfraConfig table in the Database, find the row where `name='ONBOARDING_COMPLETED'`, and set the `value='false'`. This will allow you to go through the onboarding process (in Admin UI) and set up your authentication provider. **(Option 2) Hard reset the configuration** Follow the hard reset instructions in our documentation: [https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations](https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations) After performing either option, you'll be able to configure your Microsoft OAuth settings (including the client secret) through the Admin UI, which will persist the changes to the database properly. Thank you for your patience and understanding!
kerem commented 2026-03-16 23:31:21 +03:00
Author
Owner
Copy link

@muellerst-hg commented on GitHub (Dec 8, 2025):

This generally removed the ability to automatically rotate the token and also to prevent human users from reading the token.
Security- and automation-wise this is a step backward.

I wonder if improving the documention for .env would help onboarding, so that you could reintroduce the env variables? I would be happy to contribute documentation.
Beside that, could you please make .env optional, so that users have the choice to use admin UI or .env?

<!-- gh-comment-id:3625974337 --> @muellerst-hg commented on GitHub (Dec 8, 2025): This generally removed the ability to automatically rotate the token and also to prevent human users from reading the token. Security- and automation-wise this is a step backward. I wonder if improving the documention for .env would help onboarding, so that you could reintroduce the env variables? I would be happy to contribute documentation. Beside that, could you please make .env optional, so that users have the choice to use admin UI or .env?
kerem commented 2026-03-16 23:31:26 +03:00
Author
Owner
Copy link

@Breee commented on GitHub (Dec 8, 2025):

Your software requires us to hack and is not automation friendly. We want to rotate secrets often and fast without db hacks.

We will NOT do ClickOps and we will NOT hack around in the postgres database.
I find it unbelievable that your proposed solution is to truncate a DB table. (Especially because we had this bug fixed before https://github.com/hoppscotch/hoppscotch/issues/4116)

Modern containerized applications should be always configurable via the environment or some sort of configfile at least.

<!-- gh-comment-id:3626012500 --> @Breee commented on GitHub (Dec 8, 2025): Your software requires us to hack and is not automation friendly. We want to rotate secrets often and fast without db hacks. We will NOT do ClickOps and we will NOT hack around in the postgres database. I find it unbelievable that your proposed solution is to truncate a DB table. (Especially because we had this bug fixed before https://github.com/hoppscotch/hoppscotch/issues/4116) Modern containerized applications should be always configurable via the environment or some sort of configfile at least.
kerem commented 2026-03-16 23:31:31 +03:00
Author
Owner
Copy link

@jmarquez84 commented on GitHub (Dec 9, 2025):

Hello @muellerst-hg, @ambouh1, @jmarquez84,

Thank you for reporting this issue and providing detailed reproduction steps.

From version 2025.7.0 onwards, we have reduced the number of environment variables to make configuration less troublesome for our users. Previously, there were too many variables that made the setup process cumbersome.

All auth-related secrets can now be set up and modified from the Admin UI. This decision was made to keep user onboarding frictionless, so that users don't need to juggle with the .env file too much.

You can find the currently supported environment variables here: https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment

Since you mentioned:

Login to admin UI is not possible anymore because the secret reached the end of lifetime.

In your situation, you can do one of the following:

(Option 1) Reset the onboarding flag From the InfraConfig table in the Database, find the row where name='ONBOARDING_COMPLETED', and set the value='false'. This will allow you to go through the onboarding process (in Admin UI) and set up your authentication provider.

(Option 2) Hard reset the configuration Follow the hard reset instructions in our documentation: https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations

After performing either option, you'll be able to configure your Microsoft OAuth settings (including the client secret) through the Admin UI, which will persist the changes to the database properly.

Thank you for your patience and understanding!

I tried to insert the new configuration in Admin UI, but when I click on "Save Auth Config" I got an error.

