Dear Apache APISIX Community, Currently, the openid-connect plugin generates a random value for `conf.session.secret` in the `check_schema` function when both conditions: "`conf.bearer_only` is false" and "`conf.session` does not exist" are met.
I believe this generation behavior should be removed. Here are several reasons: 1. We should not populate values in `check_schema`. It's best for `check_schema` to only handle validation. 2. Modifying the user-provided configuration can easily lead to user confusion, which is clearly not best practice. 3. This also affects the diff logic in the adc that the apisix ingress controller depends on. To solve this problem, I will remove the corresponding code and instead return an error message, requiring users to fill in the corresponding configuration themselves. I’d love to hear the community’s thoughts on this direction. Looking forward to your feedback and discussion. Thanks, Young, Apache APISIX Committer
