Move consumer secret input to dialog on Try Out page

[mehara-rothila]

Purpose

When multiple client secrets are enabled, the consumer secret field was displayed inline on the DevPortal Try Out page, cluttering the UI.

• Fixes UI improvements in Try It page in Developer Portal api-manager#4809

Approach

Moved the consumer secret input into a popup dialog (MUI Dialog) that opens when clicking GET TEST KEY, consistent with existing patterns (e.g., NewSecretDialog).

• Replaced inline TextField with Dialog component
• GET TEST KEY opens dialog instead of requiring pre-filled secret
• Cancel and Generate buttons with empty-field validation
• Updated tooltip hint text
• No changes to API Key, single secret OAuth, or Basic auth flows

File changed: portals/devportal/.../Shared/ApiTryOut/TryOutController.jsx (89 insertions, 55 deletions)

Summary by CodeRabbit

• New Features

  • Replaced inline consumer-secret input with a modal dialog for OAuth test key generation; dialog now prompts when a secret is required.
  • Generate action enforces a non-empty secret and clears secret/visibility on cancel or after generation.

• Bug Fixes

  • "GET TEST KEY" no longer disabled solely for missing secret—now disabled only by prerequisites or ongoing updates and opens the dialog when needed.
  • Tooltip/help text and label casing for the test key updated.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

mehara-rothila seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Moved the inline consumer-secret input into a modal dialog gated by secretDialogOpen. "GET TEST KEY" opens the dialog when a consumer secret is required; the dialog validates input and passes secretOverride to generateAccessToken, which falls back to the existing consumerSecret.

Changes

Cohort / File(s)

Summary

TryOut controller & UI portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx

Replaced inline consumer-secret TextField with a MUI Dialog controlled by secretDialogOpen. generateAccessToken now accepts an optional secretOverride and uses it when provided. "GET TEST KEY" opens the dialog when a secret is required; button disabling now depends only on general prerequisites and isUpdating. Updated tooltip/ARIA/help text casing and dialog validation to require non-empty trimmed secret for Generate. Removed previous enable/disable logic tied to trimmed consumerSecret presence.

Sequence Diagram

sequenceDiagram
    participant User
    participant TryOut as TryOutController
    participant Dialog as ConsumerSecretDialog
    participant Service as TokenService

    User->>TryOut: Click "GET TEST KEY"
    alt isConsumerSecretRequired
        TryOut->>Dialog: open (secretDialogOpen = true)
        Dialog->>User: prompt for secret
        User->>Dialog: enter secret & click "Generate"
        Dialog->>TryOut: generateAccessToken(secretOverride)
        TryOut->>Service: application.generateToken(secretOverride)
        Service-->>TryOut: return access token
        TryOut->>Dialog: close
        TryOut->>User: show token
    else
        TryOut->>Service: generateAccessToken()
        Service-->>TryOut: return access token
        TryOut->>User: show token
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I tuck the secret in a cozy, quiet nook,
A click, a prompt — no textbox on the book.
Type the secret, press Generate with delight,
Token hops out, modal closes — goodnight.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: moving the consumer secret input field to a dialog on the Try Out page, which is the primary objective of this PR.
Linked Issues check	✅ Passed	The code changes fully implement the requirements from issue #4809: removed inline consumer secret field, moved secret input to a dialog triggered by GET TEST KEY, added validation and Generate/Cancel actions.
Out of Scope Changes check	✅ Passed	All changes are scoped to the consumer secret input refactoring specified in issue #4809; no unrelated modifications to API Key, Basic auth, or other functionality were introduced.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx (2)

617-618: Consider removing dead code.

Since enableGetTestKeyButton is now always true, the !enableGetTestKeyButton condition at line 998 is always false and effectively dead code. Consider either:

1. Removing the enableGetTestKeyButton variable and the condition at line 998
2. Or keeping it as a placeholder if there's intent to add conditional logic later

♻️ Suggested cleanup

-    // Consumer secret is now collected via dialog, so GET TEST KEY is always enabled.
-    const enableGetTestKeyButton = true;

And at line 998:

                                            || (!ksGenerated && securitySchemeType === 'OAUTH')
-                                                    || !enableGetTestKeyButton}
+                                            }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx`
around lines 617 - 618, The constant enableGetTestKeyButton is always true,
making the !enableGetTestKeyButton branch dead code; remove the unused constant
declaration (enableGetTestKeyButton) and delete the conditional block that
checks !enableGetTestKeyButton in TryOutController.jsx (or, if you intend to
keep a toggle placeholder, retain the constant but remove or comment out the
unreachable !enableGetTestKeyButton branch so there is no dead code).

---

862-874: Consider clearing the consumer secret after successful token generation.

After the dialog closes and token generation is triggered, the consumerSecret remains in component state. For improved security hygiene, consider clearing the sensitive secret after it's been used.

