open-humans icon indicating copy to clipboard operation
open-humans copied to clipboard

Published 20 hours ago verified publisher icon OpenHumans

Allow projects to refresh OAuth2 client ID/secret

Open madprime opened this issue 6 years ago • 1 comments

We should allow projects to refresh OAuth2 key/secret themselves.

Currently they request OH admins to do a refresh for them, which not great security (although a project could simply de-activate to prevent new authorizations).

madprime avatar Jan 30 '19 22:01 madprime

probably using the generators from django-oauth-toolkit, e.g.

from oauth2_provider.generators import ClientIdGenerator, ClientSecretGenerator
cig = ClientIdGenerator()
csg = ClientSecretGenerator()
return (cig.hash(), csg.hash())

madprime avatar Jan 30 '19 23:01 madprime