180 files changed, 1032 insertions, 1346 deletions

diff --git a/apps/oauth2/.l10nignore b/apps/oauth2/.l10nignore
index 0844b0dde59..4b3060dbc2c 100644
--- a/apps/oauth2/.l10nignore
+++ b/apps/oauth2/.l10nignore
@@ -1,2 +1,4 @@
+# SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
 # compiled vue templates
 js/
diff --git a/apps/oauth2/appinfo/info.xml b/apps/oauth2/appinfo/info.xml
index 3a04799fbc7..6ab30292ab0 100644
--- a/apps/oauth2/appinfo/info.xml
+++ b/apps/oauth2/appinfo/info.xml
@@ -1,11 +1,15 @@
 <?xml version="1.0"?>
+<!--
+  - SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+  - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
 <info xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
 	  xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
 	<id>oauth2</id>
 	<name>OAuth 2.0</name>
 	<summary>Allows OAuth2 compatible authentication from other web applications.</summary>
 	<description>The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications.</description>
-	<version>1.18.0</version>
+	<version>1.20.0</version>
 	<licence>agpl</licence>
 	<author>Lukas Reschke</author>
 	<namespace>OAuth2</namespace>
@@ -16,7 +20,7 @@
 	<category>integration</category>
 	<bugs>https://github.com/nextcloud/server/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="30" max-version="30"/>
+		<nextcloud min-version="32" max-version="32"/>
 	</dependencies>
 
 	<background-jobs>
@@ -29,6 +33,10 @@
 		</post-migration>
 	</repair-steps>
 
+	<commands>
+		<command>OCA\OAuth2\Command\ImportLegacyOcClient</command>
+	</commands>
+
 	<settings>
 		<admin>OCA\OAuth2\Settings\Admin</admin>
 	</settings>
diff --git a/apps/oauth2/appinfo/routes.php b/apps/oauth2/appinfo/routes.php
index 4ba398e1343..b34aff05552 100644
--- a/apps/oauth2/appinfo/routes.php
+++ b/apps/oauth2/appinfo/routes.php
@@ -1,25 +1,8 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 return [
 	'routes' => [
diff --git a/apps/oauth2/composer/composer/autoload_classmap.php b/apps/oauth2/composer/composer/autoload_classmap.php
index 536342c0751..f5fc5bfe251 100644
--- a/apps/oauth2/composer/composer/autoload_classmap.php
+++ b/apps/oauth2/composer/composer/autoload_classmap.php
@@ -8,6 +8,7 @@ $baseDir = $vendorDir;
 return array(
     'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
     'OCA\\OAuth2\\BackgroundJob\\CleanupExpiredAuthorizationCode' => $baseDir . '/../lib/BackgroundJob/CleanupExpiredAuthorizationCode.php',
+    'OCA\\OAuth2\\Command\\ImportLegacyOcClient' => $baseDir . '/../lib/Command/ImportLegacyOcClient.php',
     'OCA\\OAuth2\\Controller\\LoginRedirectorController' => $baseDir . '/../lib/Controller/LoginRedirectorController.php',
     'OCA\\OAuth2\\Controller\\OauthApiController' => $baseDir . '/../lib/Controller/OauthApiController.php',
     'OCA\\OAuth2\\Controller\\SettingsController' => $baseDir . '/../lib/Controller/SettingsController.php',
@@ -23,5 +24,6 @@ return array(
     'OCA\\OAuth2\\Migration\\Version011601Date20230522143227' => $baseDir . '/../lib/Migration/Version011601Date20230522143227.php',
     'OCA\\OAuth2\\Migration\\Version011602Date20230613160650' => $baseDir . '/../lib/Migration/Version011602Date20230613160650.php',
     'OCA\\OAuth2\\Migration\\Version011603Date20230620111039' => $baseDir . '/../lib/Migration/Version011603Date20230620111039.php',
+    'OCA\\OAuth2\\Migration\\Version011901Date20240829164356' => $baseDir . '/../lib/Migration/Version011901Date20240829164356.php',
     'OCA\\OAuth2\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php',
 );
diff --git a/apps/oauth2/composer/composer/autoload_static.php b/apps/oauth2/composer/composer/autoload_static.php
index 1dc659778a3..c4843fa1990 100644
--- a/apps/oauth2/composer/composer/autoload_static.php
+++ b/apps/oauth2/composer/composer/autoload_static.php
@@ -23,6 +23,7 @@ class ComposerStaticInitOAuth2
     public static $classMap = array (
         'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
         'OCA\\OAuth2\\BackgroundJob\\CleanupExpiredAuthorizationCode' => __DIR__ . '/..' . '/../lib/BackgroundJob/CleanupExpiredAuthorizationCode.php',
+        'OCA\\OAuth2\\Command\\ImportLegacyOcClient' => __DIR__ . '/..' . '/../lib/Command/ImportLegacyOcClient.php',
         'OCA\\OAuth2\\Controller\\LoginRedirectorController' => __DIR__ . '/..' . '/../lib/Controller/LoginRedirectorController.php',
         'OCA\\OAuth2\\Controller\\OauthApiController' => __DIR__ . '/..' . '/../lib/Controller/OauthApiController.php',
         'OCA\\OAuth2\\Controller\\SettingsController' => __DIR__ . '/..' . '/../lib/Controller/SettingsController.php',
@@ -38,6 +39,7 @@ class ComposerStaticInitOAuth2
         'OCA\\OAuth2\\Migration\\Version011601Date20230522143227' => __DIR__ . '/..' . '/../lib/Migration/Version011601Date20230522143227.php',
         'OCA\\OAuth2\\Migration\\Version011602Date20230613160650' => __DIR__ . '/..' . '/../lib/Migration/Version011602Date20230613160650.php',
         'OCA\\OAuth2\\Migration\\Version011603Date20230620111039' => __DIR__ . '/..' . '/../lib/Migration/Version011603Date20230620111039.php',
+        'OCA\\OAuth2\\Migration\\Version011901Date20240829164356' => __DIR__ . '/..' . '/../lib/Migration/Version011901Date20240829164356.php',
         'OCA\\OAuth2\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php',
     );
 