Image

This is the configuration:

Image
<!-- gh-comment-id:3631906542 --> @jmarquez84 commented on GitHub (Dec 9, 2025): > Hello [@muellerst-hg](https://github.com/muellerst-hg), [@ambouh1](https://github.com/ambouh1), [@jmarquez84](https://github.com/jmarquez84), > > Thank you for reporting this issue and providing detailed reproduction steps. > > From version 2025.7.0 onwards, we have reduced the number of environment variables to make configuration less troublesome for our users. Previously, there were too many variables that made the setup process cumbersome. > > **All auth-related secrets can now be set up and modified from the Admin UI.** This decision was made to keep user onboarding frictionless, so that users don't need to juggle with the [.env](https://github.com/hoppscotch/hoppscotch/blob/main/.env.example) file too much. > > You can find the currently supported environment variables here: https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment > > Since you mentioned: > > > Login to admin UI is not possible anymore because the secret reached the end of lifetime. > > In your situation, you can do one of the following: > > **(Option 1) Reset the onboarding flag** From the InfraConfig table in the Database, find the row where `name='ONBOARDING_COMPLETED'`, and set the `value='false'`. This will allow you to go through the onboarding process (in Admin UI) and set up your authentication provider. > > **(Option 2) Hard reset the configuration** Follow the hard reset instructions in our documentation: https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations > > After performing either option, you'll be able to configure your Microsoft OAuth settings (including the client secret) through the Admin UI, which will persist the changes to the database properly. > > Thank you for your patience and understanding! I tried to insert the new configuration in Admin UI, but when I click on "Save Auth Config" I got an error. <img width="306" height="77" alt="Image" src="https://github.com/user-attachments/assets/8c873bcc-c7a1-407e-b7da-be53b6d406de" /> This is the configuration: <img width="990" height="804" alt="Image" src="https://github.com/user-attachments/assets/0d16fedc-a198-4791-8a1d-f3e6052258c1" />
kerem commented 2026-03-16 23:31:36 +03:00
Author
Owner
Copy link

@mirarifhasan commented on GitHub (Dec 10, 2025):

@jmarquez84 Could you please share the backend container logs that are generated when you perform the “Save Auth Config” action?

<!-- gh-comment-id:3635198489 --> @mirarifhasan commented on GitHub (Dec 10, 2025): @jmarquez84 Could you please share the backend container logs that are generated when you perform the “Save Auth Config” action?
kerem commented 2026-03-16 23:31:41 +03:00
Author
Owner
Copy link

@jmarquez84 commented on GitHub (Dec 10, 2025):

Hi @mirarifhasan the problem was the SMTP URL., but the problem didn't show in the front.

Image
<!-- gh-comment-id:3636141330 --> @jmarquez84 commented on GitHub (Dec 10, 2025): Hi @mirarifhasan the problem was the SMTP URL., but the problem didn't show in the front. <img width="501" height="59" alt="Image" src="https://github.com/user-attachments/assets/a75cb2a7-135c-4efa-819e-89b4a75afbff" />
kerem commented 2026-03-16 23:31:46 +03:00
Author
Owner
Copy link

@mirarifhasan commented on GitHub (Dec 10, 2025):

@jmarquez84 Could you let us know which format you were using for the SMTP URL? This will help us improve the UX on our side.
Also, hope you were able to enter the SMTP URL correctly and get the setup working.
Thanks.

<!-- gh-comment-id:3638135936 --> @mirarifhasan commented on GitHub (Dec 10, 2025): @jmarquez84 Could you let us know which format you were using for the `SMTP URL`? This will help us improve the UX on our side. Also, hope you were able to enter the `SMTP URL` correctly and get the setup working. Thanks.
kerem commented 2026-03-16 23:31:51 +03:00
Author
Owner
Copy link

@krystalcode commented on GitHub (Dec 16, 2025):

I don't think there would be a problem with having both the ability to configure settings via the admin UI and allow overriding those via environment variables. I now find myself logged out and can't log in because I need to update the SMTP settings, which I can't until I log in and set them via the UI.

