Skip to content

Incorporated product updates to pre-authentication secrets docs #8630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cwarnermm merged 4 commits into from
Jan 16, 2026
Merged

Incorporated product updates to pre-authentication secrets docs #8630

cwarnermm merged 4 commits into from
Jan 16, 2026

Conversation

@cwarnermm
Copy link
Member

@cwarnermm cwarnermm commented Jan 15, 2026

@cwarnermm cwarnermm requested a review from fmartingr January 15, 2026 19:50
@cwarnermm cwarnermm added 1: Dev Review Requires review by a core commiter Guidance labels Jan 15, 2026
@github-actions
Copy link

github-actions bot commented Jan 15, 2026

Newest code from mattermost has been published to preview environment for Git SHA 8b4aaad

fmartingr
fmartingr approved these changes Jan 16, 2026
View reviewed changes
source/deployment-guide/server/pre-authentication-secrets.rst Outdated
From Mattermost server v10.12 and mobile v2.32, Mattermost deployments can use a reverse proxy to validate authentication secrets before allowing desktop and mobile requests to reach the Mattermost server. This adds an additional security layer by checking for the ``X-Mattermost-Preauth-Secret`` header.

Pre-authentication secrets are only supported for mobile and desktop applications. Web browser clients don't support this feature.
Authentication secrets are only supported for mobile and desktop applications. Desktop automatically prompts users when a secret is required, while mobile users enter secrets in an Advanced Options section during server setup. Web browser clients don't support this feature.
Copy link
Contributor

@fmartingr fmartingr Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is somewhat true for mobile as well. In mobile, if you introduce the host and name, click connect, and the server returns the X-Reject-Reason as stated below, the mobile app will show the advanced options and the pre-auth secret field as required. Is not the same flow as the desktop version though.

@fmartingr fmartingr removed the 1: Dev Review Requires review by a core commiter label Jan 16, 2026
@github-actions
Copy link

github-actions bot commented Jan 16, 2026

Newest code from mattermost has been published to preview environment for Git SHA 93d713a

cwarnermm
cwarnermm commented Jan 16, 2026
View reviewed changes
@cwarnermm cwarnermm added the 3: Reviews Complete All reviewers have approved the pull request label Jan 16, 2026
@cwarnermm cwarnermm merged commit cdfabf4 into master Jan 16, 2026
4 checks passed
@cwarnermm cwarnermm deleted the edit-server-preauth-secret branch January 16, 2026 16:40
@github-actions
Copy link

github-actions bot commented Jan 16, 2026

Newest code from mattermost has been published to preview environment for Git SHA f5d7f00

@github-actions
Copy link

github-actions bot commented Jan 16, 2026

Newest code from mattermost has been published to preview environment for Git SHA 527e080

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fmartingr fmartingr fmartingr approved these changes

Assignees

No one assigned

Labels

3: Reviews Complete All reviewers have approved the pull request Guidance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cwarnermm @fmartingr