🛡️ Suggested fix

                                 <Button
                                     variant='contained'
                                     onClick={() => {
                                         setSecretDialogOpen(false);
-                                        generateAccessToken(consumerSecret);
+                                        const secretValue = consumerSecret;
+                                        setConsumerSecret('');
+                                        generateAccessToken(secretValue);
                                     }}
                                     disabled={!consumerSecret?.trim()}
                                 >

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx`
around lines 862 - 874, After generating the token, clear the stored consumer
secret from state to avoid leaving sensitive data in memory: update the onClick
handler on the Button that currently calls setSecretDialogOpen(false) and
generateAccessToken(consumerSecret) so that after generateAccessToken completes
successfully you also call setConsumerSecret('') (e.g., await
generateAccessToken(consumerSecret) or use .then(...)) while still closing the
dialog with setSecretDialogOpen(false); ensure you only clear consumerSecret on
successful generation rather than on failure.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx`:
- Around line 617-618: The constant enableGetTestKeyButton is always true,
making the !enableGetTestKeyButton branch dead code; remove the unused constant
declaration (enableGetTestKeyButton) and delete the conditional block that
checks !enableGetTestKeyButton in TryOutController.jsx (or, if you intend to
keep a toggle placeholder, retain the constant but remove or comment out the
unreachable !enableGetTestKeyButton branch so there is no dead code).
- Around line 862-874: After generating the token, clear the stored consumer
secret from state to avoid leaving sensitive data in memory: update the onClick
handler on the Button that currently calls setSecretDialogOpen(false) and
generateAccessToken(consumerSecret) so that after generateAccessToken completes
successfully you also call setConsumerSecret('') (e.g., await
generateAccessToken(consumerSecret) or use .then(...)) while still closing the
dialog with setSecretDialogOpen(false); ensure you only clear consumerSecret on
successful generation rather than on failure.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3df48390-c3f0-46bd-9b40-fcef63034268

📥 Commits

Reviewing files that changed from the base of the PR and between 7478e5a and 057815c.

📒 Files selected for processing (1)

• portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx

[Copilot]

Pull request overview

Moves the OAuth consumer secret input (when multiple client secrets are enabled) from an inline field into a modal dialog opened via GET TEST KEY, reducing Try Out page UI clutter and aligning with existing dialog patterns.

Changes:

• Introduces an MUI Dialog to collect the consumer secret only when needed (multiple-secrets OAuth).
• Updates generateAccessToken to accept an optional secret override.
• Adjusts UI hints/tooltips and keeps GET TEST KEY enabled, gating “Generate” on non-empty secret.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx`:
- Around line 799-801: The Dialog onClose handlers (e.g., the Dialog using
secretDialogOpen) only clear consumerSecret but neglect to reset the plaintext
toggle; update each onClose callback in TryOutController.jsx (all Dialog
instances that use secretDialogOpen / another dialog state) to also call
setShowSecret(false) so showSecret is reset whenever the dialog is dismissed
(e.g., change onClose={() => { setSecretDialogOpen(false);
setConsumerSecret(''); }} to include setShowSecret(false)). Ensure you apply the
same change to the other Dialog onClose handlers referenced (around the other
occurrences).
- Around line 862-870: The Generate buttons can fire concurrent token requests
because they're not gated by the loading flag; update the dialog's Generate
button and the page-level "GET TEST KEY" button to also be disabled when
isUpdating is true (e.g., change disabled={!consumerSecret?.trim()} to
disabled={isUpdating || !consumerSecret?.trim()} and add disabled={isUpdating}
to the GET TEST KEY button), and add a fast-guard inside
generateAccessToken(token) to return early if isUpdating is true to prevent
starting a second request while one is in progress; reference the
generateAccessToken function, the isUpdating state, and the
consumerSecret/setConsumerSecret handlers when making these changes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5b090649-2c70-4f22-92b8-3cc58441f0cc

📥 Commits

Reviewing files that changed from the base of the PR and between 2065ea7 and cec66be.

📒 Files selected for processing (1)

• portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (1)

portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx (1)

617-617: Minor: Consider clarifying the comment.

The comment states GET TEST KEY is "always enabled," but the button still has disable conditions (no user, no subscriptions, keys not generated, isUpdating). Consider rephrasing to clarify that consumer secret is no longer a prerequisite for enabling the button.

📝 Suggested clarification

-    // Consumer secret is now collected via dialog, so GET TEST KEY is always enabled.
+    // Consumer secret is now collected via dialog, so it no longer gates the GET TEST KEY button.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx`
at line 617, Update the inline comment in TryOutController.jsx that reads "//
Consumer secret is now collected via dialog, so GET TEST KEY is always enabled."
to clarify that the consumer secret is no longer a prerequisite for enabling the
"GET TEST KEY" button but other disable conditions (e.g., no user, no
subscriptions, keys not generated, or isUpdating) still apply; locate the
comment immediately before the GET TEST KEY enable/disable logic in the
TryOutController component and rephrase it to reflect those remaining
conditions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx`:
- Line 617: Update the inline comment in TryOutController.jsx that reads "//
Consumer secret is now collected via dialog, so GET TEST KEY is always enabled."
to clarify that the consumer secret is no longer a prerequisite for enabling the
"GET TEST KEY" button but other disable conditions (e.g., no user, no
subscriptions, keys not generated, or isUpdating) still apply; locate the
comment immediately before the GET TEST KEY enable/disable logic in the
TryOutController component and rephrase it to reflect those remaining
conditions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7f3d21dc-3a32-4a9d-86e4-a71a2051b234

📥 Commits

Reviewing files that changed from the base of the PR and between 77276ae and 46fb829.

📒 Files selected for processing (1)

• portals/devportal/src/main/webapp/source/src/app/components/Shared/ApiTryOut/TryOutController.jsx