Secure Configuration for Hiding Client ID and Client Secret in Swagger OAuth Configuration

[dsmabulage]

Content & configuration

Is your feature request related to a problem?

The issue is that sensitive information, such as the client ID and client secret, is exposed in the Swagger documentation. Although custom CSS can hide these elements from view, they can still be accessed through browser developer tools. This can pose a security risk, especially if sensitive credentials are inadvertently exposed to unauthorized third parties.

Describe the solution you'd like

I propose adding a configuration parameter to the Swagger setup in NestJS that allows for the complete and secure hiding of sensitive information such as client IDs and client secrets. This configuration would ensure that these credentials are hidden from view and the DOM, preventing any possibility of accessing them through developer tools. This could be achieved by:

Providing an option to disable the inclusion of sensitive information in the Swagger UI setup. Ensuring that credentials are not included in the Swagger documentation output, thus fully safeguarding them from unauthorized access.

Describe alternatives you've considered

Enhance the security of sensitive information in the Swagger documentation. By completely hiding client IDs and client secrets through a configuration parameter, developers can ensure that these credentials are not exposed to unauthorized users or third parties. This is crucial for protecting sensitive information and maintaining the security and integrity of the application