diff --git a/apps/oauth2/l10n/af.js b/apps/oauth2/l10n/af.js
deleted file mode 100644
index 5cc8e882b18..00000000000
--- a/apps/oauth2/l10n/af.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0" : "OAuth 2.0",
-    "OAuth 2.0 clients" : "OAuth 2.0-kliënte",
-    "Name" : "Naam",
-    "Redirection URI" : "Herverwysings-URI",
-    "Client Identifier" : "Kliëntidentifiseerder",
-    "Add client" : "Voeg kliënt toe",
-    "Add" : "Voeg toe",
-    "Delete" : "Skrap",
-    "Secret" : "Geheim"
-},
-"nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/af.json b/apps/oauth2/l10n/af.json
deleted file mode 100644
index 0787ce6b6d0..00000000000
--- a/apps/oauth2/l10n/af.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0" : "OAuth 2.0",
-    "OAuth 2.0 clients" : "OAuth 2.0-kliënte",
-    "Name" : "Naam",
-    "Redirection URI" : "Herverwysings-URI",
-    "Client Identifier" : "Kliëntidentifiseerder",
-    "Add client" : "Voeg kliënt toe",
-    "Add" : "Voeg toe",
-    "Delete" : "Skrap",
-    "Secret" : "Geheim"
-},"pluralForm" :"nplurals=2; plural=(n != 1);"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ar.js b/apps/oauth2/l10n/ar.js
index 11c2b2c9d64..0ccccefa3b1 100644
--- a/apps/oauth2/l10n/ar.js
+++ b/apps/oauth2/l10n/ar.js
@@ -1,23 +1,23 @@
 OC.L10N.register(
     "oauth2",
     {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "عميلك ليس مُخوّلاً بالربط. رجاءً، أبلغ مشرفك.",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "عميلك ليس مُخوّلاً بالربط. رجاءً، أبلغ مسؤول النظام.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "عنوان URL المُعاد توجيهه يجب أن يكون عنواناً كاملاً كما في المثال التالي:  https://yourdomain.com/path",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "يسمح بالتحقّق من الهويّة عن طريق تطبيقات وب أخرى متوافقة مع OAuth2.",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "التطبيق OAuth2 يسمح للمشرفين بتهيئة الأجراء الأساسي للتحقّق من الهويّةبحيث يسمح بالتحقّق من الهويّة عن طريق تطبيقات وب أخرى متوافقة مع OAuth2.",
-    "OAuth 2.0 clients" : "عملاء OAuth2,0",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "التطبيق OAuth2 يسمح لمسؤولي النظام بتهيئة الإجراء الأساسي للتحقّق من الهويّةبحيث يسمح بالتحقّق من الهويّة عن طريق تطبيقات ويب أخرى متوافقة مع OAuth2.",
+    "OAuth 2.0 clients" : "عملاء OAuth2.0",
     "OAuth 2.0 allows external services to request access to {instanceName}." : "يسمح OAuth2.0 لخدمات خارجية بطلب الوصول إلى {instanceName}",
     "Name" : "الاسم",
     "Redirection URI" : "رابط إعادة التوجيه",
     "Client Identifier" : "مُعرِّف العميل",
     "Secret key" : "المفتاح السّرّي",
     "Delete client" : "حذف عميل ",
+    "Make sure you store the secret key, it cannot be recovered." : "تأكد من تخزين المفتاح السري، إذ أنه لا يمكن استعادته.",
     "Add client" : "إضافة عميل",
     "Add" : "إضافة",
-    "Delete" : "حذف",
     "Show client secret" : "عرض كلمة سر العميل",
     "Hide client secret" : "إخْفِ سِرَّ العميل",
-    "Secret" : "السر"
+    "Delete" : "حذف"
 },
 "nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;");
diff --git a/apps/oauth2/l10n/ar.json b/apps/oauth2/l10n/ar.json
index 353e643c58e..a7ea13b979f 100644
--- a/apps/oauth2/l10n/ar.json
+++ b/apps/oauth2/l10n/ar.json
@@ -1,21 +1,21 @@
 { "translations": {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "عميلك ليس مُخوّلاً بالربط. رجاءً، أبلغ مشرفك.",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "عميلك ليس مُخوّلاً بالربط. رجاءً، أبلغ مسؤول النظام.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "عنوان URL المُعاد توجيهه يجب أن يكون عنواناً كاملاً كما في المثال التالي:  https://yourdomain.com/path",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "يسمح بالتحقّق من الهويّة عن طريق تطبيقات وب أخرى متوافقة مع OAuth2.",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "التطبيق OAuth2 يسمح للمشرفين بتهيئة الأجراء الأساسي للتحقّق من الهويّةبحيث يسمح بالتحقّق من الهويّة عن طريق تطبيقات وب أخرى متوافقة مع OAuth2.",
-    "OAuth 2.0 clients" : "عملاء OAuth2,0",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "التطبيق OAuth2 يسمح لمسؤولي النظام بتهيئة الإجراء الأساسي للتحقّق من الهويّةبحيث يسمح بالتحقّق من الهويّة عن طريق تطبيقات ويب أخرى متوافقة مع OAuth2.",
+    "OAuth 2.0 clients" : "عملاء OAuth2.0",
     "OAuth 2.0 allows external services to request access to {instanceName}." : "يسمح OAuth2.0 لخدمات خارجية بطلب الوصول إلى {instanceName}",
     "Name" : "الاسم",
     "Redirection URI" : "رابط إعادة التوجيه",
     "Client Identifier" : "مُعرِّف العميل",
     "Secret key" : "المفتاح السّرّي",
     "Delete client" : "حذف عميل ",
+    "Make sure you store the secret key, it cannot be recovered." : "تأكد من تخزين المفتاح السري، إذ أنه لا يمكن استعادته.",
     "Add client" : "إضافة عميل",
     "Add" : "إضافة",
-    "Delete" : "حذف",
     "Show client secret" : "عرض كلمة سر العميل",
     "Hide client secret" : "إخْفِ سِرَّ العميل",
-    "Secret" : "السر"
+    "Delete" : "حذف"
 },"pluralForm" :"nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ast.js b/apps/oauth2/l10n/ast.js
index 04403879f6f..5a71f29b226 100644
--- a/apps/oauth2/l10n/ast.js
+++ b/apps/oauth2/l10n/ast.js
@@ -4,7 +4,10 @@ OC.L10N.register(
     "Your client is not authorized to connect. Please inform the administrator of your client." : "El veceru nun tien autorización pa conectase. Informa al alministrador de l'aplicación.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "La URL de redireición tien de ser una URL completa, por exemplu: https://dominiu.com/camin",
     "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Permite l'autenticación compatible con OAuth2 dende otres aplicaciones web.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "L'aplicación OAuth2 permite a l'alministración configurar el fluxu de trabayu d'autenticación integráu pa que tamién permita l'autenticación compatible con OAuth2 dende otres aplicaciones web.",
     "OAuth 2.0 clients" : "Veceros d'OAuth 2.0",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 permite que los servicios esternos soliciten l'accesu a «{instanceName}».",
     "Name" : "Nome",
     "Redirection URI" : "URI de redireición",
     "Client Identifier" : "Identificador del veceru",
@@ -12,9 +15,8 @@ OC.L10N.register(
     "Delete client" : "Desaniciar el veceru",
     "Add client" : "Amestar el veceru",
     "Add" : "Amestar",
-    "Delete" : "Desaniciar",
     "Show client secret" : "Amosar el secretu del veceru",
     "Hide client secret" : "Anubrir el secretu del veceru",
-    "Secret" : "Secretu"
+    "Delete" : "Desaniciar"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/ast.json b/apps/oauth2/l10n/ast.json
index a5f8c3fb8d2..07995fc9268 100644
--- a/apps/oauth2/l10n/ast.json
+++ b/apps/oauth2/l10n/ast.json
@@ -2,7 +2,10 @@
     "Your client is not authorized to connect. Please inform the administrator of your client." : "El veceru nun tien autorización pa conectase. Informa al alministrador de l'aplicación.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "La URL de redireición tien de ser una URL completa, por exemplu: https://dominiu.com/camin",
     "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Permite l'autenticación compatible con OAuth2 dende otres aplicaciones web.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "L'aplicación OAuth2 permite a l'alministración configurar el fluxu de trabayu d'autenticación integráu pa que tamién permita l'autenticación compatible con OAuth2 dende otres aplicaciones web.",
     "OAuth 2.0 clients" : "Veceros d'OAuth 2.0",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 permite que los servicios esternos soliciten l'accesu a «{instanceName}».",
     "Name" : "Nome",
     "Redirection URI" : "URI de redireición",
     "Client Identifier" : "Identificador del veceru",
@@ -10,9 +13,8 @@
     "Delete client" : "Desaniciar el veceru",
     "Add client" : "Amestar el veceru",
     "Add" : "Amestar",
-    "Delete" : "Desaniciar",
     "Show client secret" : "Amosar el secretu del veceru",
     "Hide client secret" : "Anubrir el secretu del veceru",
-    "Secret" : "Secretu"
+    "Delete" : "Desaniciar"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/bg.js b/apps/oauth2/l10n/bg.js
index c576ca354d4..c5bdfa109f5 100644
--- a/apps/oauth2/l10n/bg.js
+++ b/apps/oauth2/l10n/bg.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Секретен ключ",
     "Add client" : "Добавяне на клиент",
     "Add" : "Добавяне",
-    "Delete" : "Изтриване",
     "Show client secret" : "Покажете тайната на клиента",
-    "Secret" : "Тайна"
+    "Delete" : "Изтриване"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/bg.json b/apps/oauth2/l10n/bg.json
index e2553f866d0..5a11b54b85b 100644
--- a/apps/oauth2/l10n/bg.json
+++ b/apps/oauth2/l10n/bg.json
@@ -12,8 +12,7 @@
     "Secret key" : "Секретен ключ",
     "Add client" : "Добавяне на клиент",
     "Add" : "Добавяне",
-    "Delete" : "Изтриване",
     "Show client secret" : "Покажете тайната на клиента",
-    "Secret" : "Тайна"
+    "Delete" : "Изтриване"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/br.js b/apps/oauth2/l10n/br.js
index c5c550cca10..d04244a3353 100644
--- a/apps/oauth2/l10n/br.js
+++ b/apps/oauth2/l10n/br.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Alc'hwez sekred",
     "Add client" : "Ouzhoennañ kliant",
     "Add" : "Ouzhpennañ",
-    "Delete" : "Dilemel",
     "Show client secret" : "Diskouez sekret ar kliant",
-    "Secret" : "Sekret"
+    "Delete" : "Dilemel"
 },
 "nplurals=5; plural=((n%10 == 1) && (n%100 != 11) && (n%100 !=71) && (n%100 !=91) ? 0 :(n%10 == 2) && (n%100 != 12) && (n%100 !=72) && (n%100 !=92) ? 1 :(n%10 ==3 || n%10==4 || n%10==9) && (n%100 < 10 || n% 100 > 19) && (n%100 < 70 || n%100 > 79) && (n%100 < 90 || n%100 > 99) ? 2 :(n != 0 && n % 1000000 == 0) ? 3 : 4);");
diff --git a/apps/oauth2/l10n/br.json b/apps/oauth2/l10n/br.json
index d15567e0e30..f55e5b3f1ac 100644
--- a/apps/oauth2/l10n/br.json
+++ b/apps/oauth2/l10n/br.json
@@ -12,8 +12,7 @@
     "Secret key" : "Alc'hwez sekred",
     "Add client" : "Ouzhoennañ kliant",
     "Add" : "Ouzhpennañ",
-    "Delete" : "Dilemel",
     "Show client secret" : "Diskouez sekret ar kliant",
-    "Secret" : "Sekret"
+    "Delete" : "Dilemel"
 },"pluralForm" :"nplurals=5; plural=((n%10 == 1) && (n%100 != 11) && (n%100 !=71) && (n%100 !=91) ? 0 :(n%10 == 2) && (n%100 != 12) && (n%100 !=72) && (n%100 !=92) ? 1 :(n%10 ==3 || n%10==4 || n%10==9) && (n%100 < 10 || n% 100 > 19) && (n%100 < 70 || n%100 > 79) && (n%100 < 90 || n%100 > 99) ? 2 :(n != 0 && n % 1000000 == 0) ? 3 : 4);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ca.js b/apps/oauth2/l10n/ca.js
index 40df85354af..cb74993c9fd 100644
--- a/apps/oauth2/l10n/ca.js
+++ b/apps/oauth2/l10n/ca.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identificador del client",
     "Secret key" : "Clau secreta",
     "Delete client" : "Suprimeix el client",
+    "Make sure you store the secret key, it cannot be recovered." : "Assegureu-vos d'emmagatzemar la clau secreta, no es pot recuperar.",
     "Add client" : "Afegeix un client",
     "Add" : "Afegeix",
-    "Delete" : "Suprimeix",
     "Show client secret" : "Mostra el secret del client",
     "Hide client secret" : "Amaga el secret del client",
-    "Secret" : "Secret"
+    "Delete" : "Suprimeix"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/ca.json b/apps/oauth2/l10n/ca.json
index 0b2cda27a5b..3a064e3639e 100644
--- a/apps/oauth2/l10n/ca.json
+++ b/apps/oauth2/l10n/ca.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Identificador del client",
     "Secret key" : "Clau secreta",
     "Delete client" : "Suprimeix el client",
+    "Make sure you store the secret key, it cannot be recovered." : "Assegureu-vos d'emmagatzemar la clau secreta, no es pot recuperar.",
     "Add client" : "Afegeix un client",
     "Add" : "Afegeix",
-    "Delete" : "Suprimeix",
     "Show client secret" : "Mostra el secret del client",
     "Hide client secret" : "Amaga el secret del client",
-    "Secret" : "Secret"
+    "Delete" : "Suprimeix"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/cs.js b/apps/oauth2/l10n/cs.js
index 5a77ea78077..008e1627780 100644
--- a/apps/oauth2/l10n/cs.js
+++ b/apps/oauth2/l10n/cs.js
@@ -13,10 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identifikátor klienta",
     "Secret key" : "Tajný klíč",
     "Delete client" : "Smazat klienta",
+    "Make sure you store the secret key, it cannot be recovered." : "Nezapomeňte si uložit tajný klíč – není možné ho obnovit.",
     "Add client" : "Přidat klienta",
     "Add" : "Přidat",
-    "Delete" : "Smazat",
     "Show client secret" : "Zobrazit klientské tajemství",
-    "Secret" : "Tajemství"
+    "Hide client secret" : "Skrýt tajemství klienta",
+    "Delete" : "Smazat"
 },
 "nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;");
diff --git a/apps/oauth2/l10n/cs.json b/apps/oauth2/l10n/cs.json
index c1fb801c838..75f5586ca80 100644
--- a/apps/oauth2/l10n/cs.json
+++ b/apps/oauth2/l10n/cs.json
@@ -11,10 +11,11 @@
     "Client Identifier" : "Identifikátor klienta",
     "Secret key" : "Tajný klíč",
     "Delete client" : "Smazat klienta",
+    "Make sure you store the secret key, it cannot be recovered." : "Nezapomeňte si uložit tajný klíč – není možné ho obnovit.",
     "Add client" : "Přidat klienta",
     "Add" : "Přidat",
-    "Delete" : "Smazat",
     "Show client secret" : "Zobrazit klientské tajemství",
-    "Secret" : "Tajemství"
+    "Hide client secret" : "Skrýt tajemství klienta",
+    "Delete" : "Smazat"
 },"pluralForm" :"nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/da.js b/apps/oauth2/l10n/da.js
index 000c1ca4363..981fd99ab1c 100644
--- a/apps/oauth2/l10n/da.js
+++ b/apps/oauth2/l10n/da.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Klient ID",
     "Secret key" : "Hemmelig nøgle",
     "Delete client" : "Slet klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Sørg for at gemme den hemmelige nøgle, den kan ikke gendannes.",
     "Add client" : "Tilføj klient",
     "Add" : "Tilføj",
-    "Delete" : "Slet",
     "Show client secret" : "Vis klient hemmelighed",
     "Hide client secret" : "Skjul klient hemmelighed",
-    "Secret" : "Hemmelighed"
+    "Delete" : "Slet"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/da.json b/apps/oauth2/l10n/da.json
index fe10363daf9..289737290fe 100644
--- a/apps/oauth2/l10n/da.json
+++ b/apps/oauth2/l10n/da.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Klient ID",
     "Secret key" : "Hemmelig nøgle",
     "Delete client" : "Slet klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Sørg for at gemme den hemmelige nøgle, den kan ikke gendannes.",
     "Add client" : "Tilføj klient",
     "Add" : "Tilføj",
-    "Delete" : "Slet",
     "Show client secret" : "Vis klient hemmelighed",
     "Hide client secret" : "Skjul klient hemmelighed",
-    "Secret" : "Hemmelighed"
+    "Delete" : "Slet"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/de.js b/apps/oauth2/l10n/de.js
index 022f59554d8..20d0e79912a 100644
--- a/apps/oauth2/l10n/de.js
+++ b/apps/oauth2/l10n/de.js
@@ -1,7 +1,7 @@
 OC.L10N.register(
     "oauth2",
     {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "Dein Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informiere den Administrator deines Clients.",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Dein Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informiere die Administration deines Clients.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Die Weiterleitungs-URL muss eine vollständige URL sein. Beispiel: https://deinedomain.com/pfad",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "Ermöglicht OAuth2 komplatible Authentifizierung durch andere Web-Anwendungen.",
@@ -13,10 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Client-Identifikationsmerkmal",
     "Secret key" : "Geheimer Schlüssel",
     "Delete client" : "Client löschen",
+    "Make sure you store the secret key, it cannot be recovered." : "Bewahre den geheimen Schlüssel unbedingt auf, er kann nicht wiederhergestellt werden.",
     "Add client" : "Client hinzufügen",
     "Add" : "Hinzufügen",
-    "Delete" : " Löschen",
     "Show client secret" : "Geheime Zeichenkette des Clients anzeigen",
-    "Secret" : "Geheimnis"
+    "Hide client secret" : "Geheime Zeichenkette des Clients ausblenden",
+    "Delete" : " Löschen"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/de.json b/apps/oauth2/l10n/de.json
index a8417813a11..60c835a800f 100644
--- a/apps/oauth2/l10n/de.json
+++ b/apps/oauth2/l10n/de.json
@@ -1,5 +1,5 @@
 { "translations": {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "Dein Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informiere den Administrator deines Clients.",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Dein Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informiere die Administration deines Clients.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Die Weiterleitungs-URL muss eine vollständige URL sein. Beispiel: https://deinedomain.com/pfad",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "Ermöglicht OAuth2 komplatible Authentifizierung durch andere Web-Anwendungen.",
@@ -11,10 +11,11 @@
     "Client Identifier" : "Client-Identifikationsmerkmal",
     "Secret key" : "Geheimer Schlüssel",
     "Delete client" : "Client löschen",
+    "Make sure you store the secret key, it cannot be recovered." : "Bewahre den geheimen Schlüssel unbedingt auf, er kann nicht wiederhergestellt werden.",
     "Add client" : "Client hinzufügen",
     "Add" : "Hinzufügen",
-    "Delete" : " Löschen",
     "Show client secret" : "Geheime Zeichenkette des Clients anzeigen",
-    "Secret" : "Geheimnis"
+    "Hide client secret" : "Geheime Zeichenkette des Clients ausblenden",
+    "Delete" : " Löschen"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/de_DE.js b/apps/oauth2/l10n/de_DE.js
index f44dcb91ba0..941b430bcb4 100644
--- a/apps/oauth2/l10n/de_DE.js
+++ b/apps/oauth2/l10n/de_DE.js
@@ -1,7 +1,7 @@
 OC.L10N.register(
     "oauth2",
     {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "Ihr Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informieren Sie den Administrator Ihres Clients.",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Ihr Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informieren Sie die Administration Ihres Clients.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Die Weiterleitungs-URL muss eine vollständige URL sein. Beispiel: https://ihredomain.com/pfad",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "Ermöglicht OAuth2-kompatible Authentifizierung durch andere Web-Anwendungen.",
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Client-Identifikationsmerkmal",
     "Secret key" : "Geheimer Schlüssel",
     "Delete client" : "Client löschen",
+    "Make sure you store the secret key, it cannot be recovered." : "Bewahren Sie den geheimen Schlüssel unbedingt auf, er kann nicht wiederhergestellt werden.",
     "Add client" : "Client hinzufügen",
     "Add" : "Hinzufügen",
-    "Delete" : "Löschen",
     "Show client secret" : "Geheime Zeichenkette des Clients anzeigen",
     "Hide client secret" : "Geheime Zeichenkette des Clients ausblenden",
-    "Secret" : "Geheimnis"
+    "Delete" : "Löschen"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/de_DE.json b/apps/oauth2/l10n/de_DE.json
index 129365aa905..b2be0a4dfb4 100644
--- a/apps/oauth2/l10n/de_DE.json
+++ b/apps/oauth2/l10n/de_DE.json
@@ -1,5 +1,5 @@
 { "translations": {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "Ihr Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informieren Sie den Administrator Ihres Clients.",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Ihr Client ist nicht berechtigt, eine Verbindung herzustellen. Bitte informieren Sie die Administration Ihres Clients.",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Die Weiterleitungs-URL muss eine vollständige URL sein. Beispiel: https://ihredomain.com/pfad",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "Ermöglicht OAuth2-kompatible Authentifizierung durch andere Web-Anwendungen.",
@@ -11,11 +11,11 @@
     "Client Identifier" : "Client-Identifikationsmerkmal",
     "Secret key" : "Geheimer Schlüssel",
     "Delete client" : "Client löschen",
+    "Make sure you store the secret key, it cannot be recovered." : "Bewahren Sie den geheimen Schlüssel unbedingt auf, er kann nicht wiederhergestellt werden.",
     "Add client" : "Client hinzufügen",
     "Add" : "Hinzufügen",
-    "Delete" : "Löschen",
     "Show client secret" : "Geheime Zeichenkette des Clients anzeigen",
     "Hide client secret" : "Geheime Zeichenkette des Clients ausblenden",
-    "Secret" : "Geheimnis"
+    "Delete" : "Löschen"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/el.js b/apps/oauth2/l10n/el.js
index e1c7e83d029..d576b821c94 100644
--- a/apps/oauth2/l10n/el.js
+++ b/apps/oauth2/l10n/el.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Μυστικό κλειδί",
     "Add client" : "Προσθήκη πελάτη",
     "Add" : "Προσθήκη",
-    "Delete" : "Διαγραφή",
     "Show client secret" : "Εμφάνιση μυστικού εφαρμογής υπολογιστή",
-    "Secret" : "Μυστικό"
+    "Delete" : "Διαγραφή"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/el.json b/apps/oauth2/l10n/el.json
index af69a8256e4..dd771839bc0 100644
--- a/apps/oauth2/l10n/el.json
+++ b/apps/oauth2/l10n/el.json
@@ -12,8 +12,7 @@
     "Secret key" : "Μυστικό κλειδί",
     "Add client" : "Προσθήκη πελάτη",
     "Add" : "Προσθήκη",
-    "Delete" : "Διαγραφή",
     "Show client secret" : "Εμφάνιση μυστικού εφαρμογής υπολογιστή",
-    "Secret" : "Μυστικό"
+    "Delete" : "Διαγραφή"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/en_GB.js b/apps/oauth2/l10n/en_GB.js
index f0f4fdf652d..fb42df933ca 100644
--- a/apps/oauth2/l10n/en_GB.js
+++ b/apps/oauth2/l10n/en_GB.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Client Identifier",
     "Secret key" : "Secret key",
     "Delete client" : "Delete client",
+    "Make sure you store the secret key, it cannot be recovered." : "Make sure you store the secret key, it cannot be recovered.",
     "Add client" : "Add client",
     "Add" : "Add",
-    "Delete" : "Delete",
     "Show client secret" : "Show client secret",
     "Hide client secret" : "Hide client secret",
-    "Secret" : "Secret"
+    "Delete" : "Delete"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/en_GB.json b/apps/oauth2/l10n/en_GB.json
index b78df150329..85029055a07 100644
--- a/apps/oauth2/l10n/en_GB.json
+++ b/apps/oauth2/l10n/en_GB.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Client Identifier",
     "Secret key" : "Secret key",
     "Delete client" : "Delete client",
+    "Make sure you store the secret key, it cannot be recovered." : "Make sure you store the secret key, it cannot be recovered.",
     "Add client" : "Add client",
     "Add" : "Add",
-    "Delete" : "Delete",
     "Show client secret" : "Show client secret",
     "Hide client secret" : "Hide client secret",
-    "Secret" : "Secret"
+    "Delete" : "Delete"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es.js b/apps/oauth2/l10n/es.js
index 7b97f9202bc..2c7e76a2cbb 100644
--- a/apps/oauth2/l10n/es.js
+++ b/apps/oauth2/l10n/es.js
@@ -11,13 +11,13 @@ OC.L10N.register(
     "Name" : "Nombre",
     "Redirection URI" : "URI de redirección",
     "Client Identifier" : "Identificador de cliente",
-    "Secret key" : "Llave secreta",
+    "Secret key" : "Clave secreta",
     "Delete client" : "Eliminar cliente",
+    "Make sure you store the secret key, it cannot be recovered." : "Asegúrese de guardar la clave secreta, ya que no podrá ser recuperada.",
     "Add client" : "Añadir cliente",
     "Add" : "Añadir",
-    "Delete" : "Eliminar",
     "Show client secret" : "Mostrar secreto del cliente",
     "Hide client secret" : "Ocultar secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Eliminar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es.json b/apps/oauth2/l10n/es.json
index b930c069cc6..9854ba3aa83 100644
--- a/apps/oauth2/l10n/es.json
+++ b/apps/oauth2/l10n/es.json
@@ -9,13 +9,13 @@
     "Name" : "Nombre",
     "Redirection URI" : "URI de redirección",
     "Client Identifier" : "Identificador de cliente",
-    "Secret key" : "Llave secreta",
+    "Secret key" : "Clave secreta",
     "Delete client" : "Eliminar cliente",
+    "Make sure you store the secret key, it cannot be recovered." : "Asegúrese de guardar la clave secreta, ya que no podrá ser recuperada.",
     "Add client" : "Añadir cliente",
     "Add" : "Añadir",
-    "Delete" : "Eliminar",
     "Show client secret" : "Mostrar secreto del cliente",
     "Hide client secret" : "Ocultar secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Eliminar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_419.js b/apps/oauth2/l10n/es_419.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_419.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_419.json b/apps/oauth2/l10n/es_419.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_419.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_AR.js b/apps/oauth2/l10n/es_AR.js
index c7aa959369c..ec54aae2bea 100644
--- a/apps/oauth2/l10n/es_AR.js
+++ b/apps/oauth2/l10n/es_AR.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Eliminar",
-    "Secret" : "Secreto"
+    "Delete" : "Eliminar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_AR.json b/apps/oauth2/l10n/es_AR.json
index 176702010ed..31ae3db82be 100644
--- a/apps/oauth2/l10n/es_AR.json
+++ b/apps/oauth2/l10n/es_AR.json
@@ -7,7 +7,6 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Eliminar",
-    "Secret" : "Secreto"
+    "Delete" : "Eliminar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_CL.js b/apps/oauth2/l10n/es_CL.js
index 3d12387adc5..079b21192fd 100644
--- a/apps/oauth2/l10n/es_CL.js
+++ b/apps/oauth2/l10n/es_CL.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_CL.json b/apps/oauth2/l10n/es_CL.json
index 5d9bf13e9a8..40b679cc951 100644
--- a/apps/oauth2/l10n/es_CL.json
+++ b/apps/oauth2/l10n/es_CL.json
@@ -7,7 +7,6 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_CO.js b/apps/oauth2/l10n/es_CO.js
index 3d12387adc5..079b21192fd 100644
--- a/apps/oauth2/l10n/es_CO.js
+++ b/apps/oauth2/l10n/es_CO.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_CO.json b/apps/oauth2/l10n/es_CO.json
index 5d9bf13e9a8..40b679cc951 100644
--- a/apps/oauth2/l10n/es_CO.json
+++ b/apps/oauth2/l10n/es_CO.json
@@ -7,7 +7,6 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_CR.js b/apps/oauth2/l10n/es_CR.js
index 3d12387adc5..079b21192fd 100644
--- a/apps/oauth2/l10n/es_CR.js
+++ b/apps/oauth2/l10n/es_CR.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_CR.json b/apps/oauth2/l10n/es_CR.json
index 5d9bf13e9a8..40b679cc951 100644
--- a/apps/oauth2/l10n/es_CR.json
+++ b/apps/oauth2/l10n/es_CR.json
@@ -7,7 +7,6 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_DO.js b/apps/oauth2/l10n/es_DO.js
index 3d12387adc5..079b21192fd 100644
--- a/apps/oauth2/l10n/es_DO.js
+++ b/apps/oauth2/l10n/es_DO.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_DO.json b/apps/oauth2/l10n/es_DO.json
index 5d9bf13e9a8..40b679cc951 100644
--- a/apps/oauth2/l10n/es_DO.json
+++ b/apps/oauth2/l10n/es_DO.json
@@ -7,7 +7,6 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_EC.js b/apps/oauth2/l10n/es_EC.js
index 11bbcd01a53..38fab4a83a6 100644
--- a/apps/oauth2/l10n/es_EC.js
+++ b/apps/oauth2/l10n/es_EC.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
     "Show client secret" : "Mostrar el secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_EC.json b/apps/oauth2/l10n/es_EC.json
index c6f5c88e779..3dd48dcdcd2 100644
--- a/apps/oauth2/l10n/es_EC.json
+++ b/apps/oauth2/l10n/es_EC.json
@@ -12,8 +12,7 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
     "Show client secret" : "Mostrar el secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_GT.js b/apps/oauth2/l10n/es_GT.js
index 9670dbe2aab..38f9a9c8eff 100644
--- a/apps/oauth2/l10n/es_GT.js
+++ b/apps/oauth2/l10n/es_GT.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
     "Show client secret" : "Mostrar secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_GT.json b/apps/oauth2/l10n/es_GT.json
index d46f4c9e475..fea09081d1d 100644
--- a/apps/oauth2/l10n/es_GT.json
+++ b/apps/oauth2/l10n/es_GT.json
@@ -12,8 +12,7 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
     "Show client secret" : "Mostrar secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_HN.js b/apps/oauth2/l10n/es_HN.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_HN.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_HN.json b/apps/oauth2/l10n/es_HN.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_HN.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_MX.js b/apps/oauth2/l10n/es_MX.js
index 5fa56a92fe6..ac9270bc6af 100644
--- a/apps/oauth2/l10n/es_MX.js
+++ b/apps/oauth2/l10n/es_MX.js
@@ -15,9 +15,8 @@ OC.L10N.register(
     "Delete client" : "Eliminar cliente",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
     "Show client secret" : "Mostrar el secreto del cliente",
     "Hide client secret" : "Ocultar el secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_MX.json b/apps/oauth2/l10n/es_MX.json
index c8086693576..6f0d19e414a 100644
--- a/apps/oauth2/l10n/es_MX.json
+++ b/apps/oauth2/l10n/es_MX.json
@@ -13,9 +13,8 @@
     "Delete client" : "Eliminar cliente",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
     "Show client secret" : "Mostrar el secreto del cliente",
     "Hide client secret" : "Ocultar el secreto del cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_NI.js b/apps/oauth2/l10n/es_NI.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_NI.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_NI.json b/apps/oauth2/l10n/es_NI.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_NI.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_PA.js b/apps/oauth2/l10n/es_PA.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_PA.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_PA.json b/apps/oauth2/l10n/es_PA.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_PA.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_PE.js b/apps/oauth2/l10n/es_PE.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_PE.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_PE.json b/apps/oauth2/l10n/es_PE.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_PE.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_PR.js b/apps/oauth2/l10n/es_PR.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_PR.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_PR.json b/apps/oauth2/l10n/es_PR.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_PR.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_PY.js b/apps/oauth2/l10n/es_PY.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_PY.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_PY.json b/apps/oauth2/l10n/es_PY.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_PY.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_SV.js b/apps/oauth2/l10n/es_SV.js
index 3d12387adc5..079b21192fd 100644
--- a/apps/oauth2/l10n/es_SV.js
+++ b/apps/oauth2/l10n/es_SV.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_SV.json b/apps/oauth2/l10n/es_SV.json
index 5d9bf13e9a8..40b679cc951 100644
--- a/apps/oauth2/l10n/es_SV.json
+++ b/apps/oauth2/l10n/es_SV.json
@@ -7,7 +7,6 @@
     "Secret key" : "Llave secreta",
     "Add client" : "Agregar cliente",
     "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
+    "Delete" : "Borrar"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/es_UY.js b/apps/oauth2/l10n/es_UY.js
deleted file mode 100644
index 470d1417fde..00000000000
--- a/apps/oauth2/l10n/es_UY.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},
-"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/es_UY.json b/apps/oauth2/l10n/es_UY.json
deleted file mode 100644
index 0cfead6a680..00000000000
--- a/apps/oauth2/l10n/es_UY.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Clientes OAuth 2.0",
-    "Name" : "Nombre",
-    "Redirection URI" : "URI para redirección",
-    "Client Identifier" : "Identificador del cliente",
-    "Secret key" : "Llave secreta",
-    "Add client" : "Agregar cliente",
-    "Add" : "Agregar",
-    "Delete" : "Borrar",
-    "Secret" : "Secreto"
-},"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/et_EE.js b/apps/oauth2/l10n/et_EE.js
index 9b50bd04b50..93a7c7e97bf 100644
--- a/apps/oauth2/l10n/et_EE.js
+++ b/apps/oauth2/l10n/et_EE.js
@@ -1,14 +1,23 @@
 OC.L10N.register(
     "oauth2",
     {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Su klient ei ole ühenduseks autoriseeritud. Palun teavita oma kliendi peakasutajat.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Ümbersuunamise URL peab olema täis URL, näiteks: https://sinudomeen.com/asukoht",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Võimaldab OAuth2-ga ühilduvat autentimist teistest veebirakendustest.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "Rakendus OAuth2 võimaldab administraatoritel konfigureerida sisseehitatud autentimise töövoogu, et võimaldada ka OAuth2-ga ühilduvat autentimist teistest veebirakendustest.",
     "OAuth 2.0 clients" : "OAuth 2.0 kliendid",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 võimaldab välisteenustel taotleda juurdepääsu {instanceName}ile",
     "Name" : "Nimi",
     "Redirection URI" : "Suunamise URI",
     "Client Identifier" : "Kliendi identifikaator",