<!-- gh-comment-id:3661500525 --> @krystalcode commented on GitHub (Dec 16, 2025): I don't think there would be a problem with having both the ability to configure settings via the admin UI and allow overriding those via environment variables. I now find myself logged out and can't log in because I need to update the SMTP settings, which I can't until I log in and set them via the UI.
kerem commented 2026-03-16 23:31:57 +03:00
Author
Owner
Copy link

@muellerst-hg commented on GitHub (Feb 23, 2026):

I would really like to avoid workarounds and use ENV variables straightforward as this is the most common pattern in system design, see twelve-factor app).

Please reintroduce ENV variables to enable automated operations . It does not harm ClickOps approach.

<!-- gh-comment-id:3944377364 --> @muellerst-hg commented on GitHub (Feb 23, 2026): I would really like to avoid workarounds and use ENV variables straightforward as this is the most common pattern in system design, see [twelve-factor app](https://12factor.net/config)). Please reintroduce ENV variables to enable automated operations . It does not harm ClickOps approach.
kerem commented 2026-03-16 23:32:02 +03:00
Author
Owner
Copy link

@cha0s22 commented on GitHub (Feb 23, 2026):

Luckily I stumbled upon this issue after our microsoft secret expired today... Introducing a breaking change like that, that gives no other option than to manually edit the database is really not a good move ... especially as the previous behavior was completely fine and we had a fully automated secret rotation up and running.
I highly support the authors proposal to reintroduce ENV variables.

<!-- gh-comment-id:3944642868 --> @cha0s22 commented on GitHub (Feb 23, 2026): Luckily I stumbled upon this issue after our microsoft secret expired today... Introducing a breaking change like that, that gives no other option than to manually edit the database is really not a good move ... especially as the previous behavior was completely fine and we had a fully automated secret rotation up and running. I highly support the authors proposal to reintroduce ENV variables.
kerem commented 2026-03-16 23:32:07 +03:00
Author
Owner
Copy link

@mmiftach commented on GitHub (Mar 3, 2026):

Hello @muellerst-hg, @ambouh1, @jmarquez84,

Thank you for reporting this issue and providing detailed reproduction steps.

From version 2025.7.0 onwards, we have reduced the number of environment variables to make configuration less troublesome for our users. Previously, there were too many variables that made the setup process cumbersome.

All auth-related secrets can now be set up and modified from the Admin UI. This decision was made to keep user onboarding frictionless, so that users don't need to juggle with the .env file too much.

You can find the currently supported environment variables here: https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment

Since you mentioned:

Login to admin UI is not possible anymore because the secret reached the end of lifetime.

In your situation, you can do one of the following:

(Option 1) Reset the onboarding flag From the InfraConfig table in the Database, find the row where name='ONBOARDING_COMPLETED', and set the value='false'. This will allow you to go through the onboarding process (in Admin UI) and set up your authentication provider.

(Option 2) Hard reset the configuration Follow the hard reset instructions in our documentation: https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations

After performing either option, you'll be able to configure your Microsoft OAuth settings (including the client secret) through the Admin UI, which will persist the changes to the database properly.

Thank you for your patience and understanding!

Thank you, this solved my problem.

