From 73a687376a8a566c5a64370c0ad4e752fafd4e4e Mon Sep 17 00:00:00 2001
From: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
Date: Thu, 29 Sep 2022 15:44:17 -0700
Subject: [PATCH] Fix IDP not having same salt/passphrase across pods (#2346)

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
---
 pkg/auth/idp/oauth2/config.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/pkg/auth/idp/oauth2/config.go b/pkg/auth/idp/oauth2/config.go
index 8dbe01aa7..5a769cc4b 100644
--- a/pkg/auth/idp/oauth2/config.go
+++ b/pkg/auth/idp/oauth2/config.go
@@ -22,7 +22,7 @@ import (
 	"crypto/sha1"
 	"strings"
 
-	"github.com/minio/console/pkg/auth/utils"
+	"github.com/minio/console/pkg/auth/token"
 	"github.com/minio/pkg/env"
 	"golang.org/x/crypto/pbkdf2"
 )
@@ -86,18 +86,14 @@ func IsIDPEnabled() bool {
 		GetIDPClientID() != ""
 }
 
-var defaultPassphraseForIDPHmac = utils.RandomCharString(64)
-
 // GetPassphraseForIDPHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
 func getPassphraseForIDPHmac() string {
-	return env.Get(ConsoleIDPHmacPassphrase, defaultPassphraseForIDPHmac)
+	return env.Get(ConsoleIDPHmacPassphrase, token.GetPBKDFPassphrase())
 }
 
-var defaultSaltForIDPHmac = utils.RandomCharString(64)
-
 // GetSaltForIDPHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
 func getSaltForIDPHmac() string {
-	return env.Get(ConsoleIDPHmacSalt, defaultSaltForIDPHmac)
+	return env.Get(ConsoleIDPHmacSalt, token.GetPBKDFSalt())
 }
 
 // getIDPScopes return default scopes during the IDP login request