     "Secret key" : "Salavõti",
+    "Delete client" : "Kustuta klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Salvesta salajane võti, seda ei saa taastada.",
     "Add client" : "Lisa klient",
     "Add" : "Lisa",
-    "Delete" : "Kustuta",
-    "Secret" : "Saladus"
+    "Show client secret" : "Näita kliendi salakoodi",
+    "Hide client secret" : "Peida kliendi salakood",
+    "Delete" : "Kustuta"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/et_EE.json b/apps/oauth2/l10n/et_EE.json
index d0b94e0d560..0ddc97bea45 100644
--- a/apps/oauth2/l10n/et_EE.json
+++ b/apps/oauth2/l10n/et_EE.json
@@ -1,12 +1,21 @@
 { "translations": {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Su klient ei ole ühenduseks autoriseeritud. Palun teavita oma kliendi peakasutajat.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Ümbersuunamise URL peab olema täis URL, näiteks: https://sinudomeen.com/asukoht",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Võimaldab OAuth2-ga ühilduvat autentimist teistest veebirakendustest.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "Rakendus OAuth2 võimaldab administraatoritel konfigureerida sisseehitatud autentimise töövoogu, et võimaldada ka OAuth2-ga ühilduvat autentimist teistest veebirakendustest.",
     "OAuth 2.0 clients" : "OAuth 2.0 kliendid",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 võimaldab välisteenustel taotleda juurdepääsu {instanceName}ile",
     "Name" : "Nimi",
     "Redirection URI" : "Suunamise URI",
     "Client Identifier" : "Kliendi identifikaator",
     "Secret key" : "Salavõti",
+    "Delete client" : "Kustuta klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Salvesta salajane võti, seda ei saa taastada.",
     "Add client" : "Lisa klient",
     "Add" : "Lisa",
-    "Delete" : "Kustuta",
-    "Secret" : "Saladus"
+    "Show client secret" : "Näita kliendi salakoodi",
+    "Hide client secret" : "Peida kliendi salakood",
+    "Delete" : "Kustuta"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/eu.js b/apps/oauth2/l10n/eu.js
index 0adfba2611f..e195a1ef3ac 100644
--- a/apps/oauth2/l10n/eu.js
+++ b/apps/oauth2/l10n/eu.js
@@ -12,10 +12,12 @@ OC.L10N.register(
     "Redirection URI" : "Birbideraketaren URI",
     "Client Identifier" : "Bezeroaren Identifikadorea",
     "Secret key" : "Gako sekretua",
+    "Delete client" : "Ezabatu bezeroa",
+    "Make sure you store the secret key, it cannot be recovered." : "Ziurtatu gako sekretua gordetzen duzula, ezin da berreskuratu.",
     "Add client" : "Gehitu bezeroa",
     "Add" : "Gehitu",
-    "Delete" : "Ezabatu",
     "Show client secret" : "Erakutsi bezeroaren sekretua",
-    "Secret" : "Sekretua"
+    "Hide client secret" : "Ezkutatu bezeroaren sekretua",
+    "Delete" : "Ezabatu"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/eu.json b/apps/oauth2/l10n/eu.json
index 4e4aa4c342b..ddfcd437650 100644
--- a/apps/oauth2/l10n/eu.json
+++ b/apps/oauth2/l10n/eu.json
@@ -10,10 +10,12 @@
     "Redirection URI" : "Birbideraketaren URI",
     "Client Identifier" : "Bezeroaren Identifikadorea",
     "Secret key" : "Gako sekretua",
+    "Delete client" : "Ezabatu bezeroa",
+    "Make sure you store the secret key, it cannot be recovered." : "Ziurtatu gako sekretua gordetzen duzula, ezin da berreskuratu.",
     "Add client" : "Gehitu bezeroa",
     "Add" : "Gehitu",
-    "Delete" : "Ezabatu",
     "Show client secret" : "Erakutsi bezeroaren sekretua",
-    "Secret" : "Sekretua"
+    "Hide client secret" : "Ezkutatu bezeroaren sekretua",
+    "Delete" : "Ezabatu"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/fa.js b/apps/oauth2/l10n/fa.js
index 21f8fdcdf25..4f21d887051 100644
--- a/apps/oauth2/l10n/fa.js
+++ b/apps/oauth2/l10n/fa.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "کلید مخفی",
     "Add client" : "افزودن مشتری",
     "Add" : "افزودن",
-    "Delete" : "حذف",
     "Show client secret" : "راز مشتری را نشان دهید",
-    "Secret" : "راز"
+    "Delete" : "حذف"
 },
 "nplurals=2; plural=(n > 1);");
diff --git a/apps/oauth2/l10n/fa.json b/apps/oauth2/l10n/fa.json
index 3a63d7c4997..f7091f5c83e 100644
--- a/apps/oauth2/l10n/fa.json
+++ b/apps/oauth2/l10n/fa.json
@@ -12,8 +12,7 @@
     "Secret key" : "کلید مخفی",
     "Add client" : "افزودن مشتری",
     "Add" : "افزودن",
-    "Delete" : "حذف",
     "Show client secret" : "راز مشتری را نشان دهید",
-    "Secret" : "راز"
+    "Delete" : "حذف"
 },"pluralForm" :"nplurals=2; plural=(n > 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/fi.js b/apps/oauth2/l10n/fi.js
index 7cc8b523682..c7ad237bc72 100644
--- a/apps/oauth2/l10n/fi.js
+++ b/apps/oauth2/l10n/fi.js
@@ -13,9 +13,8 @@ OC.L10N.register(
     "Delete client" : "Poista asiakas",
     "Add client" : "Lisää asiakas",
     "Add" : "Lisää",
-    "Delete" : "Poista",
     "Show client secret" : "Näytä asiakkaan salaisuus",
     "Hide client secret" : "Piilota asiakkaan salaisuus",
-    "Secret" : "Salaisuus"
+    "Delete" : "Poista"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/fi.json b/apps/oauth2/l10n/fi.json
index 5ae67c67326..c74e11bef5e 100644
--- a/apps/oauth2/l10n/fi.json
+++ b/apps/oauth2/l10n/fi.json
@@ -11,9 +11,8 @@
     "Delete client" : "Poista asiakas",
     "Add client" : "Lisää asiakas",
     "Add" : "Lisää",
-    "Delete" : "Poista",
     "Show client secret" : "Näytä asiakkaan salaisuus",
     "Hide client secret" : "Piilota asiakkaan salaisuus",
-    "Secret" : "Salaisuus"
+    "Delete" : "Poista"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/fr.js b/apps/oauth2/l10n/fr.js
index 534ccdb2b58..a60dc05f74c 100644
--- a/apps/oauth2/l10n/fr.js
+++ b/apps/oauth2/l10n/fr.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identifiant du client",
     "Secret key" : "Clé secrète",
     "Delete client" : "Supprimer le client",
+    "Make sure you store the secret key, it cannot be recovered." : "Assurez-vous de stocker la clé secrète, elle ne peut pas être re récupérée.",
     "Add client" : "Ajouter un client",
     "Add" : "Ajouter",
-    "Delete" : "Supprimer",
     "Show client secret" : "Afficher le code secret du client",
     "Hide client secret" : "Masquer le secret du client",
-    "Secret" : "Code secret"
+    "Delete" : "Supprimer"
 },
 "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/fr.json b/apps/oauth2/l10n/fr.json
index 3a222bd5967..9be9ea0d408 100644
--- a/apps/oauth2/l10n/fr.json
+++ b/apps/oauth2/l10n/fr.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Identifiant du client",
     "Secret key" : "Clé secrète",
     "Delete client" : "Supprimer le client",
+    "Make sure you store the secret key, it cannot be recovered." : "Assurez-vous de stocker la clé secrète, elle ne peut pas être re récupérée.",
     "Add client" : "Ajouter un client",
     "Add" : "Ajouter",
-    "Delete" : "Supprimer",
     "Show client secret" : "Afficher le code secret du client",
     "Hide client secret" : "Masquer le secret du client",
-    "Secret" : "Code secret"
+    "Delete" : "Supprimer"
 },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ga.js b/apps/oauth2/l10n/ga.js
new file mode 100644
index 00000000000..45199e91f97
--- /dev/null
+++ b/apps/oauth2/l10n/ga.js
@@ -0,0 +1,23 @@
+OC.L10N.register(
+    "oauth2",
+    {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Níl do chliant údaraithe chun nascadh. Cuir do chliant ar an eolas do riarthóir.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Ní mór do URL athsheolaidh a bheith ina URL iomlán mar shampla: https://yourdomain.com/path",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Ceadaíonn sé fíordheimhniú comhoiriúnach OAuth2 ó fheidhmchláir ghréasáin eile.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "Ligeann an aip OAuth2 do riarthóirí an sreabhadh oibre fíordheimhnithe ionsuite a chumrú chun fíordheimhniú comhoiriúnach OAuth2 a cheadú ó fheidhmchláir ghréasáin eile.",
+    "OAuth 2.0 clients" : "Cliant OAuth 2.0",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "Ligeann OAuth 2.0 do sheirbhísí seachtracha rochtain a iarraidh ar {instanceName}.",
+    "Name" : "Ainm",
+    "Redirection URI" : "Atreo URI",
+    "Client Identifier" : "Aitheantóir Cliant",
+    "Secret key" : "Eochair rúnda",
+    "Delete client" : "Scrios cliant",
+    "Make sure you store the secret key, it cannot be recovered." : "Déan cinnte go stórálann tú an eochair rúnda, ní féidir í a aisghabháil.",
+    "Add client" : "Cuir cliant leis",
+    "Add" : "Cuir",
+    "Show client secret" : "Taispeáin rún an chliaint",
+    "Hide client secret" : "Folaigh rún an chliaint",
+    "Delete" : "Scrios"
+},
+"nplurals=5; plural=(n==1 ? 0 : n==2 ? 1 : n<7 ? 2 : n<11 ? 3 : 4);");
diff --git a/apps/oauth2/l10n/ga.json b/apps/oauth2/l10n/ga.json
new file mode 100644
index 00000000000..a85a372dc24
--- /dev/null
+++ b/apps/oauth2/l10n/ga.json
@@ -0,0 +1,21 @@
+{ "translations": {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Níl do chliant údaraithe chun nascadh. Cuir do chliant ar an eolas do riarthóir.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Ní mór do URL athsheolaidh a bheith ina URL iomlán mar shampla: https://yourdomain.com/path",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Ceadaíonn sé fíordheimhniú comhoiriúnach OAuth2 ó fheidhmchláir ghréasáin eile.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "Ligeann an aip OAuth2 do riarthóirí an sreabhadh oibre fíordheimhnithe ionsuite a chumrú chun fíordheimhniú comhoiriúnach OAuth2 a cheadú ó fheidhmchláir ghréasáin eile.",
+    "OAuth 2.0 clients" : "Cliant OAuth 2.0",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "Ligeann OAuth 2.0 do sheirbhísí seachtracha rochtain a iarraidh ar {instanceName}.",
+    "Name" : "Ainm",
+    "Redirection URI" : "Atreo URI",
+    "Client Identifier" : "Aitheantóir Cliant",
+    "Secret key" : "Eochair rúnda",
+    "Delete client" : "Scrios cliant",
+    "Make sure you store the secret key, it cannot be recovered." : "Déan cinnte go stórálann tú an eochair rúnda, ní féidir í a aisghabháil.",
+    "Add client" : "Cuir cliant leis",
+    "Add" : "Cuir",
+    "Show client secret" : "Taispeáin rún an chliaint",
+    "Hide client secret" : "Folaigh rún an chliaint",
+    "Delete" : "Scrios"
+},"pluralForm" :"nplurals=5; plural=(n==1 ? 0 : n==2 ? 1 : n<7 ? 2 : n<11 ? 3 : 4);"
+}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/gl.js b/apps/oauth2/l10n/gl.js
index 44adf7c2e50..3aaa35e0b00 100644
--- a/apps/oauth2/l10n/gl.js
+++ b/apps/oauth2/l10n/gl.js
@@ -4,8 +4,8 @@ OC.L10N.register(
     "Your client is not authorized to connect. Please inform the administrator of your client." : "O seu cliente non ten autorización para conectarse. Informe do seu cliente á administración da instancia",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "o seu URL de redirección debe ser un URL completo, por exemplo: https://omeudominio.com/ruta",
     "OAuth 2.0" : "OAuth 2.0",
-    "Allows OAuth2 compatible authentication from other web applications." : "Permite a autenticación compatíbel con OAuth2 dende outras aplicacións web.",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "A aplicación OAuth2 permítelle aos administradores configurar o fluxo de traballo de autenticación integrado para permitir tamén autenticación compatíbel con OAuth2 dende outras aplicacións web.",
+    "Allows OAuth2 compatible authentication from other web applications." : "Permite a autenticación compatíbel con OAuth2 desde outras aplicacións web.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "A aplicación OAuth2 permítelle aos administradores configurar o fluxo de traballo de autenticación integrado para permitir tamén autenticación compatíbel con OAuth2 desde outras aplicacións web.",
     "OAuth 2.0 clients" : "Clientes OAuth 2.0",
     "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 permítelle aos servizos externos solicitar acceso a {instanceName}.",
     "Name" : "Nome",
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identificador do cliente",
     "Secret key" : "Chave secreta",
     "Delete client" : "Eliminar cliente",
+    "Make sure you store the secret key, it cannot be recovered." : "Asegúrese de gardar a chave secreta, non é posíbel recuperala.",
     "Add client" : "Engadir cliente",
     "Add" : "Engadir",
-    "Delete" : "Eliminar",
     "Show client secret" : "Amosar o segredo do cliente",
     "Hide client secret" : "Agochar o segredo do cliente",
-    "Secret" : "Segredo"
+    "Delete" : "Eliminar"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/gl.json b/apps/oauth2/l10n/gl.json
index d835478c11f..3401883d361 100644
--- a/apps/oauth2/l10n/gl.json
+++ b/apps/oauth2/l10n/gl.json
@@ -2,8 +2,8 @@
     "Your client is not authorized to connect. Please inform the administrator of your client." : "O seu cliente non ten autorización para conectarse. Informe do seu cliente á administración da instancia",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "o seu URL de redirección debe ser un URL completo, por exemplo: https://omeudominio.com/ruta",
     "OAuth 2.0" : "OAuth 2.0",
-    "Allows OAuth2 compatible authentication from other web applications." : "Permite a autenticación compatíbel con OAuth2 dende outras aplicacións web.",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "A aplicación OAuth2 permítelle aos administradores configurar o fluxo de traballo de autenticación integrado para permitir tamén autenticación compatíbel con OAuth2 dende outras aplicacións web.",
+    "Allows OAuth2 compatible authentication from other web applications." : "Permite a autenticación compatíbel con OAuth2 desde outras aplicacións web.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "A aplicación OAuth2 permítelle aos administradores configurar o fluxo de traballo de autenticación integrado para permitir tamén autenticación compatíbel con OAuth2 desde outras aplicacións web.",
     "OAuth 2.0 clients" : "Clientes OAuth 2.0",
     "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 permítelle aos servizos externos solicitar acceso a {instanceName}.",
     "Name" : "Nome",
@@ -11,11 +11,11 @@
     "Client Identifier" : "Identificador do cliente",
     "Secret key" : "Chave secreta",
     "Delete client" : "Eliminar cliente",
+    "Make sure you store the secret key, it cannot be recovered." : "Asegúrese de gardar a chave secreta, non é posíbel recuperala.",
     "Add client" : "Engadir cliente",
     "Add" : "Engadir",
-    "Delete" : "Eliminar",
     "Show client secret" : "Amosar o segredo do cliente",
     "Hide client secret" : "Agochar o segredo do cliente",
-    "Secret" : "Segredo"
+    "Delete" : "Eliminar"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/he.js b/apps/oauth2/l10n/he.js
index f21f41b3756..2d32792f86e 100644
--- a/apps/oauth2/l10n/he.js
+++ b/apps/oauth2/l10n/he.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "מפתח סודי",
     "Add client" : "הוספת לקוחי",
     "Add" : "הוספה",
-    "Delete" : "מחיקה",
     "Show client secret" : "הצגת סוד לקוח",
-    "Secret" : "סוד"
+    "Delete" : "מחיקה"
 },
 "nplurals=3; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: 2;");
diff --git a/apps/oauth2/l10n/he.json b/apps/oauth2/l10n/he.json
index 49baecc81cd..d46ae0195f4 100644
--- a/apps/oauth2/l10n/he.json
+++ b/apps/oauth2/l10n/he.json
@@ -12,8 +12,7 @@
     "Secret key" : "מפתח סודי",
     "Add client" : "הוספת לקוחי",
     "Add" : "הוספה",
-    "Delete" : "מחיקה",
     "Show client secret" : "הצגת סוד לקוח",
-    "Secret" : "סוד"
+    "Delete" : "מחיקה"
 },"pluralForm" :"nplurals=3; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/hr.js b/apps/oauth2/l10n/hr.js
index 3ad6d558190..396209ee36b 100644
--- a/apps/oauth2/l10n/hr.js
+++ b/apps/oauth2/l10n/hr.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Tajni ključ",
     "Add client" : "Dodaj klijenta",
     "Add" : "Dodaj",
-    "Delete" : "Izbriši",
     "Show client secret" : "Prikaži tajni ključ klijenta",
-    "Secret" : "Tajno"
+    "Delete" : "Izbriši"
 },
 "nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;");
diff --git a/apps/oauth2/l10n/hr.json b/apps/oauth2/l10n/hr.json
index 3883f5f8f28..79303555b6b 100644
--- a/apps/oauth2/l10n/hr.json
+++ b/apps/oauth2/l10n/hr.json
@@ -12,8 +12,7 @@
     "Secret key" : "Tajni ključ",
     "Add client" : "Dodaj klijenta",
     "Add" : "Dodaj",
-    "Delete" : "Izbriši",
     "Show client secret" : "Prikaži tajni ključ klijenta",
-    "Secret" : "Tajno"
+    "Delete" : "Izbriši"
 },"pluralForm" :"nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/hu.js b/apps/oauth2/l10n/hu.js
index d7122c72ecf..eddb2928651 100644
--- a/apps/oauth2/l10n/hu.js
+++ b/apps/oauth2/l10n/hu.js
@@ -9,13 +9,15 @@ OC.L10N.register(
     "OAuth 2.0 clients" : "OAuth 2.0 kliensek",
     "OAuth 2.0 allows external services to request access to {instanceName}." : "Az OAuth 2.0 engedélyezi, hogy külső szolgáltatások hozzáférést kérjenek a következőhöz: {instanceName}.",
     "Name" : "Név",
-    "Redirection URI" : "Átirányítési URI",
+    "Redirection URI" : "Átirányítási URI",
     "Client Identifier" : "Ügyfélazonosító",
     "Secret key" : "Titkos kulcs",
+    "Delete client" : "Kliens törlése",
+    "Make sure you store the secret key, it cannot be recovered." : "Győződjön meg róla tárolja a titkos kulcsot, mert nem nyerhető vissza.",
     "Add client" : "Kliens hozzáadása",
     "Add" : "Hozzáadás",
-    "Delete" : "Törlés",
-    "Show client secret" : "Kliens titkának megjelenítése",
-    "Secret" : "Titok"
+    "Show client secret" : "Klienstitok megjelenítése",
+    "Hide client secret" : "Klienstitok elrejtése",
+    "Delete" : "Törlés"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/hu.json b/apps/oauth2/l10n/hu.json
index f0e5f1de87d..2e0a9c4de02 100644
--- a/apps/oauth2/l10n/hu.json
+++ b/apps/oauth2/l10n/hu.json
@@ -7,13 +7,15 @@
     "OAuth 2.0 clients" : "OAuth 2.0 kliensek",
     "OAuth 2.0 allows external services to request access to {instanceName}." : "Az OAuth 2.0 engedélyezi, hogy külső szolgáltatások hozzáférést kérjenek a következőhöz: {instanceName}.",
     "Name" : "Név",
-    "Redirection URI" : "Átirányítési URI",
+    "Redirection URI" : "Átirányítási URI",
     "Client Identifier" : "Ügyfélazonosító",
     "Secret key" : "Titkos kulcs",
+    "Delete client" : "Kliens törlése",
+    "Make sure you store the secret key, it cannot be recovered." : "Győződjön meg róla tárolja a titkos kulcsot, mert nem nyerhető vissza.",
     "Add client" : "Kliens hozzáadása",
     "Add" : "Hozzáadás",
-    "Delete" : "Törlés",
-    "Show client secret" : "Kliens titkának megjelenítése",
-    "Secret" : "Titok"
+    "Show client secret" : "Klienstitok megjelenítése",
+    "Hide client secret" : "Klienstitok elrejtése",
+    "Delete" : "Törlés"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/id.js b/apps/oauth2/l10n/id.js
deleted file mode 100644
index 8344b4d5600..00000000000
--- a/apps/oauth2/l10n/id.js
+++ /dev/null
@@ -1,14 +0,0 @@
-OC.L10N.register(
-    "oauth2",
-    {
-    "OAuth 2.0 clients" : "Klien OAuth 2.0",
-    "Name" : "Nama",
-    "Redirection URI" : "URI Pengalihan",
-    "Client Identifier" : "Identifier klien",
-    "Secret key" : "Kunci rahasia",
-    "Add client" : "Tambah klien",
-    "Add" : "Tambah",
-    "Delete" : "Hapus",
-    "Secret" : "Rahasia"
-},
-"nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/id.json b/apps/oauth2/l10n/id.json
deleted file mode 100644
index cd899108a1a..00000000000
--- a/apps/oauth2/l10n/id.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{ "translations": {
-    "OAuth 2.0 clients" : "Klien OAuth 2.0",
-    "Name" : "Nama",
-    "Redirection URI" : "URI Pengalihan",
-    "Client Identifier" : "Identifier klien",
-    "Secret key" : "Kunci rahasia",
-    "Add client" : "Tambah klien",
-    "Add" : "Tambah",
-    "Delete" : "Hapus",
-    "Secret" : "Rahasia"
-},"pluralForm" :"nplurals=1; plural=0;"
-}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/is.js b/apps/oauth2/l10n/is.js
index 26c664d15c4..e786a1e409d 100644
--- a/apps/oauth2/l10n/is.js
+++ b/apps/oauth2/l10n/is.js
@@ -13,10 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Biðlaraauðkenni",
     "Secret key" : "Leynilykill",
     "Delete client" : "Eyða biðlara",
+    "Make sure you store the secret key, it cannot be recovered." : "Vertu viss um að geyma leynilykilinn á góðum stað, henn er ekki hægt að endurheimta.",
     "Add client" : "Bæta við biðlara",
     "Add" : "Bæta við",
-    "Delete" : "Eyða",
     "Show client secret" : "Sýna leynilykil biðlara",
-    "Secret" : "Leynilykill"
+    "Hide client secret" : "Fela leynilykil biðlara",
+    "Delete" : "Eyða"
 },
 "nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);");
diff --git a/apps/oauth2/l10n/is.json b/apps/oauth2/l10n/is.json
index 14653717b49..573b3a496a4 100644
--- a/apps/oauth2/l10n/is.json
+++ b/apps/oauth2/l10n/is.json
@@ -11,10 +11,11 @@
     "Client Identifier" : "Biðlaraauðkenni",
     "Secret key" : "Leynilykill",
     "Delete client" : "Eyða biðlara",
+    "Make sure you store the secret key, it cannot be recovered." : "Vertu viss um að geyma leynilykilinn á góðum stað, henn er ekki hægt að endurheimta.",
     "Add client" : "Bæta við biðlara",
     "Add" : "Bæta við",
-    "Delete" : "Eyða",
     "Show client secret" : "Sýna leynilykil biðlara",
-    "Secret" : "Leynilykill"
+    "Hide client secret" : "Fela leynilykil biðlara",
+    "Delete" : "Eyða"
 },"pluralForm" :"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/it.js b/apps/oauth2/l10n/it.js
index 69726925a4b..f6365b013d0 100644
--- a/apps/oauth2/l10n/it.js
+++ b/apps/oauth2/l10n/it.js
@@ -13,10 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identificatore client",
     "Secret key" : "Chiave segreta",
     "Delete client" : "Elimina client",
+    "Make sure you store the secret key, it cannot be recovered." : "Assicurati di salvare la chiave segreta, non può essere recuperata.",
     "Add client" : "Aggiungi client",
     "Add" : "Aggiungi",
-    "Delete" : "Elimina",
     "Show client secret" : "Mostra segreto del client",
-    "Secret" : "Segreto"
+    "Hide client secret" : "Nascondi segreto del client",
+    "Delete" : "Elimina"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/it.json b/apps/oauth2/l10n/it.json
index 3abe47f48cd..d7db0bbe00d 100644
--- a/apps/oauth2/l10n/it.json
+++ b/apps/oauth2/l10n/it.json
@@ -11,10 +11,11 @@
     "Client Identifier" : "Identificatore client",
     "Secret key" : "Chiave segreta",
     "Delete client" : "Elimina client",
+    "Make sure you store the secret key, it cannot be recovered." : "Assicurati di salvare la chiave segreta, non può essere recuperata.",
     "Add client" : "Aggiungi client",
     "Add" : "Aggiungi",
-    "Delete" : "Elimina",
     "Show client secret" : "Mostra segreto del client",
-    "Secret" : "Segreto"
+    "Hide client secret" : "Nascondi segreto del client",
+    "Delete" : "Elimina"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ja.js b/apps/oauth2/l10n/ja.js
index 4c262c0cc3f..c1418fb2021 100644
--- a/apps/oauth2/l10n/ja.js
+++ b/apps/oauth2/l10n/ja.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "クライアントID",
     "Secret key" : "シークレットキー",
     "Delete client" : "クライアントを削除",
+    "Make sure you store the secret key, it cannot be recovered." : "秘密鍵は復元できないので、必ず保管してください。",
     "Add client" : "クライアントの追加",
     "Add" : "追加",
-    "Delete" : "削除",
     "Show client secret" : "クライアントシークレットキーを表示",
     "Hide client secret" : "クライアントのシークレットキーを隠す",
-    "Secret" : "シークレットキー"
+    "Delete" : "削除"
 },
 "nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/ja.json b/apps/oauth2/l10n/ja.json
index 401c8dd8494..09357aca90f 100644
--- a/apps/oauth2/l10n/ja.json
+++ b/apps/oauth2/l10n/ja.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "クライアントID",
     "Secret key" : "シークレットキー",
     "Delete client" : "クライアントを削除",
+    "Make sure you store the secret key, it cannot be recovered." : "秘密鍵は復元できないので、必ず保管してください。",
     "Add client" : "クライアントの追加",
     "Add" : "追加",
-    "Delete" : "削除",
     "Show client secret" : "クライアントシークレットキーを表示",
     "Hide client secret" : "クライアントのシークレットキーを隠す",
-    "Secret" : "シークレットキー"
+    "Delete" : "削除"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ka.js b/apps/oauth2/l10n/ka.js
index c665fb1d0c1..c3a7a9385ba 100644
--- a/apps/oauth2/l10n/ka.js
+++ b/apps/oauth2/l10n/ka.js
@@ -15,9 +15,8 @@ OC.L10N.register(
     "Delete client" : "Delete client",
     "Add client" : "Add client",
     "Add" : "Add",
-    "Delete" : "Delete",
     "Show client secret" : "Show client secret",
     "Hide client secret" : "Hide client secret",
-    "Secret" : "Secret"
+    "Delete" : "Delete"
 },
 "nplurals=2; plural=(n!=1);");
diff --git a/apps/oauth2/l10n/ka.json b/apps/oauth2/l10n/ka.json
index 2eabf97c30e..9d634320a17 100644
--- a/apps/oauth2/l10n/ka.json
+++ b/apps/oauth2/l10n/ka.json
@@ -13,9 +13,8 @@
     "Delete client" : "Delete client",
     "Add client" : "Add client",
     "Add" : "Add",
-    "Delete" : "Delete",
     "Show client secret" : "Show client secret",
     "Hide client secret" : "Hide client secret",
-    "Secret" : "Secret"
+    "Delete" : "Delete"
 },"pluralForm" :"nplurals=2; plural=(n!=1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ka_GE.js b/apps/oauth2/l10n/ka_GE.js
index 7e73d73e696..a94015e4803 100644
--- a/apps/oauth2/l10n/ka_GE.js
+++ b/apps/oauth2/l10n/ka_GE.js
@@ -9,8 +9,7 @@ OC.L10N.register(
     "Secret key" : "საიდუმლო გასაღები",
     "Add client" : "კლიენტის დამატება",
     "Add" : "დამატება",
-    "Delete" : "წაშლა",
     "Show client secret" : "გამოაჩინე კლიენტის საიდუმლო",
-    "Secret" : "საიდუმლო"
+    "Delete" : "წაშლა"
 },
 "nplurals=2; plural=(n!=1);");
diff --git a/apps/oauth2/l10n/ka_GE.json b/apps/oauth2/l10n/ka_GE.json
index 01d0d6b6ba6..186b5570c7f 100644
--- a/apps/oauth2/l10n/ka_GE.json
+++ b/apps/oauth2/l10n/ka_GE.json
@@ -7,8 +7,7 @@
     "Secret key" : "საიდუმლო გასაღები",
     "Add client" : "კლიენტის დამატება",
     "Add" : "დამატება",
-    "Delete" : "წაშლა",
     "Show client secret" : "გამოაჩინე კლიენტის საიდუმლო",
-    "Secret" : "საიდუმლო"
+    "Delete" : "წაშლა"
 },"pluralForm" :"nplurals=2; plural=(n!=1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ko.js b/apps/oauth2/l10n/ko.js
index ee7d22fa55e..8a9da68e958 100644
--- a/apps/oauth2/l10n/ko.js
+++ b/apps/oauth2/l10n/ko.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "비밀 키",
     "Add client" : "클라이언트 추가",
     "Add" : "추가",
-    "Delete" : "삭제",
     "Show client secret" : "클라이언트 비밀 값 표시",
-    "Secret" : "비밀 값"
+    "Delete" : "삭제"
 },
 "nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/ko.json b/apps/oauth2/l10n/ko.json
index 5cbc6a7bb61..fd689b591f7 100644
--- a/apps/oauth2/l10n/ko.json
+++ b/apps/oauth2/l10n/ko.json
@@ -12,8 +12,7 @@
     "Secret key" : "비밀 키",
     "Add client" : "클라이언트 추가",
     "Add" : "추가",
-    "Delete" : "삭제",
     "Show client secret" : "클라이언트 비밀 값 표시",
-    "Secret" : "비밀 값"
+    "Delete" : "삭제"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/lt_LT.js b/apps/oauth2/l10n/lt_LT.js
index 595262e0ee6..d6ba78db8e1 100644
--- a/apps/oauth2/l10n/lt_LT.js
+++ b/apps/oauth2/l10n/lt_LT.js
@@ -12,7 +12,6 @@ OC.L10N.register(
     "Secret key" : "Slaptasis raktas",
     "Add client" : "Pridėti klientą",
     "Add" : "Pridėti",
-    "Delete" : "Ištrinti",
-    "Secret" : "Paslaptis"
+    "Delete" : "Ištrinti"
 },
 "nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);");
diff --git a/apps/oauth2/l10n/lt_LT.json b/apps/oauth2/l10n/lt_LT.json
index 560ca338e54..fed347c6a89 100644
--- a/apps/oauth2/l10n/lt_LT.json
+++ b/apps/oauth2/l10n/lt_LT.json
@@ -10,7 +10,6 @@
     "Secret key" : "Slaptasis raktas",
     "Add client" : "Pridėti klientą",
     "Add" : "Pridėti",
-    "Delete" : "Ištrinti",
-    "Secret" : "Paslaptis"
+    "Delete" : "Ištrinti"
 },"pluralForm" :"nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/lv.js b/apps/oauth2/l10n/lv.js
index 0b0f518a0a5..a6df308f198 100644
--- a/apps/oauth2/l10n/lv.js
+++ b/apps/oauth2/l10n/lv.js
@@ -4,7 +4,7 @@ OC.L10N.register(
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Tavam pārvirzīšanas URL ir jābūt pilnam URL, piemēram https://yourdomain.com/path",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "Ļauj OAuth2 saderīgu autentifikāciju citām tīmekļa lietotnēm.",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 lietotne ļauj administratoriem konfigurēt iebūvēto autentifikācijas darbplūsmu un ļauj OAuth2 saderīgu autentifikāciju citām web lietotnēm.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 lietotne ļauj pārvaldītājiem konfigurēt iebūvēto autentificēšanās darbplūsmu un ļauj ar OAuth2 saderīgu autentificēšanos no citām tīmekļa lietotnēm.",
     "OAuth 2.0 clients" : "OAuth 2.0 klients",
     "Name" : "Nosaukums",
     "Redirection URI" : "Pārvirzāmais URI",
@@ -12,7 +12,6 @@ OC.L10N.register(
     "Secret key" : "Slepenā atslēga",
     "Add client" : "Pievienot klientu",
     "Add" : "Pievienot",
-    "Delete" : "Dzēst",
-    "Secret" : "Noslēpums"
+    "Delete" : "Izdzēst"
 },
 "nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);");
diff --git a/apps/oauth2/l10n/lv.json b/apps/oauth2/l10n/lv.json
index 620cec29a00..3fddb2506ac 100644
--- a/apps/oauth2/l10n/lv.json
+++ b/apps/oauth2/l10n/lv.json
@@ -2,7 +2,7 @@
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "Tavam pārvirzīšanas URL ir jābūt pilnam URL, piemēram https://yourdomain.com/path",
     "OAuth 2.0" : "OAuth 2.0",
     "Allows OAuth2 compatible authentication from other web applications." : "Ļauj OAuth2 saderīgu autentifikāciju citām tīmekļa lietotnēm.",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 lietotne ļauj administratoriem konfigurēt iebūvēto autentifikācijas darbplūsmu un ļauj OAuth2 saderīgu autentifikāciju citām web lietotnēm.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 lietotne ļauj pārvaldītājiem konfigurēt iebūvēto autentificēšanās darbplūsmu un ļauj ar OAuth2 saderīgu autentificēšanos no citām tīmekļa lietotnēm.",
     "OAuth 2.0 clients" : "OAuth 2.0 klients",
     "Name" : "Nosaukums",
     "Redirection URI" : "Pārvirzāmais URI",
@@ -10,7 +10,6 @@
     "Secret key" : "Slepenā atslēga",
     "Add client" : "Pievienot klientu",
     "Add" : "Pievienot",
-    "Delete" : "Dzēst",
-    "Secret" : "Noslēpums"
+    "Delete" : "Izdzēst"
 },"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/mk.js b/apps/oauth2/l10n/mk.js
index 9d05509bd87..3ef703ea529 100644
--- a/apps/oauth2/l10n/mk.js
+++ b/apps/oauth2/l10n/mk.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Таен клуч",
     "Add client" : "Додади клиент",
     "Add" : "Додади",
-    "Delete" : "Избриши",
     "Show client secret" : "Прикажи тајна на клиент",
-    "Secret" : "Тајна"
+    "Delete" : "Избриши"
 },
 "nplurals=2; plural=(n % 10 == 1 && n % 100 != 11) ? 0 : 1;");
diff --git a/apps/oauth2/l10n/mk.json b/apps/oauth2/l10n/mk.json
index 041c4e316cb..993f4112fb1 100644
--- a/apps/oauth2/l10n/mk.json
+++ b/apps/oauth2/l10n/mk.json
@@ -12,8 +12,7 @@
     "Secret key" : "Таен клуч",
     "Add client" : "Додади клиент",
     "Add" : "Додади",
-    "Delete" : "Избриши",
     "Show client secret" : "Прикажи тајна на клиент",
-    "Secret" : "Тајна"
+    "Delete" : "Избриши"
 },"pluralForm" :"nplurals=2; plural=(n % 10 == 1 && n % 100 != 11) ? 0 : 1;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/nb.js b/apps/oauth2/l10n/nb.js
index a4dc29324ac..9cf61c0eed0 100644
--- a/apps/oauth2/l10n/nb.js
+++ b/apps/oauth2/l10n/nb.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Klient-identifikator",
     "Secret key" : "Hemmelig nøkkel",
     "Delete client" : "Slett klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Pass på at du oppbevarer den hemmelige nøkkelen, den kan ikke gjenopprettes.",
     "Add client" : "Legg til klient",
     "Add" : "Legg til",
-    "Delete" : "Slett",
     "Show client secret" : "Vis klients hemmelighet",
     "Hide client secret" : "Skjul klienthemmelighet",
-    "Secret" : "Hemmelighet"
+    "Delete" : "Slett"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/nb.json b/apps/oauth2/l10n/nb.json
index ffd403c05f4..70154349c8b 100644
--- a/apps/oauth2/l10n/nb.json
+++ b/apps/oauth2/l10n/nb.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Klient-identifikator",
     "Secret key" : "Hemmelig nøkkel",
     "Delete client" : "Slett klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Pass på at du oppbevarer den hemmelige nøkkelen, den kan ikke gjenopprettes.",
     "Add client" : "Legg til klient",
     "Add" : "Legg til",
-    "Delete" : "Slett",
     "Show client secret" : "Vis klients hemmelighet",
     "Hide client secret" : "Skjul klienthemmelighet",
-    "Secret" : "Hemmelighet"
+    "Delete" : "Slett"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/nl.js b/apps/oauth2/l10n/nl.js
index 4cb7fec074a..f27d2a062d8 100644
--- a/apps/oauth2/l10n/nl.js
+++ b/apps/oauth2/l10n/nl.js
@@ -12,10 +12,12 @@ OC.L10N.register(
     "Redirection URI" : "Omeiding URI",
     "Client Identifier" : "Client identificatie",
     "Secret key" : "Geheime sleutel",
+    "Delete client" : "Client verwijderen",
+    "Make sure you store the secret key, it cannot be recovered." : "Zorg ervoor dat je de geheime sleutel opslaat, deze kan niet worden hersteld.",
     "Add client" : "Voeg client toe",
     "Add" : "Toevoegen",
-    "Delete" : "verwijderen",
-    "Show client secret" : "Tonen client secret",