<!-- gh-comment-id:3989076271 --> @mmiftach commented on GitHub (Mar 3, 2026): > Hello [@muellerst-hg](https://github.com/muellerst-hg), [@ambouh1](https://github.com/ambouh1), [@jmarquez84](https://github.com/jmarquez84), > > Thank you for reporting this issue and providing detailed reproduction steps. > > From version 2025.7.0 onwards, we have reduced the number of environment variables to make configuration less troublesome for our users. Previously, there were too many variables that made the setup process cumbersome. > > **All auth-related secrets can now be set up and modified from the Admin UI.** This decision was made to keep user onboarding frictionless, so that users don't need to juggle with the [.env](https://github.com/hoppscotch/hoppscotch/blob/main/.env.example) file too much. > > You can find the currently supported environment variables here: https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment > > Since you mentioned: > > > Login to admin UI is not possible anymore because the secret reached the end of lifetime. > > In your situation, you can do one of the following: > > **(Option 1) Reset the onboarding flag** From the InfraConfig table in the Database, find the row where `name='ONBOARDING_COMPLETED'`, and set the `value='false'`. This will allow you to go through the onboarding process (in Admin UI) and set up your authentication provider. > > **(Option 2) Hard reset the configuration** Follow the hard reset instructions in our documentation: https://docs.hoppscotch.io/documentation/self-host/community-edition/admin-dashboard#hard-reset-configurations > > After performing either option, you'll be able to configure your Microsoft OAuth settings (including the client secret) through the Admin UI, which will persist the changes to the database properly. > > Thank you for your patience and understanding! Thank you, this solved my problem.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/security-fix-2026-4-0
next
fix/mockserver-env-set-url-priority
feat/rest-gql-merge
refactor/workspaces
fix/onboarding-mass-assignment
desktop-settings-phase-0-schema-bridge-shell
patch
test-webhook
pr/johnan319/5745
tembo/optimize-performance-db-queries
add-claude-github-actions-1772782423108
fix/code-scanning-103
fix/mock-server-example-endpoint-match-v2
fix/rate-limit-on-health-route
hotfix/api-doc-collection-deletetion
cd-test
fix/mock-server-backend-followup
chore/code-scanning-52
chore/verion-addition-check
nested-migrations
scripting-system-updates-worker-setup
scripting-system-updates
pr/shipko/4367
ci-test
feat/user-delete-condition
feat/user-workspace-stats-api
chore/collection-export-addition
fix/import-file-size-limit-flow
feat/dashboard-common
feat/sort-environment-alphabetically
feat/infra-config-encryption
refactor/team
feat/collection-duplicationn
feat/secure-cookies-toggle
pr/pavog/4195
pr/pavog/4196
test/patch-demo
feat/native-interceptor-updates
pr/AndrewBastin/4111
feat/user-last-active-on
fix/codemirror-large-text-scroll-bug
fix/precision-lost-beautify
fix/env-diff-test-schema-error
fix/email-case-sensitive
release/2024.3.3
refactor/workspace-login-conversion
feat/node-apline-version-upgrade
feat/seed
release/2024.3.2
fix/sh-email-handlebar-issue
feat/app-experiment-animation
release/2024.3.1
release/2024.3.0
pr/jamesgeorge007/3937
experiment/deploychan
feat/github-enterprise-auth
refactor/collection-search-query
hotfix/infra-config-reset-bug
fix/secret-var-bug
hotfix/full-text-search
hotfix/request-variable-version-syncing
feat/request-variable
feat/server-config-additional-properties
pr/JoelJacobStephen/3845
release/2023.12.6
fix/safari-codemirror-perf-bug
release/2023.12.5
release/2023.12.4
fix/secret-env-bugs-tooltip
release/2023.12.3
fix/shared-request-bug
fix/disable-context-menu-option
