From f5f42454f796a0751dd6b33407be9307ed7a86a5 Mon Sep 17 00:00:00 2001
From: yaffir <97219715+yaffir@users.noreply.github.com>
Date: Wed, 3 Jun 2026 16:31:48 +0800
Subject: [PATCH] =?UTF-8?q?=E8=87=AA=E5=8A=A8=E5=B1=8F=E8=94=BD=20placehol?=
 =?UTF-8?q?der=20OAuth=20provider?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added a method to validate OAuth provider configurations based on client ID.

Signed-off-by: yaffir <97219715+yaffir@users.noreply.github.com>
---
 .../skillhub/service/AuthMethodCatalog.java       | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/server/skillhub-app/src/main/java/com/iflytek/skillhub/service/AuthMethodCatalog.java b/server/skillhub-app/src/main/java/com/iflytek/skillhub/service/AuthMethodCatalog.java
index 84324f18c..cc927801e 100644
--- a/server/skillhub-app/src/main/java/com/iflytek/skillhub/service/AuthMethodCatalog.java
+++ b/server/skillhub-app/src/main/java/com/iflytek/skillhub/service/AuthMethodCatalog.java
@@ -43,6 +43,7 @@ public AuthMethodCatalog(OAuth2ClientProperties oAuth2ClientProperties,
     public List<AuthProviderResponse> listOAuthProviders(String returnTo) {
         String sanitizedReturnTo = OAuthLoginRedirectSupport.sanitizeReturnTo(returnTo);
         return new ArrayList<>(oAuth2ClientProperties.getRegistration().entrySet().stream()
+            .filter(entry -> isValidOAuthProvider(entry.getValue()))
             .sorted(Comparator.comparing(entry -> entry.getKey()))
             .map(entry -> new AuthProviderResponse(
                 entry.getKey(),
@@ -54,6 +55,19 @@ public List<AuthProviderResponse> listOAuthProviders(String returnTo) {
             .toList());
     }
 
+    /**
+     * Check if an OAuth provider has valid configuration (non-empty client-id that is not a placeholder).
+     */
+    private boolean isValidOAuthProvider(OAuth2ClientProperties.Registration registration) {
+        String clientId = registration.getClientId();
+        if (clientId == null || clientId.isBlank()) {
+            return false;
+        }
+        // Filter out placeholder values used in dev/test configs
+        String lowerClientId = clientId.toLowerCase();
+        return !lowerClientId.contains("placeholder") && !lowerClientId.contains("local-placeholder");
+    }
+
     public List<AuthMethodResponse> listMethods(String returnTo) {
         String sanitizedReturnTo = OAuthLoginRedirectSupport.sanitizeReturnTo(returnTo);
         List<AuthMethodResponse> methods = new ArrayList<>();
@@ -67,6 +81,7 @@ public List<AuthMethodResponse> listMethods(String returnTo) {
         ));
 
         oAuth2ClientProperties.getRegistration().entrySet().stream()
+            .filter(entry -> isValidOAuthProvider(entry.getValue()))
             .sorted(Comparator.comparing(entry -> entry.getKey()))
             .forEach(entry -> methods.add(new AuthMethodResponse(
                 "oauth-" + entry.getKey(),