-    "Secret" : "Geheim"
+    "Show client secret" : "Geheime sleutel van cliënt weergeven",
+    "Hide client secret" : "Geheime sleutel van cliënt verbergen",
+    "Delete" : "verwijderen"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/nl.json b/apps/oauth2/l10n/nl.json
index 732956e6ca5..c66631b5750 100644
--- a/apps/oauth2/l10n/nl.json
+++ b/apps/oauth2/l10n/nl.json
@@ -10,10 +10,12 @@
     "Redirection URI" : "Omeiding URI",
     "Client Identifier" : "Client identificatie",
     "Secret key" : "Geheime sleutel",
+    "Delete client" : "Client verwijderen",
+    "Make sure you store the secret key, it cannot be recovered." : "Zorg ervoor dat je de geheime sleutel opslaat, deze kan niet worden hersteld.",
     "Add client" : "Voeg client toe",
     "Add" : "Toevoegen",
-    "Delete" : "verwijderen",
-    "Show client secret" : "Tonen client secret",
-    "Secret" : "Geheim"
+    "Show client secret" : "Geheime sleutel van cliënt weergeven",
+    "Hide client secret" : "Geheime sleutel van cliënt verbergen",
+    "Delete" : "verwijderen"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/oc.js b/apps/oauth2/l10n/oc.js
index c27e9b621c0..8b114800cd1 100644
--- a/apps/oauth2/l10n/oc.js
+++ b/apps/oauth2/l10n/oc.js
@@ -11,8 +11,7 @@ OC.L10N.register(
     "Client Identifier" : "Identificador client",
     "Add client" : "Apondre un client",
     "Add" : "Apondre",
-    "Delete" : "Suprimir",
     "Show client secret" : "Afichar lo secret del client",
-    "Secret" : "Secret"
+    "Delete" : "Suprimir"
 },
 "nplurals=2; plural=(n > 1);");
diff --git a/apps/oauth2/l10n/oc.json b/apps/oauth2/l10n/oc.json
index e1a5fbfef1d..cee27e15d72 100644
--- a/apps/oauth2/l10n/oc.json
+++ b/apps/oauth2/l10n/oc.json
@@ -9,8 +9,7 @@
     "Client Identifier" : "Identificador client",
     "Add client" : "Apondre un client",
     "Add" : "Apondre",
-    "Delete" : "Suprimir",
     "Show client secret" : "Afichar lo secret del client",
-    "Secret" : "Secret"
+    "Delete" : "Suprimir"
 },"pluralForm" :"nplurals=2; plural=(n > 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/pl.js b/apps/oauth2/l10n/pl.js
index 42a6249a83f..50a5f361808 100644
--- a/apps/oauth2/l10n/pl.js
+++ b/apps/oauth2/l10n/pl.js
@@ -13,10 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identyfikator Klienta",
     "Secret key" : "Tajny klucz",
     "Delete client" : "Usuń klienta",
+    "Make sure you store the secret key, it cannot be recovered." : "Upewnij się, że przechowujesz klucz tajny, gdyż nie będzie można go odzyskać.",
     "Add client" : "Dodaj klienta",
     "Add" : "Dodaj",
-    "Delete" : "Usuń",
     "Show client secret" : "Pokaż tajny klucz klienta",
-    "Secret" : "Tajny klucz"
+    "Hide client secret" : "Ukryj tajny klucz klienta",
+    "Delete" : "Usuń"
 },
 "nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);");
diff --git a/apps/oauth2/l10n/pl.json b/apps/oauth2/l10n/pl.json
index 945cba48977..09ac52e38c7 100644
--- a/apps/oauth2/l10n/pl.json
+++ b/apps/oauth2/l10n/pl.json
@@ -11,10 +11,11 @@
     "Client Identifier" : "Identyfikator Klienta",
     "Secret key" : "Tajny klucz",
     "Delete client" : "Usuń klienta",
+    "Make sure you store the secret key, it cannot be recovered." : "Upewnij się, że przechowujesz klucz tajny, gdyż nie będzie można go odzyskać.",
     "Add client" : "Dodaj klienta",
     "Add" : "Dodaj",
-    "Delete" : "Usuń",
     "Show client secret" : "Pokaż tajny klucz klienta",
-    "Secret" : "Tajny klucz"
+    "Hide client secret" : "Ukryj tajny klucz klienta",
+    "Delete" : "Usuń"
 },"pluralForm" :"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/pt_BR.js b/apps/oauth2/l10n/pt_BR.js
index a4182414018..4d390ef783e 100644
--- a/apps/oauth2/l10n/pt_BR.js
+++ b/apps/oauth2/l10n/pt_BR.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identificador do Cliente",
     "Secret key" : "Chave secreta",
     "Delete client" : "Excluir cliente",
+    "Make sure you store the secret key, it cannot be recovered." : "Certifique-se de armazenar a chave secreta, ela não pode ser recuperada.",
     "Add client" : "Adicionar cliente",
     "Add" : "Adicionar",
-    "Delete" : "Excluir",
     "Show client secret" : "Mostra senha do cliente",
     "Hide client secret" : "Ocultar segredo do cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Excluir"
 },
 "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/pt_BR.json b/apps/oauth2/l10n/pt_BR.json
index f0c9ebcf514..4407ca4c591 100644
--- a/apps/oauth2/l10n/pt_BR.json
+++ b/apps/oauth2/l10n/pt_BR.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Identificador do Cliente",
     "Secret key" : "Chave secreta",
     "Delete client" : "Excluir cliente",
+    "Make sure you store the secret key, it cannot be recovered." : "Certifique-se de armazenar a chave secreta, ela não pode ser recuperada.",
     "Add client" : "Adicionar cliente",
     "Add" : "Adicionar",
-    "Delete" : "Excluir",
     "Show client secret" : "Mostra senha do cliente",
     "Hide client secret" : "Ocultar segredo do cliente",
-    "Secret" : "Secreto"
+    "Delete" : "Excluir"
 },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/pt_PT.js b/apps/oauth2/l10n/pt_PT.js
index 268143ab9d4..09f9f952d30 100644
--- a/apps/oauth2/l10n/pt_PT.js
+++ b/apps/oauth2/l10n/pt_PT.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Código secreto",
     "Add client" : "Adicionar cliente",
     "Add" : "Adicionar",
-    "Delete" : "Apagar",
     "Show client secret" : "Mostrar segredo do cliente",
-    "Secret" : "Segredo"
+    "Delete" : "Apagar"
 },
 "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
diff --git a/apps/oauth2/l10n/pt_PT.json b/apps/oauth2/l10n/pt_PT.json
index 1510958882c..37b9ea94e98 100644
--- a/apps/oauth2/l10n/pt_PT.json
+++ b/apps/oauth2/l10n/pt_PT.json
@@ -12,8 +12,7 @@
     "Secret key" : "Código secreto",
     "Add client" : "Adicionar cliente",
     "Add" : "Adicionar",
-    "Delete" : "Apagar",
     "Show client secret" : "Mostrar segredo do cliente",
-    "Secret" : "Segredo"
+    "Delete" : "Apagar"
 },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ru.js b/apps/oauth2/l10n/ru.js
index a716fee4b81..0566016ee23 100644
--- a/apps/oauth2/l10n/ru.js
+++ b/apps/oauth2/l10n/ru.js
@@ -13,10 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Идентификатор клиента",
     "Secret key" : "Секретный ключ",
     "Delete client" : "Удалить клиент",
+    "Make sure you store the secret key, it cannot be recovered." : "Убедитесь, что вы сохранили секретный ключ, он не может быть восстановлен.",
     "Add client" : "Добавить клиент",
     "Add" : "Добавить",
-    "Delete" : "Удалить",
     "Show client secret" : "Показать секретный ключ клиента",
-    "Secret" : "Секрет"
+    "Hide client secret" : "Скрыть секрет клиента",
+    "Delete" : "Удалить"
 },
 "nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);");
diff --git a/apps/oauth2/l10n/ru.json b/apps/oauth2/l10n/ru.json
index 8c70a1002ed..0e34793a1a1 100644
--- a/apps/oauth2/l10n/ru.json
+++ b/apps/oauth2/l10n/ru.json
@@ -11,10 +11,11 @@
     "Client Identifier" : "Идентификатор клиента",
     "Secret key" : "Секретный ключ",
     "Delete client" : "Удалить клиент",
+    "Make sure you store the secret key, it cannot be recovered." : "Убедитесь, что вы сохранили секретный ключ, он не может быть восстановлен.",
     "Add client" : "Добавить клиент",
     "Add" : "Добавить",
-    "Delete" : "Удалить",
     "Show client secret" : "Показать секретный ключ клиента",
-    "Secret" : "Секрет"
+    "Hide client secret" : "Скрыть секрет клиента",
+    "Delete" : "Удалить"
 },"pluralForm" :"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sc.js b/apps/oauth2/l10n/sc.js
index d56748cadf5..833214ed6d7 100644
--- a/apps/oauth2/l10n/sc.js
+++ b/apps/oauth2/l10n/sc.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Crae segreta",
     "Add client" : "Agiunghe cliente",
     "Add" : "Agiunghe",
-    "Delete" : "Cantzella",
     "Show client secret" : "Mustra su segretu de su cliente",
-    "Secret" : "Segretu"
+    "Delete" : "Cantzella"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/sc.json b/apps/oauth2/l10n/sc.json
index 2824d7ad4fc..61e866c2a39 100644
--- a/apps/oauth2/l10n/sc.json
+++ b/apps/oauth2/l10n/sc.json
@@ -12,8 +12,7 @@
     "Secret key" : "Crae segreta",
     "Add client" : "Agiunghe cliente",
     "Add" : "Agiunghe",
-    "Delete" : "Cantzella",
     "Show client secret" : "Mustra su segretu de su cliente",
-    "Secret" : "Segretu"
+    "Delete" : "Cantzella"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/si.js b/apps/oauth2/l10n/si.js
index 300593a309e..6dc3386f6ae 100644
--- a/apps/oauth2/l10n/si.js
+++ b/apps/oauth2/l10n/si.js
@@ -12,7 +12,6 @@ OC.L10N.register(
     "Secret key" : "රහස්‍ය යතුර",
     "Add client" : "අනුග්‍රාහකයක් එකතු කරන්න",
     "Add" : "එකතු කරන්න",
-    "Show client secret" : "අනුග්‍රාහකයේ රහස්‍යතාව පෙන්වන්න",
-    "Secret" : "රහස"
+    "Show client secret" : "අනුග්‍රාහකයේ රහස්‍යතාව පෙන්වන්න"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/si.json b/apps/oauth2/l10n/si.json
index 1f4eb30e7f5..335d13c7a0c 100644
--- a/apps/oauth2/l10n/si.json
+++ b/apps/oauth2/l10n/si.json
@@ -10,7 +10,6 @@
     "Secret key" : "රහස්‍ය යතුර",
     "Add client" : "අනුග්‍රාහකයක් එකතු කරන්න",
     "Add" : "එකතු කරන්න",
-    "Show client secret" : "අනුග්‍රාහකයේ රහස්‍යතාව පෙන්වන්න",
-    "Secret" : "රහස"
+    "Show client secret" : "අනුග්‍රාහකයේ රහස්‍යතාව පෙන්වන්න"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sk.js b/apps/oauth2/l10n/sk.js
index 27e87aa5070..5bd63fde0ff 100644
--- a/apps/oauth2/l10n/sk.js
+++ b/apps/oauth2/l10n/sk.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Identifikátor klienta",
     "Secret key" : "Tajný kľúč",
     "Delete client" : "Odstrániť klienta",
+    "Make sure you store the secret key, it cannot be recovered." : "Uistite sa, že ste uložili tajný kľúč. Nedá sa obnoviť.",
     "Add client" : "Pridať klienta",
     "Add" : "Pridať",
-    "Delete" : "Zmazať",
     "Show client secret" : "Zobraziť tajomstvo klienta",
     "Hide client secret" : "Skryť klienta",
-    "Secret" : "Tajný kľúč"
+    "Delete" : "Zmazať"
 },
 "nplurals=4; plural=(n % 1 == 0 && n == 1 ? 0 : n % 1 == 0 && n >= 2 && n <= 4 ? 1 : n % 1 != 0 ? 2: 3);");
diff --git a/apps/oauth2/l10n/sk.json b/apps/oauth2/l10n/sk.json
index 97746e6b5f0..f7f9ac19229 100644
--- a/apps/oauth2/l10n/sk.json
+++ b/apps/oauth2/l10n/sk.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Identifikátor klienta",
     "Secret key" : "Tajný kľúč",
     "Delete client" : "Odstrániť klienta",
+    "Make sure you store the secret key, it cannot be recovered." : "Uistite sa, že ste uložili tajný kľúč. Nedá sa obnoviť.",
     "Add client" : "Pridať klienta",
     "Add" : "Pridať",
-    "Delete" : "Zmazať",
     "Show client secret" : "Zobraziť tajomstvo klienta",
     "Hide client secret" : "Skryť klienta",
-    "Secret" : "Tajný kľúč"
+    "Delete" : "Zmazať"
 },"pluralForm" :"nplurals=4; plural=(n % 1 == 0 && n == 1 ? 0 : n % 1 == 0 && n >= 2 && n <= 4 ? 1 : n % 1 != 0 ? 2: 3);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sl.js b/apps/oauth2/l10n/sl.js
index 1533b8a8d6a..5786c7d8b36 100644
--- a/apps/oauth2/l10n/sl.js
+++ b/apps/oauth2/l10n/sl.js
@@ -14,8 +14,7 @@ OC.L10N.register(
     "Secret key" : "Skrivni ključ",
     "Add client" : "Dodaj odjemalca",
     "Add" : "Dodaj",
-    "Delete" : "Izbriši",
     "Show client secret" : "Pokaži skrivno kodo odjemalca",
-    "Secret" : "Skrivna koda"
+    "Delete" : "Izbriši"
 },
 "nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);");
diff --git a/apps/oauth2/l10n/sl.json b/apps/oauth2/l10n/sl.json
index cb7e6046cff..a419d4c3263 100644
--- a/apps/oauth2/l10n/sl.json
+++ b/apps/oauth2/l10n/sl.json
@@ -12,8 +12,7 @@
     "Secret key" : "Skrivni ključ",
     "Add client" : "Dodaj odjemalca",
     "Add" : "Dodaj",
-    "Delete" : "Izbriši",
     "Show client secret" : "Pokaži skrivno kodo odjemalca",
-    "Secret" : "Skrivna koda"
+    "Delete" : "Izbriši"
 },"pluralForm" :"nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sq.js b/apps/oauth2/l10n/sq.js
index d98520d87ea..fe81fb5069d 100644
--- a/apps/oauth2/l10n/sq.js
+++ b/apps/oauth2/l10n/sq.js
@@ -9,7 +9,6 @@ OC.L10N.register(
     "Secret key" : "Kyç i fshehtë",
     "Add client" : "Shto klient",
     "Add" : "Shto ",
-    "Delete" : "Delete",
-    "Secret" : "Sekret"
+    "Delete" : "Delete"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/sq.json b/apps/oauth2/l10n/sq.json
index 7a267bbca10..c6623df185a 100644
--- a/apps/oauth2/l10n/sq.json
+++ b/apps/oauth2/l10n/sq.json
@@ -7,7 +7,6 @@
     "Secret key" : "Kyç i fshehtë",
     "Add client" : "Shto klient",
     "Add" : "Shto ",
-    "Delete" : "Delete",
-    "Secret" : "Sekret"
+    "Delete" : "Delete"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sr.js b/apps/oauth2/l10n/sr.js
index 05730734e24..9ec881c1a2a 100644
--- a/apps/oauth2/l10n/sr.js
+++ b/apps/oauth2/l10n/sr.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Идентификација клијента",
     "Secret key" : "Тајни кључ ",
     "Delete client" : "Обриши клијента",
+    "Make sure you store the secret key, it cannot be recovered." : "Сачувајте тајни кључ, нећете моћи поново да му приступите.",
     "Add client" : "Додај клијента",
     "Add" : "Додај",
-    "Delete" : "Обриши",
     "Show client secret" : "Прикажи клијентску лозинку",
     "Hide client secret" : "Сакриј клијентску тајну",
-    "Secret" : "Тајна"
+    "Delete" : "Обриши"
 },
 "nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);");
diff --git a/apps/oauth2/l10n/sr.json b/apps/oauth2/l10n/sr.json
index f28009d4f42..815e73ada5a 100644
--- a/apps/oauth2/l10n/sr.json
+++ b/apps/oauth2/l10n/sr.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Идентификација клијента",
     "Secret key" : "Тајни кључ ",
     "Delete client" : "Обриши клијента",
+    "Make sure you store the secret key, it cannot be recovered." : "Сачувајте тајни кључ, нећете моћи поново да му приступите.",
     "Add client" : "Додај клијента",
     "Add" : "Додај",
-    "Delete" : "Обриши",
     "Show client secret" : "Прикажи клијентску лозинку",
     "Hide client secret" : "Сакриј клијентску тајну",
-    "Secret" : "Тајна"
+    "Delete" : "Обриши"
 },"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sv.js b/apps/oauth2/l10n/sv.js
index 60b8e0fb67e..4d55cf91c3a 100644
--- a/apps/oauth2/l10n/sv.js
+++ b/apps/oauth2/l10n/sv.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Klientidentifierare",
     "Secret key" : "Hemlig nyckel",
     "Delete client" : "Ta bort klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Se till att du lagrar den hemliga nyckeln, den kan inte återställas.",
     "Add client" : "Lägg till klient",
     "Add" : "Lägg till",
-    "Delete" : "Ta bort",
     "Show client secret" : "Visa klienthemlighet",
     "Hide client secret" : "Dölj klienthemlighet",
-    "Secret" : "Hemlighet"
+    "Delete" : "Ta bort"
 },
 "nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/sv.json b/apps/oauth2/l10n/sv.json
index 86a4839211c..064e6923f96 100644
--- a/apps/oauth2/l10n/sv.json
+++ b/apps/oauth2/l10n/sv.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Klientidentifierare",
     "Secret key" : "Hemlig nyckel",
     "Delete client" : "Ta bort klient",
+    "Make sure you store the secret key, it cannot be recovered." : "Se till att du lagrar den hemliga nyckeln, den kan inte återställas.",
     "Add client" : "Lägg till klient",
     "Add" : "Lägg till",
-    "Delete" : "Ta bort",
     "Show client secret" : "Visa klienthemlighet",
     "Hide client secret" : "Dölj klienthemlighet",
-    "Secret" : "Hemlighet"
+    "Delete" : "Ta bort"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/sw.js b/apps/oauth2/l10n/sw.js
new file mode 100644
index 00000000000..44e346ffa4f
--- /dev/null
+++ b/apps/oauth2/l10n/sw.js
@@ -0,0 +1,23 @@
+OC.L10N.register(
+    "oauth2",
+    {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Mteja wako hajaidhinishwa kuunganisha. Tafadhali mjulishe msimamizi wa mteja wako.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "URL yako ya kuelekeza kwingine inahitaji kuwa URL kamili kwa mfano: https://yourdomain.com/path",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Huruhusu uthibitishaji tangamanifu wa OAuth2 kutoka kwa programu zingine za wavuti.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "Programu ya OAuth2 huruhusu wasimamizi kusanidi utendakazi wa uthibitishaji uliojengewa ndani ili kuruhusu pia uthibitishaji unaooana na OAuth2 kutoka kwa programu zingine za wavuti.",
+    "OAuth 2.0 clients" : "OAuth 2.0 clients",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 inaruhusu huduma za nje kuomba ufikiaji {instanceName}.",
+    "Name" : "Jina",
+    "Redirection URI" : "URI ya kuelekeza kwingine",
+    "Client Identifier" : "Kitambulisho cha Mteja",
+    "Secret key" : "Ufunguo wa siri",
+    "Delete client" : "Futa mteja",
+    "Make sure you store the secret key, it cannot be recovered." : "Hakikisha umehifadhi ufunguo wa siri, hauwezi kurejeshwa.",
+    "Add client" : "Ongeza mteja",
+    "Add" : "Ongeza",
+    "Show client secret" : "Onyesha siri ya mteja",
+    "Hide client secret" : "Ficha siri ya mteja",
+    "Delete" : "Futa"
+},
+"nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/sw.json b/apps/oauth2/l10n/sw.json
new file mode 100644
index 00000000000..0bdbdd3a440
--- /dev/null
+++ b/apps/oauth2/l10n/sw.json
@@ -0,0 +1,21 @@
+{ "translations": {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "Mteja wako hajaidhinishwa kuunganisha. Tafadhali mjulishe msimamizi wa mteja wako.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "URL yako ya kuelekeza kwingine inahitaji kuwa URL kamili kwa mfano: https://yourdomain.com/path",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "Huruhusu uthibitishaji tangamanifu wa OAuth2 kutoka kwa programu zingine za wavuti.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "Programu ya OAuth2 huruhusu wasimamizi kusanidi utendakazi wa uthibitishaji uliojengewa ndani ili kuruhusu pia uthibitishaji unaooana na OAuth2 kutoka kwa programu zingine za wavuti.",
+    "OAuth 2.0 clients" : "OAuth 2.0 clients",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 inaruhusu huduma za nje kuomba ufikiaji {instanceName}.",
+    "Name" : "Jina",
+    "Redirection URI" : "URI ya kuelekeza kwingine",
+    "Client Identifier" : "Kitambulisho cha Mteja",
+    "Secret key" : "Ufunguo wa siri",
+    "Delete client" : "Futa mteja",
+    "Make sure you store the secret key, it cannot be recovered." : "Hakikisha umehifadhi ufunguo wa siri, hauwezi kurejeshwa.",
+    "Add client" : "Ongeza mteja",
+    "Add" : "Ongeza",
+    "Show client secret" : "Onyesha siri ya mteja",
+    "Hide client secret" : "Ficha siri ya mteja",
+    "Delete" : "Futa"
+},"pluralForm" :"nplurals=2; plural=(n != 1);"
+}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/tr.js b/apps/oauth2/l10n/tr.js
index 7ddf5bd89b4..eb672477de8 100644
--- a/apps/oauth2/l10n/tr.js
+++ b/apps/oauth2/l10n/tr.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "İstemci belirteci",
     "Secret key" : "Gizli anahtar",
     "Delete client" : "İstemciyi sil",
+    "Make sure you store the secret key, it cannot be recovered." : "Yeniden öğrenilemeyeceği için gizli anahtarı kaydettiğinizden emin olun.",
     "Add client" : "İstemci ekle",
     "Add" : "Ekle",
-    "Delete" : "Sil",
     "Show client secret" : "İstemci parolasını görüntüle",
     "Hide client secret" : "İstemci parolasını gizle",
-    "Secret" : "Parola"
+    "Delete" : "Sil"
 },
 "nplurals=2; plural=(n > 1);");
diff --git a/apps/oauth2/l10n/tr.json b/apps/oauth2/l10n/tr.json
index 0c397850c9d..ec9e8fc1e83 100644
--- a/apps/oauth2/l10n/tr.json
+++ b/apps/oauth2/l10n/tr.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "İstemci belirteci",
     "Secret key" : "Gizli anahtar",
     "Delete client" : "İstemciyi sil",
+    "Make sure you store the secret key, it cannot be recovered." : "Yeniden öğrenilemeyeceği için gizli anahtarı kaydettiğinizden emin olun.",
     "Add client" : "İstemci ekle",
     "Add" : "Ekle",
-    "Delete" : "Sil",
     "Show client secret" : "İstemci parolasını görüntüle",
     "Hide client secret" : "İstemci parolasını gizle",
-    "Secret" : "Parola"
+    "Delete" : "Sil"
 },"pluralForm" :"nplurals=2; plural=(n > 1);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/ug.js b/apps/oauth2/l10n/ug.js
new file mode 100644
index 00000000000..89db1a948ef
--- /dev/null
+++ b/apps/oauth2/l10n/ug.js
@@ -0,0 +1,23 @@
+OC.L10N.register(
+    "oauth2",
+    {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "خېرىدارىڭىزنىڭ ئۇلىنىش ھوقۇقى يوق. خېرىدارىڭىزنىڭ باشقۇرغۇچىغا خەۋەر قىلىڭ.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "قايتا نىشانلانغان URL ئادرېسىڭىز تولۇق URL بولۇشى كېرەك: https://yourdomain.com/path",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "باشقا تور پروگراممىلىرىدىن OAuth2 ماسلاشتۇرۇلغان دەلىللەشكە يول قويىدۇ.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 دېتالى باشقۇرغۇچىنىڭ ئىچىگە دەلىللەش خىزمەت ئېقىمىنى سەپلەپ ، باشقا تور قوللىنىشچان پروگراممىلىرىنىڭ OAuth2 ماسلاشتۇرۇلغان دەلىللىشىگە يول قويىدۇ.",
+    "OAuth 2.0 clients" : "OAuth 2.0 خېرىدارى",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 سىرتقى مۇلازىمەتلەرنىڭ {instanceName} access نى زىيارەت قىلىشىنى تەلەپ قىلىدۇ.",
+    "Name" : "ئاتى",
+    "Redirection URI" : "قايتا نىشانلاش URI",
+    "Client Identifier" : "Client Identifier",
+    "Secret key" : "مەخپىي ئاچقۇچ",
+    "Delete client" : "خېرىدارنى ئۆچۈرۈڭ",
+    "Make sure you store the secret key, it cannot be recovered." : "مەخپىي ئاچقۇچنى ساقلىغانلىقىڭىزنى جەزملەشتۈرۈڭ ، ئەسلىگە كەلتۈرگىلى بولمايدۇ.",
+    "Add client" : "خېرىدار قوشۇڭ",
+    "Add" : "قوش",
+    "Show client secret" : "خېرىدارلارنىڭ مەخپىيىتىنى كۆرسىتىڭ",
+    "Hide client secret" : "خېرىدارلارنىڭ مەخپىيىتىنى يوشۇرۇش",
+    "Delete" : "ئۆچۈر"
+},
+"nplurals=2; plural=(n != 1);");
diff --git a/apps/oauth2/l10n/ug.json b/apps/oauth2/l10n/ug.json
new file mode 100644
index 00000000000..4dac11f85c2
--- /dev/null
+++ b/apps/oauth2/l10n/ug.json
@@ -0,0 +1,21 @@
+{ "translations": {
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "خېرىدارىڭىزنىڭ ئۇلىنىش ھوقۇقى يوق. خېرىدارىڭىزنىڭ باشقۇرغۇچىغا خەۋەر قىلىڭ.",
+    "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "قايتا نىشانلانغان URL ئادرېسىڭىز تولۇق URL بولۇشى كېرەك: https://yourdomain.com/path",
+    "OAuth 2.0" : "OAuth 2.0",
+    "Allows OAuth2 compatible authentication from other web applications." : "باشقا تور پروگراممىلىرىدىن OAuth2 ماسلاشتۇرۇلغان دەلىللەشكە يول قويىدۇ.",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 دېتالى باشقۇرغۇچىنىڭ ئىچىگە دەلىللەش خىزمەت ئېقىمىنى سەپلەپ ، باشقا تور قوللىنىشچان پروگراممىلىرىنىڭ OAuth2 ماسلاشتۇرۇلغان دەلىللىشىگە يول قويىدۇ.",
+    "OAuth 2.0 clients" : "OAuth 2.0 خېرىدارى",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 سىرتقى مۇلازىمەتلەرنىڭ {instanceName} access نى زىيارەت قىلىشىنى تەلەپ قىلىدۇ.",
+    "Name" : "ئاتى",
+    "Redirection URI" : "قايتا نىشانلاش URI",
+    "Client Identifier" : "Client Identifier",
+    "Secret key" : "مەخپىي ئاچقۇچ",
+    "Delete client" : "خېرىدارنى ئۆچۈرۈڭ",
+    "Make sure you store the secret key, it cannot be recovered." : "مەخپىي ئاچقۇچنى ساقلىغانلىقىڭىزنى جەزملەشتۈرۈڭ ، ئەسلىگە كەلتۈرگىلى بولمايدۇ.",
+    "Add client" : "خېرىدار قوشۇڭ",
+    "Add" : "قوش",
+    "Show client secret" : "خېرىدارلارنىڭ مەخپىيىتىنى كۆرسىتىڭ",
+    "Hide client secret" : "خېرىدارلارنىڭ مەخپىيىتىنى يوشۇرۇش",
+    "Delete" : "ئۆچۈر"
+},"pluralForm" :"nplurals=2; plural=(n != 1);"
+}
\ No newline at end of file
diff --git a/apps/oauth2/l10n/uk.js b/apps/oauth2/l10n/uk.js
index cebd6d0a8e4..8c3b6433b20 100644
--- a/apps/oauth2/l10n/uk.js
+++ b/apps/oauth2/l10n/uk.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "Ідентифікатор клієнта",
     "Secret key" : "Пароль",
     "Delete client" : "Вилучити клієнта",
+    "Make sure you store the secret key, it cannot be recovered." : "Обов'язково збережіть секретний ключ, його неможливо відновити.",
     "Add client" : "Додати клієнта",
     "Add" : "Додати",
-    "Delete" : "Вилучити",
     "Show client secret" : "Показати ключ клієнта",
     "Hide client secret" : "Приховати ключ клієнта",
-    "Secret" : "Секретне"
+    "Delete" : "Вилучити"
 },
 "nplurals=4; plural=(n % 1 == 0 && n % 10 == 1 && n % 100 != 11 ? 0 : n % 1 == 0 && n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 12 || n % 100 > 14) ? 1 : n % 1 == 0 && (n % 10 ==0 || (n % 10 >=5 && n % 10 <=9) || (n % 100 >=11 && n % 100 <=14 )) ? 2: 3);");
diff --git a/apps/oauth2/l10n/uk.json b/apps/oauth2/l10n/uk.json
index 6cd6d1e0b0a..ad7906e1795 100644
--- a/apps/oauth2/l10n/uk.json
+++ b/apps/oauth2/l10n/uk.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "Ідентифікатор клієнта",
     "Secret key" : "Пароль",
     "Delete client" : "Вилучити клієнта",
+    "Make sure you store the secret key, it cannot be recovered." : "Обов'язково збережіть секретний ключ, його неможливо відновити.",
     "Add client" : "Додати клієнта",
     "Add" : "Додати",
-    "Delete" : "Вилучити",
     "Show client secret" : "Показати ключ клієнта",
     "Hide client secret" : "Приховати ключ клієнта",
-    "Secret" : "Секретне"
+    "Delete" : "Вилучити"
 },"pluralForm" :"nplurals=4; plural=(n % 1 == 0 && n % 10 == 1 && n % 100 != 11 ? 0 : n % 1 == 0 && n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 12 || n % 100 > 14) ? 1 : n % 1 == 0 && (n % 10 ==0 || (n % 10 >=5 && n % 10 <=9) || (n % 100 >=11 && n % 100 <=14 )) ? 2: 3);"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/vi.js b/apps/oauth2/l10n/vi.js
index a1036a76c68..3800d4efd5f 100644
--- a/apps/oauth2/l10n/vi.js
+++ b/apps/oauth2/l10n/vi.js
@@ -13,8 +13,7 @@ OC.L10N.register(
     "Client Identifier" : "Mã định danh ứng dụng khách",
     "Add client" : "Thêm kết nối",
     "Add" : "Thêm",
-    "Delete" : "Xóa",
     "Show client secret" : "Hiện bí mật ứng dụng khách",
-    "Secret" : "Mật khẩu"
+    "Delete" : "Xóa"
 },
 "nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/vi.json b/apps/oauth2/l10n/vi.json
index 5c87181dd4a..c845ec0e30d 100644
--- a/apps/oauth2/l10n/vi.json
+++ b/apps/oauth2/l10n/vi.json
@@ -11,8 +11,7 @@
     "Client Identifier" : "Mã định danh ứng dụng khách",
     "Add client" : "Thêm kết nối",
     "Add" : "Thêm",
-    "Delete" : "Xóa",
     "Show client secret" : "Hiện bí mật ứng dụng khách",
-    "Secret" : "Mật khẩu"
+    "Delete" : "Xóa"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/zh_CN.js b/apps/oauth2/l10n/zh_CN.js
index d2d58de9182..5f2ee894089 100644
--- a/apps/oauth2/l10n/zh_CN.js
+++ b/apps/oauth2/l10n/zh_CN.js
@@ -11,12 +11,13 @@ OC.L10N.register(
     "Name" : "名称",
     "Redirection URI" : "跳转URI",
     "Client Identifier" : "客户端标识",
-    "Secret key" : "Secret key",
+    "Secret key" : "密钥",
     "Delete client" : "删除客户端",
+    "Make sure you store the secret key, it cannot be recovered." : "请确保您存储了密钥，它无法恢复。",
     "Add client" : "添加客户端",
     "Add" : "添加",
-    "Delete" : "删除",
-    "Show client secret" : "显示客户端 secret",
-    "Secret" : "Secret"
+    "Show client secret" : "显示客户端密钥",
+    "Hide client secret" : "隐藏客户端密钥",
+    "Delete" : "删除"
 },
 "nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/zh_CN.json b/apps/oauth2/l10n/zh_CN.json
index 50f3a01e33b..4b1c4270e48 100644
--- a/apps/oauth2/l10n/zh_CN.json
+++ b/apps/oauth2/l10n/zh_CN.json
@@ -9,12 +9,13 @@
     "Name" : "名称",
     "Redirection URI" : "跳转URI",
     "Client Identifier" : "客户端标识",
-    "Secret key" : "Secret key",
+    "Secret key" : "密钥",
     "Delete client" : "删除客户端",
+    "Make sure you store the secret key, it cannot be recovered." : "请确保您存储了密钥，它无法恢复。",
     "Add client" : "添加客户端",
     "Add" : "添加",
-    "Delete" : "删除",
-    "Show client secret" : "显示客户端 secret",
-    "Secret" : "Secret"
+    "Show client secret" : "显示客户端密钥",
+    "Hide client secret" : "隐藏客户端密钥",
+    "Delete" : "删除"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/zh_HK.js b/apps/oauth2/l10n/zh_HK.js
index 8ed58bfc9d3..727019e492c 100644
--- a/apps/oauth2/l10n/zh_HK.js
+++ b/apps/oauth2/l10n/zh_HK.js
@@ -13,11 +13,11 @@ OC.L10N.register(
     "Client Identifier" : "用戶識別",
     "Secret key" : "私密密鑰",
     "Delete client" : "刪除客戶端",
+    "Make sure you store the secret key, it cannot be recovered." : "請確保妥善保存密鑰，因為它無法復得。",
     "Add client" : "新增第三方應用程式",
     "Add" : "新增",
-    "Delete" : "刪除",
     "Show client secret" : "顯示客戶端密碼",
     "Hide client secret" : "隱藏客戶端密碼",
-    "Secret" : "密鑰"
+    "Delete" : "刪除"
 },
 "nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/zh_HK.json b/apps/oauth2/l10n/zh_HK.json
index c23b99914a3..1773d8ec559 100644
--- a/apps/oauth2/l10n/zh_HK.json
+++ b/apps/oauth2/l10n/zh_HK.json
@@ -11,11 +11,11 @@
     "Client Identifier" : "用戶識別",
     "Secret key" : "私密密鑰",
     "Delete client" : "刪除客戶端",
+    "Make sure you store the secret key, it cannot be recovered." : "請確保妥善保存密鑰，因為它無法復得。",
     "Add client" : "新增第三方應用程式",
     "Add" : "新增",
-    "Delete" : "刪除",
     "Show client secret" : "顯示客戶端密碼",
     "Hide client secret" : "隱藏客戶端密碼",
-    "Secret" : "密鑰"
+    "Delete" : "刪除"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/l10n/zh_TW.js b/apps/oauth2/l10n/zh_TW.js
index ba2dfd08e47..e61fe31d36b 100644
--- a/apps/oauth2/l10n/zh_TW.js
+++ b/apps/oauth2/l10n/zh_TW.js
@@ -1,23 +1,23 @@
 OC.L10N.register(
     "oauth2",
     {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "您的客戶端無權連線。請通知您客戶端的管理員。",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "您的客戶端無連線授權。請通知您客戶端的管理員。",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "您的重新導向 URL 必須為完整的 URL，例如：https://yourdomain.com/path",
     "OAuth 2.0" : "OAuth 2.0",
-    "Allows OAuth2 compatible authentication from other web applications." : "允許來自其他網路應用程式的 OAuth2 相容身份驗證。",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 應用程式讓管理員可以設定內建的身份驗證工作流程，以讓其他網路應用程式可以進行相容於 OAuth2 的身份驗證。",
+    "Allows OAuth2 compatible authentication from other web applications." : "允許來自其他網路應用程式的 OAuth2 相容身份認證。",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 應用程式讓管理員可以設定內建的身份認證工作流程，以讓其他網路應用程式可以進行相容於 OAuth2 的身份認證。",
     "OAuth 2.0 clients" : "OAuth 2.0 客戶端",
-    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 讓外部服務請求存取 {instanceName}。",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 讓外部服務請求能存取 {instanceName}。",
     "Name" : "名稱",
     "Redirection URI" : "重新導向 URI",
     "Client Identifier" : "客戶端識別",
-    "Secret key" : "私鑰",
-    "Delete client" : "刪除用戶端",
+    "Secret key" : "私密金鑰",
+    "Delete client" : "刪除客戶端",
+    "Make sure you store the secret key, it cannot be recovered." : "請確定您儲存了私鑰，其無法還原。",
     "Add client" : "新增客戶端",
     "Add" : "新增",
-    "Delete" : "刪除",
     "Show client secret" : "顯示客戶端密碼",
     "Hide client secret" : "隱藏客戶端密碼",
-    "Secret" : "密碼"
+    "Delete" : "刪除"
 },
 "nplurals=1; plural=0;");
diff --git a/apps/oauth2/l10n/zh_TW.json b/apps/oauth2/l10n/zh_TW.json
index d94ed670746..ba0a879f152 100644
--- a/apps/oauth2/l10n/zh_TW.json
+++ b/apps/oauth2/l10n/zh_TW.json
@@ -1,21 +1,21 @@
 { "translations": {
-    "Your client is not authorized to connect. Please inform the administrator of your client." : "您的客戶端無權連線。請通知您客戶端的管理員。",
+    "Your client is not authorized to connect. Please inform the administrator of your client." : "您的客戶端無連線授權。請通知您客戶端的管理員。",
     "Your redirect URL needs to be a full URL for example: https://yourdomain.com/path" : "您的重新導向 URL 必須為完整的 URL，例如：https://yourdomain.com/path",
     "OAuth 2.0" : "OAuth 2.0",
-    "Allows OAuth2 compatible authentication from other web applications." : "允許來自其他網路應用程式的 OAuth2 相容身份驗證。",
-    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 應用程式讓管理員可以設定內建的身份驗證工作流程，以讓其他網路應用程式可以進行相容於 OAuth2 的身份驗證。",
+    "Allows OAuth2 compatible authentication from other web applications." : "允許來自其他網路應用程式的 OAuth2 相容身份認證。",
+    "The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications." : "OAuth2 應用程式讓管理員可以設定內建的身份認證工作流程，以讓其他網路應用程式可以進行相容於 OAuth2 的身份認證。",
     "OAuth 2.0 clients" : "OAuth 2.0 客戶端",
-    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 讓外部服務請求存取 {instanceName}。",
+    "OAuth 2.0 allows external services to request access to {instanceName}." : "OAuth 2.0 讓外部服務請求能存取 {instanceName}。",
     "Name" : "名稱",
     "Redirection URI" : "重新導向 URI",
     "Client Identifier" : "客戶端識別",
-    "Secret key" : "私鑰",
-    "Delete client" : "刪除用戶端",
+    "Secret key" : "私密金鑰",
+    "Delete client" : "刪除客戶端",
+    "Make sure you store the secret key, it cannot be recovered." : "請確定您儲存了私鑰，其無法還原。",
     "Add client" : "新增客戶端",
     "Add" : "新增",
-    "Delete" : "刪除",
     "Show client secret" : "顯示客戶端密碼",
     "Hide client secret" : "隱藏客戶端密碼",
-    "Secret" : "密碼"
+    "Delete" : "刪除"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
\ No newline at end of file
diff --git a/apps/oauth2/lib/BackgroundJob/CleanupExpiredAuthorizationCode.php b/apps/oauth2/lib/BackgroundJob/CleanupExpiredAuthorizationCode.php
index f4e08081ce6..b819a45ace2 100644
--- a/apps/oauth2/lib/BackgroundJob/CleanupExpiredAuthorizationCode.php
+++ b/apps/oauth2/lib/BackgroundJob/CleanupExpiredAuthorizationCode.php
@@ -3,24 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2023 Julien Veyssier <julien-nc@posteo.net>
- *
- * @author Julien Veyssier <julien-nc@posteo.net>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
 
