fix(oauth): remove 8-character minimum on client secret

[nuthalapativarun]

Summary

Fixes #1723

The OAuth spec recommends client secrets of at least 8 characters for security, but does not mandate it. Some identity providers issue shorter secrets that users cannot control.

The validation in use-server-form.ts was enforcing a hard minimum of 8 characters:

// Before
if (value && value.length < 8) {
  return "Client Secret must be at least 8 characters if provided";
}

Changed to only reject empty strings (the field is already optional — if provided it must be non-empty):

// After
if (value && value.length < 1) {
  return "Client Secret cannot be empty if provided";
}

Testing

1. Open Add Server → Authentication → OAuth → Advanced → Enable "Use custom OAuth credentials"
2. Enter a short secret (e.g. banana, 6 chars)
3. Confirm the form saves without the validation error

All 3 existing use-server-form tests pass.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[chelojimenez]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b2d3fd75-d6e7-40fa-b031-064b4c94b60e

📥 Commits

Reviewing files that changed from the base of the PR and between 19dff89 and 1190220.

📒 Files selected for processing (1)

• mcpjam-inspector/client/src/components/connection/hooks/use-server-form.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• mcpjam-inspector/client/src/components/connection/hooks/use-server-form.ts

---

Walkthrough

Client secret validation in the server form hook was relaxed: the validator no longer enforces a minimum length and now only rejects secrets that are explicitly empty or whitespace (trimmed to ""). For any non-empty provided secret the validator returns null. This change is limited to internal validation logic and does not alter the hook's exported API or other form behavior.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@mcpjam-inspector/client/src/components/connection/hooks/use-server-form.ts`:
- Around line 216-221: The guard in validateClientSecret is unreachable because
`value && value.length < 1` can never be true for strings; either remove the
dead branch and return null explicitly, or better: mirror validateClientId and
defensively trim the input to catch whitespace-only secrets (e.g., treat
value.trim().length === 0 as empty) and return "Client Secret cannot be empty if
provided"; keep references to validateClientSecret (and callers
AddServerModal.tsx and ServerDetailModal.tsx) when making this change so
validation behavior remains consistent with server-side
z.string().trim().min(1).optional().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1a09290e-940c-439b-ba43-fef913a7f498

📥 Commits

Reviewing files that changed from the base of the PR and between 934c606 and 19dff89.

📒 Files selected for processing (1)

• mcpjam-inspector/client/src/components/connection/hooks/use-server-form.ts