release/2023.12.2
release/2023.12.1
fix/shared-request-bugs
release/2023.12.0
fix/gql-history-schema
fix/actions-not-working-without-sidebar
pr/jamesgeorge007/3665
chore/desktop-app-corrections
fix/auth-headers-in-coll
fix/embed-url
improve/placeholder
add-realtime-logos
feat/shared-request-embeds
feat/collection-headers
revamp/header
release/2023.8.4
refactor/interceptor-error-display
feat/subpath-based-access
release/2023.8.3
feat/shared-requests
feat/desktop
fix/nodemailer-templates-issue
feature/upgrade-graphql-ws
fix/graphql-crashing
fix/set-environments-when-no-env-selected
refactor/pre-prisma-bump-setup
release/2023.8.2
pr/danitherex/3216
perf/raw-db-query
release/2023.8.1
revert-3348-perf/reduce-backend-calls
fix/incorrect-tab-count-close-all-tab
fix/duplicate-tab-bug
release/2023.8.0
hotfix/fetch-shortcode
fix/tab-right-click-rename-bug
chore/docker-fixes
pr/JoelJacobStephen/3178
feat/fe-accessible-auth-provider-env
feat-cherry-pick/conditional-auth-select
feat/conditional-auth-select
release/2023.4.8
fix/generate-sitemap-issue
test/backend-test-case
refactor/team-invitation
pr/AndrewBastin/3171
release/2023.4.7
fix/duplicate-team-invite
fix/unified-bg-color-coll-tree
fix/shortcode-screen-stuck
release/2023.4.6
revert-3117-patch-3
fix/env-selector-bg
fix/db-url
release/2023.4.4
fix/sync-popup-bug
fix/team-env-set-test
chore/wss-to-ws-on-env
fix/prettify-xml-response
feat/db-volume-addition
feat/env-selector-tabs-ui
bug/broken-env
release/2023.4.2
fix/switch-workspace-env-bug
fix/magic-link
fix/cookie-handler
HPS-OSS-1
staging
revert/auth-issue
feat/export-env
refactor/commons
reference/path-variables
orphan-pr/2243
feat/realtime-search
fix/save-override
refactor/strategies
feat/embeds
bug/withDefaults
feat/show-keys
refactor/toast
2026.3.1
2026.3.0
2026.2.1
2026.2.0
2026.1.1
2026.1.0
2025.12.1
2025.12.0
2025.11.2
2025.11.1
2025.11.0
2025.10.1
2025.10.0
2025.9.2
2025.9.1
2025.9.0
2025.8.1
2025.8.0
2025.7.1
2025.7.0
2025.6.1
2025.6.0
2025.5.4
2025.5.3
2025.5.2
2025.5.1
2025.5.0
2025.4.2
2025.4.1
2025.4.0
2025.3.2
2025.3.1
2025.3.0
2025.2.3
2025.2.2
2025.2.1
2025.2.0
2025.1.1
2025.1.0
2024.12.2
2024.12.1
2024.12.0
2024.11.0
2024.10.2
2024.10.1
2024.10.0
2024.9.3
2024.9.2
2024.9.1
2024.9.0
2024.8.3
2024.8.2
2024.8.1
2024.8.0
2024.7.2
2024.7.1
2024.7.0
2024.6.1
2024.6.0
2024.3.4
2024.3.3
2024.3.2
2024.3.1
2024.3.0
2023.12.6
2023.12.5
2023.12.4
2023.12.3
2023.12.2
2023.12.1
2023.12.0
2023.8.4
2023.8.3
2023.8.2
2023.8.1
2023.8.0
2023.4.8
2023.4.7
2023.4.6
2023.4.5
2023.4.4
2023.4.3
2023.4.2
2023.4.1
2023.4.0
v3.0.1
v3.0.0
v2.2.1
v2.2.0
v2.1.0
v2.0.0
v1.12.0
v1.10.0
v1.9.9
v1.9.7
v1.9.5
v1.9.0
v1.8.0
v1.5.0
v1.0.0
v0.1.0
Labels
Clear labels   
CodeDay

   
a11y

   
browser limited

   
bug

   
bug fix

   
cli

   
core

   
critical

   
design

   
desktop

   
discussion

   
docker

   
documentation

   
duplicate

   
enterprise

   
feature

   
feature

   
fosshack

   
future

   
good first issue

   
hacktoberfest

   
help wanted

   
i18n

   
invalid

   
major

   
minor

   
need information

   
need testing

   
not applicable to hoppscotch

   
not reproducible

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
resolved

   
sandbox

   
self-host

   
spam

   
stale

   
testmu

   
wip

   
wont fix
No labels
CodeDay
a11y
browser limited
bug
bug fix
cli
core
critical
design
desktop
discussion
docker
documentation
duplicate
enterprise
feature
feature
fosshack
future
good first issue
hacktoberfest
help wanted
i18n
invalid
major
minor
need information
need testing
not applicable to hoppscotch
not reproducible
pull-request
question
refactor
resolved
sandbox
self-host
spam
stale
testmu
wip
wont fix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hoppscotch#2190
No description provided.