@@ -28,7 +12,6 @@ namespace OCA\OAuth2\BackgroundJob;
 
 use OCA\OAuth2\Db\AccessTokenMapper;
 use OCP\AppFramework\Utility\ITimeFactory;
-use OCP\BackgroundJob\IJob;
 use OCP\BackgroundJob\TimedJob;
 use OCP\DB\Exception;
 use Psr\Log\LoggerInterface;
@@ -39,12 +22,11 @@ class CleanupExpiredAuthorizationCode extends TimedJob {
 		ITimeFactory $timeFactory,
 		private AccessTokenMapper $accessTokenMapper,
 		private LoggerInterface $logger,
-
 	) {
 		parent::__construct($timeFactory);
 		// 30 days
 		$this->setInterval(60 * 60 * 24 * 30);
-		$this->setTimeSensitivity(IJob::TIME_INSENSITIVE);
+		$this->setTimeSensitivity(self::TIME_INSENSITIVE);
 	}
 
 	/**
diff --git a/apps/oauth2/lib/Command/ImportLegacyOcClient.php b/apps/oauth2/lib/Command/ImportLegacyOcClient.php
new file mode 100644
index 00000000000..acdc57cf991
--- /dev/null
+++ b/apps/oauth2/lib/Command/ImportLegacyOcClient.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\OAuth2\Command;
+
+use OCA\OAuth2\Db\Client;
+use OCA\OAuth2\Db\ClientMapper;
+use OCP\IConfig;
+use OCP\Security\ICrypto;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class ImportLegacyOcClient extends Command {
+	private const ARGUMENT_CLIENT_ID = 'client-id';
+	private const ARGUMENT_CLIENT_SECRET = 'client-secret';
+
+	public function __construct(
+		private readonly IConfig $config,
+		private readonly ICrypto $crypto,
+		private readonly ClientMapper $clientMapper,
+	) {
+		parent::__construct();
+	}
+
+	protected function configure(): void {
+		$this->setName('oauth2:import-legacy-oc-client');
+		$this->setDescription('This command is only required to be run on instances which were migrated from ownCloud without the oauth2.enable_oc_clients system config! Import a legacy Oauth2 client from an ownCloud instance and migrate it. The data is expected to be straight out of the database table oc_oauth2_clients.');
+		$this->addArgument(
+			self::ARGUMENT_CLIENT_ID,
+			InputArgument::REQUIRED,
+			'Value of the "identifier" column',
+		);
+		$this->addArgument(
+			self::ARGUMENT_CLIENT_SECRET,
+			InputArgument::REQUIRED,
+			'Value of the "secret" column',
+		);
+	}
+
+	public function isEnabled(): bool {
+		return $this->config->getSystemValueBool('oauth2.enable_oc_clients', false);
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output): int {
+		/** @var string $clientId */
+		$clientId = $input->getArgument(self::ARGUMENT_CLIENT_ID);
+
+		/** @var string $clientSecret */
+		$clientSecret = $input->getArgument(self::ARGUMENT_CLIENT_SECRET);
+
+		// Should not happen but just to be sure
+		if (empty($clientId) || empty($clientSecret)) {
+			return 1;
+		}
+
+		$hashedClientSecret = bin2hex($this->crypto->calculateHMAC($clientSecret));
+
+		$client = new Client();
+		$client->setName('ownCloud Desktop Client');
+		$client->setRedirectUri('http://localhost:*');
+		$client->setClientIdentifier($clientId);
+		$client->setSecret($hashedClientSecret);
+		$this->clientMapper->insert($client);
+
+		$output->writeln('<info>Client imported successfully</info>');
+		return 0;
+	}
+}
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php
index 4c5b905a1ee..7241b35cdcf 100644
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@@ -3,52 +3,32 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Kate Döen <kate.doeen@nextcloud.com>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Controller;
 
