I have a Websphere Liberty server with the following server.xml:
<managedThreadFactory jndiName="concurrent/threadFactory" maxPriority="5" />
<openidConnectClient id="AppID"
inboundPropagation="required"
clientId="${APPID_CLIENT_ID}"
clientSecret="${APPID_CLIENT_SECRET}"
authorizationEndpointUrl="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}/authorization"
tokenEndpointUrl="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}/token"
jwkEndpointUrl="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}/publickeys"
issuerIdentifier="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}"
tokenEndpointAuthMethod="basic"
signatureAlgorithm="none"
trustAliasName="${APPID_HOST}"
trustStoreRef="appidtruststore"
audiences="${APPID_CLIENT_ID}" />
Is it possible to read the decrypted value for clientSecret="${APPID_CLIENT_SECRET}" programmatically from within the Java application code?
It depends how the value is encoded. If it is encrypted, by definition there is no way to easily decrypt it (otherwise it would defeat the purpose of encryption).
If you are just doing a reversible encoding (e.g. XOR or AES) you can decrypt it using a Liberty feature.
First, make sure you have the following feature enabled in server.xml:
<feature>passwordUtilities-1.0</feature>
Then, you can use the com.ibm.websphere.crypto.PasswordUtil API to decode it the value like this:
String rawValue = // get from System properties or env var
String decodedValue = PasswordUtil.decode(rawValue);