Contrib.social

Consumer secrets should be rehashed on Drupal 10.1.x

Open on Drupal.org β†’
Created on 2 November 2023, 8 months ago

Problem/Motivation

Password hashing has changed in Drupal 10.1, see change request https://www.drupal.org/node/3322420 β†’
As long as the compatibility module is installed, this works fine. The CR also mentions that password hashes are recreated the first time an user logs in.

AFAICS this should happen for consumers as well, when they log in via oauth.
Currently that is not the case yet https://git.drupalcode.org/project/simple_oauth/-/blob/6.0.x/src/Reposit...

Proposed resolution

Update hash of client secret when needed during client validation (cfr user auth).

πŸ“Œ Task
Status

Active

Version

6.0

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium ducktape

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024