+use OC\Core\Controller\ClientFlowLoginController;
 use OCA\OAuth2\Db\ClientMapper;
 use OCA\OAuth2\Exceptions\ClientNotFoundException;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
+use OCP\AppFramework\Http\Attribute\UseSession;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IAppConfig;
+use OCP\IConfig;
 use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
+use OCP\Security\ISecureRandom;
 
+#[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)]
 class LoginRedirectorController extends Controller {
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ClientMapper */
-	private $clientMapper;
-	/** @var ISession */
-	private $session;
-	/** @var IL10N */
-	private $l;
-
 	/**
 	 * @param string $appName
 	 * @param IRequest $request
@@ -57,37 +37,39 @@ class LoginRedirectorController extends Controller {
 	 * @param ISession $session
 	 * @param IL10N $l
 	 */
-	public function __construct(string $appName,
+	public function __construct(
+		string $appName,
 		IRequest $request,
-		IURLGenerator $urlGenerator,
-		ClientMapper $clientMapper,
-		ISession $session,
-		IL10N $l) {
+		private IURLGenerator $urlGenerator,
+		private ClientMapper $clientMapper,
+		private ISession $session,
+		private IL10N $l,
+		private ISecureRandom $random,
+		private IAppConfig $appConfig,
+		private IConfig $config,
+	) {
 		parent::__construct($appName, $request);
-		$this->urlGenerator = $urlGenerator;
-		$this->clientMapper = $clientMapper;
-		$this->session = $session;
-		$this->l = $l;
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
 	 * Authorize the user
 	 *
 	 * @param string $client_id Client ID
 	 * @param string $state State of the flow
 	 * @param string $response_type Response type for the flow
+	 * @param string $redirect_uri URI to redirect to after the flow (is only used for legacy ownCloud clients)
 	 * @return TemplateResponse<Http::STATUS_OK, array{}>|RedirectResponse<Http::STATUS_SEE_OTHER, array{}>
 	 *
 	 * 200: Client not found
 	 * 303: Redirect to login URL
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[UseSession]
 	public function authorize($client_id,
 		$state,
-		$response_type): TemplateResponse|RedirectResponse {
+		$response_type,
+		string $redirect_uri = ''): TemplateResponse|RedirectResponse {
 		try {
 			$client = $this->clientMapper->getByIdentifier($client_id);
 		} catch (ClientNotFoundException $e) {
@@ -103,14 +85,39 @@ class LoginRedirectorController extends Controller {
 			return new RedirectResponse($url);
 		}
 
+		$enableOcClients = $this->config->getSystemValueBool('oauth2.enable_oc_clients', false);
+
+		$providedRedirectUri = '';
+		if ($enableOcClients && $client->getRedirectUri() === 'http://localhost:*') {
+			$providedRedirectUri = $redirect_uri;
+		}
+
 		$this->session->set('oauth.state', $state);
 
-		$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
-			'core.ClientFlowLogin.showAuthPickerPage',
-			[
-				'clientIdentifier' => $client->getClientIdentifier(),
-			]
-		);
+		if (in_array($client->getName(), $this->appConfig->getValueArray('oauth2', 'skipAuthPickerApplications', []))) {
+			/** @see ClientFlowLoginController::showAuthPickerPage **/
+			$stateToken = $this->random->generate(
+				64,
+				ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS
+			);
+			$this->session->set(ClientFlowLoginController::STATE_NAME, $stateToken);
+			$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => $stateToken,
+					'clientIdentifier' => $client->getClientIdentifier(),
+					'providedRedirectUri' => $providedRedirectUri,
+				]
+			);
+		} else {
+			$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
+				'core.ClientFlowLogin.showAuthPickerPage',
+				[
+					'clientIdentifier' => $client->getClientIdentifier(),
+					'providedRedirectUri' => $providedRedirectUri,
+				]
+			);
+		}
 		return new RedirectResponse($targetUrl);
 	}
 }
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php
index 46b68b1d585..11f17fda4bf 100644
--- a/apps/oauth2/lib/Controller/OauthApiController.php
+++ b/apps/oauth2/lib/Controller/OauthApiController.php
@@ -3,28 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Kate Döen <kate.doeen@nextcloud.com>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Controller;
 
@@ -35,6 +15,10 @@ use OCA\OAuth2\Exceptions\AccessTokenNotFoundException;
 use OCA\OAuth2\Exceptions\ClientNotFoundException;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\Exceptions\ExpiredTokenException;
@@ -46,6 +30,7 @@ use OCP\Security\ICrypto;
 use OCP\Security\ISecureRandom;
 use Psr\Log\LoggerInterface;
 
+#[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)]
 class OauthApiController extends Controller {
 	// the authorization code expires after 10 minutes
 	public const AUTHORIZATION_CODE_EXPIRES_AFTER = 10 * 60;
@@ -67,10 +52,6 @@ class OauthApiController extends Controller {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=oauth2GetToken)
-	 *
 	 * Get a token
 	 *
 	 * @param string $grant_type Token type that should be granted
@@ -84,9 +65,12 @@ class OauthApiController extends Controller {
 	 * 200: Token returned
 	 * 400: Getting token is not possible
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[BruteForceProtection(action: 'oauth2GetToken')]
 	public function getToken(
 		string $grant_type, ?string $code, ?string $refresh_token,
-		?string $client_id, ?string $client_secret
+		?string $client_id, ?string $client_secret,
 	): JSONResponse {
 
 		// We only handle two types
@@ -156,7 +140,8 @@ class OauthApiController extends Controller {
 		}
 
 		try {
-			$storedClientSecret = $this->crypto->decrypt($client->getSecret());
+			$storedClientSecretHash = $client->getSecret();
+			$clientSecretHash = bin2hex($this->crypto->calculateHMAC($client_secret));
 		} catch (\Exception $e) {
 			$this->logger->error('OAuth client secret decryption error', ['exception' => $e]);
 			// we don't throttle here because it might not be a bruteforce attack
@@ -165,7 +150,7 @@ class OauthApiController extends Controller {
 			], Http::STATUS_BAD_REQUEST);
 		}
 		// The client id and secret must match. Else we don't provide an access token!
-		if ($client->getClientIdentifier() !== $client_id || $storedClientSecret !== $client_secret) {
+		if ($client->getClientIdentifier() !== $client_id || $storedClientSecretHash !== $clientSecretHash) {
 			$response = new JSONResponse([
 				'error' => 'invalid_client',
 			], Http::STATUS_BAD_REQUEST);
diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php
index d49dd6da038..9bd02c8a2cd 100644
--- a/apps/oauth2/lib/Controller/SettingsController.php
+++ b/apps/oauth2/lib/Controller/SettingsController.php
@@ -3,30 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Patrik Kernstock <info@pkern.at>
- * @author rakekniven <mark.ziegler@rakekniven.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Controller;
 
@@ -57,7 +35,7 @@ class SettingsController extends Controller {
 		private IL10N $l,
 		private IAuthTokenProvider $tokenProvider,
 		private IUserManager $userManager,
-		private ICrypto $crypto
+		private ICrypto $crypto,
 	) {
 		parent::__construct($appName, $request);
 	}
@@ -72,8 +50,8 @@ class SettingsController extends Controller {
 		$client->setName($name);
 		$client->setRedirectUri($redirectUri);
 		$secret = $this->secureRandom->generate(64, self::validChars);
-		$encryptedSecret = $this->crypto->encrypt($secret);
-		$client->setSecret($encryptedSecret);
+		$hashedSecret = bin2hex($this->crypto->calculateHMAC($secret));
+		$client->setSecret($hashedSecret);
 		$client->setClientIdentifier($this->secureRandom->generate(64, self::validChars));
 		$client = $this->clientMapper->insert($client);
 
@@ -91,7 +69,7 @@ class SettingsController extends Controller {
 	public function deleteClient(int $id): JSONResponse {
 		$client = $this->clientMapper->getByUid($id);
 
-		$this->userManager->callForAllUsers(function (IUser $user) use ($client) {
+		$this->userManager->callForSeenUsers(function (IUser $user) use ($client): void {
 			$this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName());
 		});
 
diff --git a/apps/oauth2/lib/Db/AccessToken.php b/apps/oauth2/lib/Db/AccessToken.php
index e0da141af3f..34adc4f4797 100644
--- a/apps/oauth2/lib/Db/AccessToken.php
+++ b/apps/oauth2/lib/Db/AccessToken.php
@@ -1,29 +1,13 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Db;
 
 use OCP\AppFramework\Db\Entity;
+use OCP\DB\Types;
 
 /**
  * @method int getTokenId()
@@ -54,12 +38,12 @@ class AccessToken extends Entity {
 	protected $tokenCount;
 
 	public function __construct() {
-		$this->addType('id', 'int');
-		$this->addType('tokenId', 'int');
-		$this->addType('clientId', 'int');
+		$this->addType('id', Types::INTEGER);
+		$this->addType('tokenId', Types::INTEGER);
+		$this->addType('clientId', Types::INTEGER);
 		$this->addType('hashedCode', 'string');
 		$this->addType('encryptedToken', 'string');
-		$this->addType('codeCreatedAt', 'int');
-		$this->addType('tokenCount', 'int');
+		$this->addType('codeCreatedAt', Types::INTEGER);
+		$this->addType('tokenCount', Types::INTEGER);
 	}
 }
diff --git a/apps/oauth2/lib/Db/AccessTokenMapper.php b/apps/oauth2/lib/Db/AccessTokenMapper.php
index 0347a43d7c6..8d5f6cf1da1 100644
--- a/apps/oauth2/lib/Db/AccessTokenMapper.php
+++ b/apps/oauth2/lib/Db/AccessTokenMapper.php
@@ -3,28 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Db;
 
diff --git a/apps/oauth2/lib/Db/Client.php b/apps/oauth2/lib/Db/Client.php
index 78f3d966928..8fce0040c96 100644
--- a/apps/oauth2/lib/Db/Client.php
+++ b/apps/oauth2/lib/Db/Client.php
@@ -1,28 +1,13 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Db;
 
 use OCP\AppFramework\Db\Entity;
+use OCP\DB\Types;
 
 /**
  * @method string getClientIdentifier()
@@ -45,7 +30,7 @@ class Client extends Entity {
 	protected $secret;
 
 	public function __construct() {
-		$this->addType('id', 'int');
+		$this->addType('id', Types::INTEGER);
 		$this->addType('name', 'string');
 		$this->addType('redirectUri', 'string');
 		$this->addType('clientIdentifier', 'string');
diff --git a/apps/oauth2/lib/Db/ClientMapper.php b/apps/oauth2/lib/Db/ClientMapper.php
index a3d5df35482..c5ca2989d0f 100644
--- a/apps/oauth2/lib/Db/ClientMapper.php
+++ b/apps/oauth2/lib/Db/ClientMapper.php
@@ -3,27 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Db;
 
@@ -60,7 +41,7 @@ class ClientMapper extends QBMapper {
 		try {
 			$client = $this->findEntity($qb);
 		} catch (IMapperException $e) {
-			throw new ClientNotFoundException('could not find client '.$clientIdentifier, 0, $e);
+			throw new ClientNotFoundException('could not find client ' . $clientIdentifier, 0, $e);
 		}
 		return $client;
 	}
@@ -80,7 +61,7 @@ class ClientMapper extends QBMapper {
 		try {
 			$client = $this->findEntity($qb);
 		} catch (IMapperException $e) {
-			throw new ClientNotFoundException('could not find client with id '.$id, 0, $e);
+			throw new ClientNotFoundException('could not find client with id ' . $id, 0, $e);
 		}
 		return $client;
 	}
diff --git a/apps/oauth2/lib/Exceptions/AccessTokenNotFoundException.php b/apps/oauth2/lib/Exceptions/AccessTokenNotFoundException.php
index 8ccc32d67e1..809598e258e 100644
--- a/apps/oauth2/lib/Exceptions/AccessTokenNotFoundException.php
+++ b/apps/oauth2/lib/Exceptions/AccessTokenNotFoundException.php
@@ -3,26 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Exceptions;
 
diff --git a/apps/oauth2/lib/Exceptions/ClientNotFoundException.php b/apps/oauth2/lib/Exceptions/ClientNotFoundException.php
index d2f819449ce..cec7a24e22d 100644
--- a/apps/oauth2/lib/Exceptions/ClientNotFoundException.php
+++ b/apps/oauth2/lib/Exceptions/ClientNotFoundException.php
@@ -3,26 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Exceptions;
 
diff --git a/apps/oauth2/lib/Migration/SetTokenExpiration.php b/apps/oauth2/lib/Migration/SetTokenExpiration.php
index 5a5c5ff4781..dc925e26bb2 100644
--- a/apps/oauth2/lib/Migration/SetTokenExpiration.php
+++ b/apps/oauth2/lib/Migration/SetTokenExpiration.php
@@ -3,26 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Migration;
 
@@ -36,21 +18,11 @@ use OCP\Migration\IRepairStep;
 
 class SetTokenExpiration implements IRepairStep {
 
-	/** @var IDBConnection */
-	private $connection;
-
-	/** @var ITimeFactory */
-	private $time;
-
-	/** @var TokenProvider */
-	private $tokenProvider;
-
-	public function __construct(IDBConnection $connection,
-		ITimeFactory $timeFactory,
-		TokenProvider $tokenProvider) {
-		$this->connection = $connection;
-		$this->time = $timeFactory;
-		$this->tokenProvider = $tokenProvider;
+	public function __construct(
+		private IDBConnection $connection,
+		private ITimeFactory $time,
+		private TokenProvider $tokenProvider,
+	) {
 	}
 
 	public function getName(): string {
@@ -62,7 +34,7 @@ class SetTokenExpiration implements IRepairStep {
 		$qb->select('*')
 			->from('oauth2_access_tokens');
 
