From 034917b7900c77d0e54c3394c6bfb7839aee827a Mon Sep 17 00:00:00 2001
From: Julien Veyssier <julien-nc@posteo.net>
Date: Thu, 29 Aug 2024 17:28:01 +0200
Subject: fix(oauth2): store hashed secret instead of encrypted

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
---
 apps/oauth2/lib/Controller/SettingsController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apps/oauth2/lib/Controller/SettingsController.php')

diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php
index ce85598d08d..f16b26696c4 100644
--- a/apps/oauth2/lib/Controller/SettingsController.php
+++ b/apps/oauth2/lib/Controller/SettingsController.php
@@ -50,8 +50,8 @@ class SettingsController extends Controller {
 		$client->setName($name);
 		$client->setRedirectUri($redirectUri);
 		$secret = $this->secureRandom->generate(64, self::validChars);
-		$encryptedSecret = $this->crypto->encrypt($secret);
-		$client->setSecret($encryptedSecret);
+		$hashedSecret = bin2hex($this->crypto->calculateHMAC($secret));
+		$client->setSecret($hashedSecret);
 		$client->setClientIdentifier($this->secureRandom->generate(64, self::validChars));
 		$client = $this->clientMapper->insert($client);
 
-- 
cgit v1.2.3