- 🇭🇺Hungary czigor
Just in case someone finds this useful. I put the client id and secret into config (since that's easy to override by environment) and used the following hook:
/** * Implements hook_ENTITY_TYPE_load(). */ function mymodule_consumer_load($entities): void { /** @var \Drupal\consumers\Entity\ConsumerInterface $consumer */ foreach ($entities as $consumer) { if ($consumer->uuid() !== SomeClass::UUID_CONSTANT) { continue; } $config = \Drupal::config('mymodule.settings'); if ($config->get('oauth_client_id')) { $consumer->set('client_id', $config->get('oauth_client_id')); } if ($config->get('oauth_client_secret')) { $hash = \Drupal::service('password')->hash(trim($config->get('oauth_client_secret'))); $consumer->set('secret', $hash); } } } - 🇬🇧United Kingdom jefflogan
Unfortunately, I wasn't able to get the overriding of the consumer settings working from comment #8 for 2 reasons.
Firstly when updating the 'secret', the BaseFieldDefinition provided by the simple_oauth is a password field type. Therefore the password hashing is handled on saving the consumer (ie by using
$consumer->set('secret', 'plain_text_secret');).Secondly, the secret was updated on each entity load, meaning a new hash was generated... which caused my client_credentials authentication to fail.
However, it steered me in the right direction. I created a drush command to implement the above, which I run whenever I copy 'Live' back to a 'Pre-production' site.