-		$cursor = $qb->execute();
+		$cursor = $qb->executeQuery();
 
 		while ($row = $cursor->fetch()) {
 			$token = AccessToken::fromRow($row);
diff --git a/apps/oauth2/lib/Migration/Version010401Date20181207190718.php b/apps/oauth2/lib/Migration/Version010401Date20181207190718.php
index 51fd77c5528..8648826d53c 100644
--- a/apps/oauth2/lib/Migration/Version010401Date20181207190718.php
+++ b/apps/oauth2/lib/Migration/Version010401Date20181207190718.php
@@ -3,25 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Migration;
 
diff --git a/apps/oauth2/lib/Migration/Version010402Date20190107124745.php b/apps/oauth2/lib/Migration/Version010402Date20190107124745.php
index b80e3a9575f..08099c625f7 100644
--- a/apps/oauth2/lib/Migration/Version010402Date20190107124745.php
+++ b/apps/oauth2/lib/Migration/Version010402Date20190107124745.php
@@ -3,25 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Migration;
 
diff --git a/apps/oauth2/lib/Migration/Version011601Date20230522143227.php b/apps/oauth2/lib/Migration/Version011601Date20230522143227.php
index 43e3a2e26e3..f2998202e02 100644
--- a/apps/oauth2/lib/Migration/Version011601Date20230522143227.php
+++ b/apps/oauth2/lib/Migration/Version011601Date20230522143227.php
@@ -3,25 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright 2023, Julien Veyssier <julien-nc@posteo.net>
- *
- * @author Julien Veyssier <julien-nc@posteo.net>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Migration;
 
diff --git a/apps/oauth2/lib/Migration/Version011602Date20230613160650.php b/apps/oauth2/lib/Migration/Version011602Date20230613160650.php
index 3e6ddf0ec50..06efce324b2 100644
--- a/apps/oauth2/lib/Migration/Version011602Date20230613160650.php
+++ b/apps/oauth2/lib/Migration/Version011602Date20230613160650.php
@@ -3,25 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright 2023, Julien Veyssier <julien-nc@posteo.net>
- *
- * @author Julien Veyssier <julien-nc@posteo.net>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Migration;
 
diff --git a/apps/oauth2/lib/Migration/Version011603Date20230620111039.php b/apps/oauth2/lib/Migration/Version011603Date20230620111039.php
index b694963b0f7..853eacd2873 100644
--- a/apps/oauth2/lib/Migration/Version011603Date20230620111039.php
+++ b/apps/oauth2/lib/Migration/Version011603Date20230620111039.php
@@ -3,25 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright 2023, Julien Veyssier <julien-nc@posteo.net>
- *
- * @author Julien Veyssier <julien-nc@posteo.net>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Migration;
 
diff --git a/apps/oauth2/lib/Migration/Version011901Date20240829164356.php b/apps/oauth2/lib/Migration/Version011901Date20240829164356.php
new file mode 100644
index 00000000000..20f5754bf11
--- /dev/null
+++ b/apps/oauth2/lib/Migration/Version011901Date20240829164356.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\OAuth2\Migration;
+
+use Closure;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use OCP\Security\ICrypto;
+
+class Version011901Date20240829164356 extends SimpleMigrationStep {
+
+	public function __construct(
+		private IDBConnection $connection,
+		private ICrypto $crypto,
+	) {
+	}
+
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void {
+		$qbUpdate = $this->connection->getQueryBuilder();
+		$qbUpdate->update('oauth2_clients')
+			->set('secret', $qbUpdate->createParameter('updateSecret'))
+			->where(
+				$qbUpdate->expr()->eq('id', $qbUpdate->createParameter('updateId'))
+			);
+
+		$qbSelect = $this->connection->getQueryBuilder();
+		$qbSelect->select('id', 'secret')
+			->from('oauth2_clients');
+		$req = $qbSelect->executeQuery();
+		while ($row = $req->fetch()) {
+			$id = $row['id'];
+			$storedEncryptedSecret = $row['secret'];
+			$secret = $this->crypto->decrypt($storedEncryptedSecret);
+			$hashedSecret = bin2hex($this->crypto->calculateHMAC($secret));
+			$qbUpdate->setParameter('updateSecret', $hashedSecret, IQueryBuilder::PARAM_STR);
+			$qbUpdate->setParameter('updateId', $id, IQueryBuilder::PARAM_INT);
+			$qbUpdate->executeStatement();
+		}
+		$req->closeCursor();
+	}
+}
diff --git a/apps/oauth2/lib/Settings/Admin.php b/apps/oauth2/lib/Settings/Admin.php
index 5cba6805f7c..93b6b7bcc3f 100644
--- a/apps/oauth2/lib/Settings/Admin.php
+++ b/apps/oauth2/lib/Settings/Admin.php
@@ -3,26 +3,8 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Settings;
 
@@ -30,7 +12,6 @@ use OCA\OAuth2\Db\ClientMapper;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\IURLGenerator;
-use OCP\Security\ICrypto;
 use OCP\Settings\ISettings;
 use Psr\Log\LoggerInterface;
 
@@ -40,7 +21,6 @@ class Admin implements ISettings {
 		private IInitialState $initialState,
 		private ClientMapper $clientMapper,
 		private IURLGenerator $urlGenerator,
-		private ICrypto $crypto,
 		private LoggerInterface $logger,
 	) {
 	}
@@ -51,13 +31,12 @@ class Admin implements ISettings {
 
 		foreach ($clients as $client) {
 			try {
-				$secret = $this->crypto->decrypt($client->getSecret());
 				$result[] = [
 					'id' => $client->getId(),
 					'name' => $client->getName(),
 					'redirectUri' => $client->getRedirectUri(),
 					'clientId' => $client->getClientIdentifier(),
-					'clientSecret' => $secret,
+					'clientSecret' => '',
 				];
 			} catch (\Exception $e) {
 				$this->logger->error('[Settings] OAuth client secret decryption error', ['exception' => $e]);
diff --git a/apps/oauth2/openapi.json b/apps/oauth2/openapi.json
index c745e73bf79..76cd2da3150 100644
--- a/apps/oauth2/openapi.json
+++ b/apps/oauth2/openapi.json
@@ -65,6 +65,15 @@
                         "schema": {
                             "type": "string"
                         }
+                    },
+                    {
+                        "name": "redirect_uri",
+                        "in": "query",
+                        "description": "URI to redirect to after the flow (is only used for legacy ownCloud clients)",
+                        "schema": {
+                            "type": "string",
+                            "default": ""
+                        }
                     }
                 ],
                 "responses": {
@@ -107,53 +116,45 @@
                         "basic_auth": []
                     }
                 ],
-                "parameters": [
-                    {
-                        "name": "grant_type",
-                        "in": "query",
-                        "description": "Token type that should be granted",
-                        "required": true,
-                        "schema": {
-                            "type": "string"
-                        }
-                    },
-                    {
-                        "name": "code",
-                        "in": "query",
-                        "description": "Code of the flow",
-                        "schema": {
-                            "type": "string",
-                            "nullable": true
-                        }
-                    },
-                    {
-                        "name": "refresh_token",
-                        "in": "query",
-                        "description": "Refresh token",
-                        "schema": {
-                            "type": "string",
-                            "nullable": true
-                        }
-                    },
-                    {
-                        "name": "client_id",
-                        "in": "query",
-                        "description": "Client ID",
-                        "schema": {
-                            "type": "string",
-                            "nullable": true
-                        }
-                    },
-                    {
-                        "name": "client_secret",
-                        "in": "query",
-                        "description": "Client secret",
-                        "schema": {
-                            "type": "string",
-                            "nullable": true
+                "requestBody": {
+                    "required": true,
+                    "content": {
+                        "application/json": {
+                            "schema": {
+                                "type": "object",
+                                "required": [
+                                    "grant_type"
+                                ],
+                                "properties": {
+                                    "grant_type": {
+                                        "type": "string",
+                                        "description": "Token type that should be granted"
+                                    },
+                                    "code": {
+                                        "type": "string",
+                                        "nullable": true,
+                                        "description": "Code of the flow"
+                                    },
+                                    "refresh_token": {
+                                        "type": "string",
+                                        "nullable": true,
+                                        "description": "Refresh token"
+                                    },
+                                    "client_id": {
+                                        "type": "string",
+                                        "nullable": true,
+                                        "description": "Client ID"
+                                    },
+                                    "client_secret": {
+                                        "type": "string",
+                                        "nullable": true,
+                                        "description": "Client secret"
+                                    }
+                                }
+                            }
                         }
                     }
-                ],
+                },
                 "responses": {
                     "500": {
                         "description": "",
@@ -223,4 +224,4 @@
         }
     },
     "tags": []
-}
\ No newline at end of file
+}
diff --git a/apps/oauth2/openapi.json.license b/apps/oauth2/openapi.json.license
new file mode 100644
index 00000000000..83559daa9dc
--- /dev/null
+++ b/apps/oauth2/openapi.json.license
@@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+SPDX-License-Identifier: AGPL-3.0-or-later
\ No newline at end of file
diff --git a/apps/oauth2/src/App.vue b/apps/oauth2/src/App.vue
index 71cf22dbf89..941317a3e64 100644
--- a/apps/oauth2/src/App.vue
+++ b/apps/oauth2/src/App.vue
@@ -1,24 +1,7 @@
 <!--
-  - @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
-  -
-  - @author Roeland Jago Douma <roeland@famdouma.nl>
-  -
-  - @license GNU AGPL version 3 or any later version
-  -
-  - This program is free software: you can redistribute it and/or modify
-  - it under the terms of the GNU Affero General Public License as
-  - published by the Free Software Foundation, either version 3 of the
-  - License, or (at your option) any later version.
-  -
-  - This program is distributed in the hope that it will be useful,
-  - but WITHOUT ANY WARRANTY; without even the implied warranty of
-  - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  - GNU Affero General Public License for more details.
-  -
-  - You should have received a copy of the GNU Affero General Public License
-  - along with this program. If not, see <http://www.gnu.org/licenses/>.
-  -
-  -->
+  - SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+  - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
 <template>
 	<NcSettingsSection :name="t('oauth2', 'OAuth 2.0 clients')"
 		:description="t('oauth2', 'OAuth 2.0 allows external services to request access to {instanceName}.', { instanceName })"
@@ -50,6 +33,10 @@
 					@delete="deleteClient" />
 			</tbody>
 		</table>
+		<NcNoteCard v-if="showSecretWarning"
+			type="warning">
+			{{ t('oauth2', 'Make sure you store the secret key, it cannot be recovered.') }}
+		</NcNoteCard>
 
 		<br>
 		<h3>{{ t('oauth2', 'Add client') }}</h3>
@@ -81,10 +68,11 @@ import axios from '@nextcloud/axios'
 import OAuthItem from './components/OAuthItem.vue'
 import { generateUrl } from '@nextcloud/router'
 import { getCapabilities } from '@nextcloud/capabilities'
-import NcSettingsSection from '@nextcloud/vue/dist/Components/NcSettingsSection.js'
-import NcButton from '@nextcloud/vue/dist/Components/NcButton.js'
+import NcSettingsSection from '@nextcloud/vue/components/NcSettingsSection'
+import NcButton from '@nextcloud/vue/components/NcButton'
+import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
 import { loadState } from '@nextcloud/initial-state'
-import NcTextField from '@nextcloud/vue/dist/Components/NcTextField.js'
+import NcTextField from '@nextcloud/vue/components/NcTextField'
 
 export default {
 	name: 'App',
@@ -93,6 +81,7 @@ export default {
 		NcSettingsSection,
 		NcButton,
 		NcTextField,
+		NcNoteCard,
 	},
 	props: {
 		clients: {
@@ -109,6 +98,7 @@ export default {
 				error: false,
 			},
 			oauthDocLink: loadState('oauth2', 'oauth2-doc-link'),
+			showSecretWarning: false,
 		}
 	},
 	computed: {
@@ -119,7 +109,7 @@ export default {
 	methods: {
 		deleteClient(id) {
 			axios.delete(generateUrl('apps/oauth2/clients/{id}', { id }))
-				.then((response) => {
+				.then(() => {
 					// eslint-disable-next-line vue/no-mutating-props
 					this.clients = this.clients.filter(client => client.id !== id)
 				})
@@ -136,6 +126,7 @@ export default {
 			).then(response => {
 				// eslint-disable-next-line vue/no-mutating-props
 				this.clients.push(response.data)
+				this.showSecretWarning = true
 
 				this.newClient.name = ''
 				this.newClient.redirectUri = ''
@@ -157,12 +148,14 @@ export default {
 		min-height: 34px !important;
 		display: inline-flex !important;
 	}
+
 	.oauth2-form {
 		display: flex;
 		flex-direction: row;
 	}
+
 	.oauth2-form--input {
 		max-width: 200px;
-		margin-right: 10px;
+		margin-inline-end: 10px;
 	}
 </style>
diff --git a/apps/oauth2/src/components/OAuthItem.vue b/apps/oauth2/src/components/OAuthItem.vue
index 2a2eced7701..5a8f1556203 100644
--- a/apps/oauth2/src/components/OAuthItem.vue
+++ b/apps/oauth2/src/components/OAuthItem.vue
@@ -1,24 +1,7 @@
 <!--
-  - @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
-  -
-  - @author Roeland Jago Douma <roeland@famdouma.nl>
-  -
-  - @license GNU AGPL version 3 or any later version
-  -
-  - This program is free software: you can redistribute it and/or modify
-  - it under the terms of the GNU Affero General Public License as
-  - published by the Free Software Foundation, either version 3 of the
-  - License, or (at your option) any later version.
-  -
-  - This program is distributed in the hope that it will be useful,
-  - but WITHOUT ANY WARRANTY; without even the implied warranty of
-  - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  - GNU Affero General Public License for more details.
-  -
-  - You should have received a copy of the GNU Affero General Public License
-  - along with this program. If not, see <http://www.gnu.org/licenses/>.
-  -
-  -->
+  - SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+  - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
 <template>
 	<tr>
 		<td>{{ name }}</td>
@@ -27,11 +10,12 @@
 		<td>
 			<div class="action-secret">
 				<code>{{ renderedSecret }}</code>
-				<NcButton type="tertiary-no-background"
+				<NcButton v-if="clientSecret !== ''"
+					type="tertiary-no-background"
 					:aria-label="toggleAriaLabel"
 					@click="toggleSecret">
 					<template #icon>
-						<EyeOutline :size="20"/>
+						<EyeOutline :size="20" />
 					</template>
 				</NcButton>
 			</div>
@@ -51,9 +35,9 @@
 
 <script>
 
-import Delete from 'vue-material-design-icons/Delete.vue'
+import Delete from 'vue-material-design-icons/DeleteOutline.vue'
 import EyeOutline from 'vue-material-design-icons/EyeOutline.vue'
-import NcButton from '@nextcloud/vue/dist/Components/NcButton.js'
+import NcButton from '@nextcloud/vue/components/NcButton'
 
 export default {
 	name: 'OAuthItem',
@@ -89,9 +73,9 @@ export default {
 		toggleAriaLabel() {
 			if (!this.renderSecret) {
 				return t('oauth2', 'Show client secret')
-			} 
+			}
 			return t('oauth2', 'Hide client secret')
-		}
+		},
 	},
 	methods: {
 		toggleSecret() {
@@ -106,13 +90,16 @@ export default {
 		display: flex;
 		align-items: center;
 	}
+
 	.action-secret code {
 		padding-top: 5px;
 	}
+
 	td code {
 		display: inline-block;
 		vertical-align: middle;
 	}
+
 	table.inline td {
 		border: none;
 		padding: 5px;
@@ -121,6 +108,6 @@ export default {
 	.action-column {
 		display: flex;
 		justify-content: flex-end;
-		padding-right: 0;
+		padding-inline-end: 0;
 	}
 </style>
diff --git a/apps/oauth2/src/main.js b/apps/oauth2/src/main.js
index 64a936bea40..10d537455df 100644
--- a/apps/oauth2/src/main.js
+++ b/apps/oauth2/src/main.js
@@ -1,25 +1,6 @@
 /**
- * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author John Molakvoæ <skjnldsv@protonmail.com>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0-or-later
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
 import Vue from 'vue'
diff --git a/apps/oauth2/templates/admin.php b/apps/oauth2/templates/admin.php
index 284a52231e9..844eeee2c08 100644
--- a/apps/oauth2/templates/admin.php
+++ b/apps/oauth2/templates/admin.php
@@ -1,25 +1,10 @@
 <?php
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 
-script('oauth2', 'oauth2');
+\OCP\Util::addScript('oauth2', 'oauth2', 'core');
 
 ?>
 
diff --git a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
index 7f45f9c5b4b..04ac0bfbd28 100644
--- a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
+++ b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
@@ -1,58 +1,42 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Tests\Controller;
 
+use OC\Core\Controller\ClientFlowLoginController;
 use OCA\OAuth2\Controller\LoginRedirectorController;
 use OCA\OAuth2\Db\Client;
 use OCA\OAuth2\Db\ClientMapper;
 use OCA\OAuth2\Exceptions\ClientNotFoundException;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IAppConfig;
+use OCP\IConfig;
 use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
+use OCP\Security\ISecureRandom;
+use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
 
 /**
  * @group DB
  */
 class LoginRedirectorControllerTest extends TestCase {
-	/** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
-	private $request;
-	/** @var IURLGenerator|\PHPUnit\Framework\MockObject\MockObject */
-	private $urlGenerator;
-	/** @var ClientMapper|\PHPUnit\Framework\MockObject\MockObject */
-	private $clientMapper;
-	/** @var ISession|\PHPUnit\Framework\MockObject\MockObject */
-	private $session;
-	/** @var LoginRedirectorController */
-	private $loginRedirectorController;
-	/** @var IL10N */
-	private $l;
+	private IRequest&MockObject $request;
+	private IURLGenerator&MockObject $urlGenerator;
+	private ClientMapper&MockObject $clientMapper;
+	private ISession&MockObject $session;
+	private IL10N&MockObject $l;
+	private ISecureRandom&MockObject $random;
+	private IAppConfig&MockObject $appConfig;
+	private IConfig&MockObject $config;
+
+	private LoginRedirectorController $loginRedirectorController;
 
 	protected function setUp(): void {
 		parent::setUp();
@@ -62,6 +46,9 @@ class LoginRedirectorControllerTest extends TestCase {
 		$this->clientMapper = $this->createMock(ClientMapper::class);
 		$this->session = $this->createMock(ISession::class);
 		$this->l = $this->createMock(IL10N::class);
+		$this->random = $this->createMock(ISecureRandom::class);
+		$this->appConfig = $this->createMock(IAppConfig::class);
+		$this->config = $this->createMock(IConfig::class);
 
 		$this->loginRedirectorController = new LoginRedirectorController(
 			'oauth2',
@@ -69,11 +56,14 @@ class LoginRedirectorControllerTest extends TestCase {
 			$this->urlGenerator,
 			$this->clientMapper,
 			$this->session,
-			$this->l
+			$this->l,
+			$this->random,
+			$this->appConfig,
+			$this->config,
 		);
 	}
 
-	public function testAuthorize() {
+	public function testAuthorize(): void {
 		$client = new Client();
 		$client->setClientIdentifier('MyClientIdentifier');
 		$this->clientMapper
@@ -92,15 +82,74 @@ class LoginRedirectorControllerTest extends TestCase {
 				'core.ClientFlowLogin.showAuthPickerPage',
 				[
 					'clientIdentifier' => 'MyClientIdentifier',
+					'providedRedirectUri' => '',
 				]
 			)
 			->willReturn('https://example.com/?clientIdentifier=foo');
+		$this->config
+			->expects($this->once())
+			->method('getSystemValueBool')
+			->with('oauth2.enable_oc_clients', false)
+			->willReturn(false);
 
 		$expected = new RedirectResponse('https://example.com/?clientIdentifier=foo');
 		$this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code'));
 	}
 
-	public function testAuthorizeWrongResponseType() {
+	public function testAuthorizeSkipPicker(): void {
+		$client = new Client();
+		$client->setName('MyClientName');
+		$client->setClientIdentifier('MyClientIdentifier');
+		$this->clientMapper
+			->expects($this->once())
+			->method('getByIdentifier')
+			->with('MyClientId')
+			->willReturn($client);
+		$this->session
+			->expects(static::exactly(2))
+			->method('set')
+			->willReturnCallback(function (string $key, string $value): void {
+				switch ([$key, $value]) {
+					case ['oauth.state', 'MyState']:
+					case [ClientFlowLoginController::STATE_NAME, 'MyStateToken']:
+						/* Expected */
+						break;
+					default:
+						throw new LogicException();
+				}
+			});
+		$this->appConfig
+			->expects(static::once())
+			->method('getValueArray')
+			->with('oauth2', 'skipAuthPickerApplications', [])
+			->willReturn(['MyClientName']);
+		$this->random
+			->expects(static::once())
+			->method('generate')
+			->willReturn('MyStateToken');
+		$this->urlGenerator
+			->expects($this->once())
+			->method('linkToRouteAbsolute')
+			->with(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => 'MyStateToken',
+					'clientIdentifier' => 'MyClientIdentifier',
+					'providedRedirectUri' => '',
+				]
+			)
+			->willReturn('https://example.com/?clientIdentifier=foo');
+		$this->config
+			->expects($this->once())
+			->method('getSystemValueBool')
+			->with('oauth2.enable_oc_clients', false)
+			->willReturn(false);
+
+		$expected = new RedirectResponse('https://example.com/?clientIdentifier=foo');
+		$this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code'));
+	}
+
+	public function testAuthorizeWrongResponseType(): void {
 		$client = new Client();
 		$client->setClientIdentifier('MyClientIdentifier');
 		$client->setRedirectUri('http://foo.bar');
@@ -118,7 +167,75 @@ class LoginRedirectorControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'wrongcode'));
 	}
 
-	public function testClientNotFound() {
+	public function testAuthorizeWithLegacyOcClient(): void {
+		$client = new Client();
+		$client->setClientIdentifier('MyClientIdentifier');
+		$client->setRedirectUri('http://localhost:*');
+		$this->clientMapper
+			->expects($this->once())
+			->method('getByIdentifier')
+			->with('MyClientId')
+			->willReturn($client);
+		$this->session
+			->expects($this->once())
+			->method('set')
+			->with('oauth.state', 'MyState');
+		$this->urlGenerator
+			->expects($this->once())
+			->method('linkToRouteAbsolute')
+			->with(
+				'core.ClientFlowLogin.showAuthPickerPage',
+				[
+					'clientIdentifier' => 'MyClientIdentifier',
+					'providedRedirectUri' => 'http://localhost:30000',
+				]
+			)
+			->willReturn('https://example.com/?clientIdentifier=foo&providedRedirectUri=http://localhost:30000');
+		$this->config
+			->expects($this->once())
+			->method('getSystemValueBool')
+			->with('oauth2.enable_oc_clients', false)
+			->willReturn(true);
+
+		$expected = new RedirectResponse('https://example.com/?clientIdentifier=foo&providedRedirectUri=http://localhost:30000');
+		$this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code', 'http://localhost:30000'));
+	}
+
+	public function testAuthorizeNotForwardingUntrustedURIs(): void {
+		$client = new Client();
+		$client->setClientIdentifier('MyClientIdentifier');
+		$this->clientMapper
+			->expects($this->once())
+			->method('getByIdentifier')
+			->with('MyClientId')
+			->willReturn($client);
+		$this->session
+			->expects($this->once())
+			->method('set')
+			->with('oauth.state', 'MyState');
+		$this->urlGenerator
+			->expects($this->once())
+			->method('linkToRouteAbsolute')
+			->with(
+				'core.ClientFlowLogin.showAuthPickerPage',
+				[
+					'clientIdentifier' => 'MyClientIdentifier',
+					'providedRedirectUri' => '',
+				]
+			)
+			->willReturn('https://example.com/?clientIdentifier=foo');
+		$this->config
+			->expects($this->once())
+			->method('getSystemValueBool')
+			->with('oauth2.enable_oc_clients', false)
+			->willReturn(false);
+
+		$expected = new RedirectResponse('https://example.com/?clientIdentifier=foo');
+		$this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code', 'http://untrusted-uri.com'));
+	}
+
+
+	public function testClientNotFound(): void {
 		$clientNotFound = new ClientNotFoundException('could not find client test123', 0);
 		$this->clientMapper
 			->expects($this->once())
diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php
index eec38890e05..53dd8549196 100644
--- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php
+++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php
@@ -1,27 +1,8 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Tests\Controller;
 
@@ -104,7 +85,7 @@ class OauthApiControllerTest extends TestCase {
 		);
 	}
 
-	public function testGetTokenInvalidGrantType() {
+	public function testGetTokenInvalidGrantType(): void {
 		$expected = new JSONResponse([
 			'error' => 'invalid_grant',
 		], Http::STATUS_BAD_REQUEST);
@@ -113,7 +94,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('foo', null, null, null, null));
 	}
 
-	public function testGetTokenInvalidCode() {
+	public function testGetTokenInvalidCode(): void {
 		$expected = new JSONResponse([
 			'error' => 'invalid_request',
 		], Http::STATUS_BAD_REQUEST);
@@ -126,7 +107,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'invalidcode', null, null, null));
 	}
 
-	public function testGetTokenExpiredCode() {
+	public function testGetTokenExpiredCode(): void {
 		$codeCreatedAt = 100;
 		$expiredSince = 123;
 
@@ -151,7 +132,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
 	}
 
-	public function testGetTokenWithCodeForActiveToken() {
+	public function testGetTokenWithCodeForActiveToken(): void {
 		// if a token has already delivered oauth tokens,
 		// it should not be possible to get a new oauth token from a valid authorization code
 		$codeCreatedAt = 100;
@@ -178,7 +159,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
 	}
 
-	public function testGetTokenClientDoesNotExist() {
+	public function testGetTokenClientDoesNotExist(): void {
 		// In this test, the token's authorization code is valid and has not expired
 		// and we check what happens when the associated Oauth client does not exist
 		$codeCreatedAt = 100;
@@ -209,7 +190,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
 	}
 
-	public function testRefreshTokenInvalidRefreshToken() {
+	public function testRefreshTokenInvalidRefreshToken(): void {
 		$expected = new JSONResponse([
 			'error' => 'invalid_request',
 		], Http::STATUS_BAD_REQUEST);
@@ -222,7 +203,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'invalidrefresh', null, null));
 	}
 
-	public function testRefreshTokenClientDoesNotExist() {
+	public function testRefreshTokenClientDoesNotExist(): void {
 		$expected = new JSONResponse([
 			'error' => 'invalid_request',
 		], Http::STATUS_BAD_REQUEST);
@@ -242,7 +223,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
 	}
 
-	public function invalidClientProvider() {
+	public static function invalidClientProvider() {
 		return [
 			['invalidClientId', 'invalidClientSecret'],
 			['clientId', 'invalidClientSecret'],
@@ -251,12 +232,12 @@ class OauthApiControllerTest extends TestCase {
 	}
 
 	/**
-	 * @dataProvider invalidClientProvider
 	 *
 	 * @param string $clientId
 	 * @param string $clientSecret
 	 */
-	public function testRefreshTokenInvalidClient($clientId, $clientSecret) {
+	#[\PHPUnit\Framework\Attributes\DataProvider('invalidClientProvider')]
+	public function testRefreshTokenInvalidClient($clientId, $clientSecret): void {
 		$expected = new JSONResponse([
 			'error' => 'invalid_client',
 		], Http::STATUS_BAD_REQUEST);
@@ -269,9 +250,20 @@ class OauthApiControllerTest extends TestCase {
 			->with('validrefresh')
 			->willReturn($accessToken);
 
+		$this->crypto
+			->method('calculateHMAC')
+			->with($this->callback(function (string $text) {
+				return $text === 'clientSecret' || $text === 'invalidClientSecret';
+			}))
+			->willReturnCallback(function (string $text) {
+				return $text === 'clientSecret'
+					? 'hashedClientSecret'
+					: 'hashedInvalidClientSecret';
+			});
+
 		$client = new Client();
 		$client->setClientIdentifier('clientId');
-		$client->setSecret('clientSecret');
+		$client->setSecret(bin2hex('hashedClientSecret'));
 		$this->clientMapper->method('getByUid')
 			->with(42)
 			->willReturn($client);
@@ -279,7 +271,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', $clientId, $clientSecret));
 	}
 
-	public function testRefreshTokenInvalidAppToken() {
+	public function testRefreshTokenInvalidAppToken(): void {
 		$expected = new JSONResponse([
 			'error' => 'invalid_request',
 		], Http::STATUS_BAD_REQUEST);
@@ -296,21 +288,20 @@ class OauthApiControllerTest extends TestCase {
 
 		$client = new Client();
 		$client->setClientIdentifier('clientId');
-		$client->setSecret('encryptedClientSecret');
+		$client->setSecret(bin2hex('hashedClientSecret'));
 		$this->clientMapper->method('getByUid')
 			->with(42)
 			->willReturn($client);
 
 		$this->crypto
 			->method('decrypt')
-			->with($this->callback(function (string $text) {
-				return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
-			}))
-			->willReturnCallback(function (string $text) {
-				return $text === 'encryptedClientSecret'
-					? 'clientSecret'
-					: ($text === 'encryptedToken' ? 'decryptedToken' : '');
-			});
+			->with('encryptedToken')
+			->willReturn('decryptedToken');
+
+		$this->crypto
+			->method('calculateHMAC')
+			->with('clientSecret')
+			->willReturn('hashedClientSecret');
 
 		$this->tokenProvider->method('getTokenById')
 			->with(1337)
@@ -323,7 +314,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
 	}
 
-	public function testRefreshTokenValidAppToken() {
+	public function testRefreshTokenValidAppToken(): void {
 		$accessToken = new AccessToken();
 		$accessToken->setClientId(42);
 		$accessToken->setTokenId(1337);
@@ -335,21 +326,20 @@ class OauthApiControllerTest extends TestCase {
 
 		$client = new Client();
 		$client->setClientIdentifier('clientId');
-		$client->setSecret('encryptedClientSecret');
+		$client->setSecret(bin2hex('hashedClientSecret'));
 		$this->clientMapper->method('getByUid')
 			->with(42)
 			->willReturn($client);
 
 		$this->crypto
 			->method('decrypt')
-			->with($this->callback(function (string $text) {
-				return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
-			}))
-			->willReturnCallback(function (string $text) {
-				return $text === 'encryptedClientSecret'
-					? 'clientSecret'
-					: ($text === 'encryptedToken' ? 'decryptedToken' : '');
-			});
+			->with('encryptedToken')
+			->willReturn('decryptedToken');
+
+		$this->crypto
+			->method('calculateHMAC')
+			->with('clientSecret')
+			->willReturn('hashedClientSecret');
 
 		$appToken = new PublicKeyToken();
 		$appToken->setUid('userId');
@@ -363,7 +353,7 @@ class OauthApiControllerTest extends TestCase {
 
 		$this->secureRandom->method('generate')
 			->willReturnCallback(function ($len) {
-				return 'random'.$len;
+				return 'random' . $len;
 			});
 
 		$this->tokenProvider->expects($this->once())
@@ -393,8 +383,8 @@ class OauthApiControllerTest extends TestCase {
 			->method('update')
 			->with(
 				$this->callback(function (AccessToken $token) {
-					return $token->getHashedCode() === hash('sha512', 'random128') &&
-						$token->getEncryptedToken() === 'newEncryptedToken';
+					return $token->getHashedCode() === hash('sha512', 'random128')
+						&& $token->getEncryptedToken() === 'newEncryptedToken';
 				})
 			);
 
@@ -420,7 +410,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
 	}
 
-	public function testRefreshTokenValidAppTokenBasicAuth() {
+	public function testRefreshTokenValidAppTokenBasicAuth(): void {
 		$accessToken = new AccessToken();
 		$accessToken->setClientId(42);
 		$accessToken->setTokenId(1337);
@@ -432,21 +422,20 @@ class OauthApiControllerTest extends TestCase {
 
 		$client = new Client();
 		$client->setClientIdentifier('clientId');
-		$client->setSecret('encryptedClientSecret');
+		$client->setSecret(bin2hex('hashedClientSecret'));
 		$this->clientMapper->method('getByUid')
 			->with(42)
 			->willReturn($client);
 
 		$this->crypto
 			->method('decrypt')
-			->with($this->callback(function (string $text) {
-				return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
-			}))
-			->willReturnCallback(function (string $text) {
-				return $text === 'encryptedClientSecret'
-					? 'clientSecret'
-					: ($text === 'encryptedToken' ? 'decryptedToken' : '');
-			});
+			->with('encryptedToken')
+			->willReturn('decryptedToken');
+
+		$this->crypto
+			->method('calculateHMAC')
+			->with('clientSecret')
+			->willReturn('hashedClientSecret');
 
 		$appToken = new PublicKeyToken();
 		$appToken->setUid('userId');
@@ -460,7 +449,7 @@ class OauthApiControllerTest extends TestCase {
 
 		$this->secureRandom->method('generate')
 			->willReturnCallback(function ($len) {
-				return 'random'.$len;
+				return 'random' . $len;
 			});
 
 		$this->tokenProvider->expects($this->once())
@@ -490,8 +479,8 @@ class OauthApiControllerTest extends TestCase {
 			->method('update')
 			->with(
 				$this->callback(function (AccessToken $token) {
-					return $token->getHashedCode() === hash('sha512', 'random128') &&
-						$token->getEncryptedToken() === 'newEncryptedToken';
+					return $token->getHashedCode() === hash('sha512', 'random128')
+						&& $token->getEncryptedToken() === 'newEncryptedToken';
 				})
 			);
 
@@ -520,7 +509,7 @@ class OauthApiControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
 	}
 
-	public function testRefreshTokenExpiredAppToken() {
+	public function testRefreshTokenExpiredAppToken(): void {
 		$accessToken = new AccessToken();
 		$accessToken->setClientId(42);
 		$accessToken->setTokenId(1337);
@@ -532,21 +521,20 @@ class OauthApiControllerTest extends TestCase {
 
 		$client = new Client();
 		$client->setClientIdentifier('clientId');
-		$client->setSecret('encryptedClientSecret');
+		$client->setSecret(bin2hex('hashedClientSecret'));
 		$this->clientMapper->method('getByUid')
 			->with(42)
 			->willReturn($client);
 
 		$this->crypto
 			->method('decrypt')
-			->with($this->callback(function (string $text) {
-				return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
-			}))
-			->willReturnCallback(function (string $text) {
-				return $text === 'encryptedClientSecret'
-					? 'clientSecret'
-					: ($text === 'encryptedToken' ? 'decryptedToken' : '');
-			});
+			->with('encryptedToken')
+			->willReturn('decryptedToken');
+
+		$this->crypto
+			->method('calculateHMAC')
+			->with('clientSecret')
+			->willReturn('hashedClientSecret');
 
 		$appToken = new PublicKeyToken();
 		$appToken->setUid('userId');
@@ -560,7 +548,7 @@ class OauthApiControllerTest extends TestCase {
 
 		$this->secureRandom->method('generate')
 			->willReturnCallback(function ($len) {
-				return 'random'.$len;
+				return 'random' . $len;
 			});
 
 		$this->tokenProvider->expects($this->once())
@@ -590,8 +578,8 @@ class OauthApiControllerTest extends TestCase {
 			->method('update')
 			->with(
 				$this->callback(function (AccessToken $token) {
-					return $token->getHashedCode() === hash('sha512', 'random128') &&
-						$token->getEncryptedToken() === 'newEncryptedToken';
+					return $token->getHashedCode() === hash('sha512', 'random128')
+						&& $token->getEncryptedToken() === 'newEncryptedToken';
 				})
 			);
 
diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php
index f34707c554d..030a220e3d7 100644
--- a/apps/oauth2/tests/Controller/SettingsControllerTest.php
+++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php
@@ -1,28 +1,8 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author rakekniven <mark.ziegler@rakekniven.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Tests\Controller;
 
@@ -39,6 +19,7 @@ use OCP\IUser;
 use OCP\IUserManager;
 use OCP\Security\ICrypto;
 use OCP\Security\ISecureRandom;
+use OCP\Server;
 use Test\TestCase;
 
 /**
@@ -91,7 +72,7 @@ class SettingsControllerTest extends TestCase {
 
 	}
 
-	public function testAddClient() {
+	public function testAddClient(): void {
 		$this->secureRandom
 			->expects($this->exactly(2))
 			->method('generate')
@@ -102,23 +83,23 @@ class SettingsControllerTest extends TestCase {
 
 		$this->crypto
 			->expects($this->once())
-			->method('encrypt')
-			->willReturn('MyEncryptedSecret');
+			->method('calculateHMAC')
+			->willReturn('MyHashedSecret');
 
 		$client = new Client();
 		$client->setName('My Client Name');
 		$client->setRedirectUri('https://example.com/');
-		$client->setSecret('MySecret');
+		$client->setSecret(bin2hex('MyHashedSecret'));
 		$client->setClientIdentifier('MyClientIdentifier');
 
 		$this->clientMapper
 			->expects($this->once())
 			->method('insert')
 			->with($this->callback(function (Client $c) {
-				return $c->getName() === 'My Client Name' &&
-					$c->getRedirectUri() === 'https://example.com/' &&
-					$c->getSecret() === 'MyEncryptedSecret' &&
-					$c->getClientIdentifier() === 'MyClientIdentifier';
+				return $c->getName() === 'My Client Name'
+					&& $c->getRedirectUri() === 'https://example.com/'
+					&& $c->getSecret() === bin2hex('MyHashedSecret')
+					&& $c->getClientIdentifier() === 'MyClientIdentifier';
 			}))->willReturnCallback(function (Client $c) {
 				$c->setId(42);
 				return $c;
@@ -138,16 +119,19 @@ class SettingsControllerTest extends TestCase {
 		], $data);
 	}
 
-	public function testDeleteClient() {
+	public function testDeleteClient(): void {
 
-		$userManager = \OC::$server->getUserManager();
+		$userManager = Server::get(IUserManager::class);
 		// count other users in the db before adding our own
 		$count = 0;
-		$function = function (IUser $user) use (&$count) {
-			$count++;
+		$function = function (IUser $user) use (&$count): void {
+			if ($user->getLastLogin() > 0) {
+				$count++;
+			}
 		};
 		$userManager->callForAllUsers($function);
 		$user1 = $userManager->createUser('test101', 'test101');
+		$user1->updateLastLoginTimestamp();
 		$tokenProviderMock = $this->getMockBuilder(IAuthTokenProvider::class)->getMock();
 
 		// expect one call per user and ensure the correct client name
@@ -160,7 +144,7 @@ class SettingsControllerTest extends TestCase {
 		$client->setId(123);
 		$client->setName('My Client Name');
 		$client->setRedirectUri('https://example.com/');
-		$client->setSecret('MySecret');
+		$client->setSecret(bin2hex('MyHashedSecret'));
 		$client->setClientIdentifier('MyClientIdentifier');
 
 		$this->clientMapper
@@ -195,7 +179,7 @@ class SettingsControllerTest extends TestCase {
 		$user1->delete();
 	}
 
-	public function testInvalidRedirectUri() {
+	public function testInvalidRedirectUri(): void {
 		$result = $this->settingsController->addClient('test', 'invalidurl');
 
 		$this->assertEquals(Http::STATUS_BAD_REQUEST, $result->getStatus());
diff --git a/apps/oauth2/tests/Db/AccessTokenMapperTest.php b/apps/oauth2/tests/Db/AccessTokenMapperTest.php
index b7de147963a..41a79fe725b 100644
--- a/apps/oauth2/tests/Db/AccessTokenMapperTest.php
+++ b/apps/oauth2/tests/Db/AccessTokenMapperTest.php
@@ -1,31 +1,17 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Tests\Db;
 
 use OCA\OAuth2\Db\AccessToken;
 use OCA\OAuth2\Db\AccessTokenMapper;
+use OCA\OAuth2\Exceptions\AccessTokenNotFoundException;
 use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\IDBConnection;
+use OCP\Server;
 use Test\TestCase;
 
 /**
@@ -37,10 +23,10 @@ class AccessTokenMapperTest extends TestCase {
 
 	protected function setUp(): void {
 		parent::setUp();
-		$this->accessTokenMapper = new AccessTokenMapper(\OC::$server->getDatabaseConnection(), \OC::$server->get(ITimeFactory::class));
+		$this->accessTokenMapper = new AccessTokenMapper(Server::get(IDBConnection::class), Server::get(ITimeFactory::class));
 	}
 
-	public function testGetByCode() {
+	public function testGetByCode(): void {
 		$this->accessTokenMapper->deleteByClientId(1234);
 		$token = new AccessToken();
 		$token->setClientId(1234);
@@ -56,8 +42,8 @@ class AccessTokenMapperTest extends TestCase {
 	}
 
 
-	public function testDeleteByClientId() {
-		$this->expectException(\OCA\OAuth2\Exceptions\AccessTokenNotFoundException::class);
+	public function testDeleteByClientId(): void {
+		$this->expectException(AccessTokenNotFoundException::class);
 
 		$this->accessTokenMapper->deleteByClientId(1234);
 		$token = new AccessToken();
diff --git a/apps/oauth2/tests/Db/ClientMapperTest.php b/apps/oauth2/tests/Db/ClientMapperTest.php
index 5da048d4b47..2e8d20ad200 100644
--- a/apps/oauth2/tests/Db/ClientMapperTest.php
+++ b/apps/oauth2/tests/Db/ClientMapperTest.php
@@ -1,31 +1,16 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Tests\Db;
 
 use OCA\OAuth2\Db\Client;
 use OCA\OAuth2\Db\ClientMapper;
+use OCA\OAuth2\Exceptions\ClientNotFoundException;
+use OCP\IDBConnection;
+use OCP\Server;
 use Test\TestCase;
 
 /**
@@ -37,17 +22,17 @@ class ClientMapperTest extends TestCase {
 
 	protected function setUp(): void {
 		parent::setUp();
-		$this->clientMapper = new ClientMapper(\OC::$server->getDatabaseConnection());
+		$this->clientMapper = new ClientMapper(Server::get(IDBConnection::class));
 	}
 
 	protected function tearDown(): void {
-		$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$query = Server::get(IDBConnection::class)->getQueryBuilder();
 		$query->delete('oauth2_clients')->execute();
 
 		parent::tearDown();
 	}
 
-	public function testGetByIdentifier() {
+	public function testGetByIdentifier(): void {
 		$client = new Client();
 		$client->setClientIdentifier('MyAwesomeClientIdentifier');
 		$client->setName('Client Name');
@@ -58,13 +43,13 @@ class ClientMapperTest extends TestCase {
 		$this->assertEquals($client, $this->clientMapper->getByIdentifier('MyAwesomeClientIdentifier'));
 	}
 
-	public function testGetByIdentifierNotExisting() {
-		$this->expectException(\OCA\OAuth2\Exceptions\ClientNotFoundException::class);
+	public function testGetByIdentifierNotExisting(): void {
+		$this->expectException(ClientNotFoundException::class);
 
 		$this->clientMapper->getByIdentifier('MyTotallyNotExistingClient');
 	}
 
-	public function testGetByUid() {
+	public function testGetByUid(): void {
 		$client = new Client();
 		$client->setClientIdentifier('MyNewClient');
 		$client->setName('Client Name');
@@ -75,13 +60,13 @@ class ClientMapperTest extends TestCase {
 		$this->assertEquals($client, $this->clientMapper->getByUid($client->getId()));
 	}
 
-	public function testGetByUidNotExisting() {
-		$this->expectException(\OCA\OAuth2\Exceptions\ClientNotFoundException::class);
+	public function testGetByUidNotExisting(): void {
+		$this->expectException(ClientNotFoundException::class);
 
 		$this->clientMapper->getByUid(1234);
 	}
 
-	public function testGetClients() {
+	public function testGetClients(): void {
 		$this->assertSame('array', gettype($this->clientMapper->getClients()));
 	}
 
diff --git a/apps/oauth2/tests/Settings/AdminTest.php b/apps/oauth2/tests/Settings/AdminTest.php
index fb19a9fc6d1..0f08bb30276 100644
--- a/apps/oauth2/tests/Settings/AdminTest.php
+++ b/apps/oauth2/tests/Settings/AdminTest.php
@@ -1,25 +1,8 @@
 <?php
+
 /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 namespace OCA\OAuth2\Tests\Settings;
 
@@ -28,7 +11,6 @@ use OCA\OAuth2\Settings\Admin;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\IURLGenerator;
-use OCP\Security\ICrypto;
 use PHPUnit\Framework\MockObject\MockObject;
 use Psr\Log\LoggerInterface;
 use Test\TestCase;
@@ -38,7 +20,7 @@ class AdminTest extends TestCase {
 	/** @var Admin|MockObject */
 	private $admin;
 
-	/** @var IInitialStateService|MockObject */
+	/** @var IInitialState|MockObject */
 	private $initialState;
 
 	/** @var ClientMapper|MockObject */
@@ -54,12 +36,11 @@ class AdminTest extends TestCase {
 			$this->initialState,
 			$this->clientMapper,
 			$this->createMock(IURLGenerator::class),
-			$this->createMock(ICrypto::class),
 			$this->createMock(LoggerInterface::class)
 		);
 	}
 
-	public function testGetForm() {
+	public function testGetForm(): void {
 		$expected = new TemplateResponse(
 			'oauth2',
 			'admin',
@@ -69,11 +50,11 @@ class AdminTest extends TestCase {
 		$this->assertEquals($expected, $this->admin->getForm());
 	}
 
-	public function testGetSection() {
+	public function testGetSection(): void {
 		$this->assertSame('security', $this->admin->getSection());
 	}
 
-	public function testGetPriority() {
+	public function testGetPriority(): void {
 		$this->assertSame(100, $this->admin->getPriority());
 	}
 }