Skip to content

Support for specifying client secret hasher #1498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 22, 2024
Merged

Support for specifying client secret hasher #1498

merged 1 commit into from
Sep 22, 2024

Conversation

@matejsp
Copy link
Contributor

@matejsp matejsp commented Sep 16, 2024

With every Django version PBKDF2 password hasher gets iterations increased and the next one will be set to 1 mio.
This poses a problem in our case because it affects the performance of /token endpoint. We whitelist to the IPs from which endpoint is accessible so we want to use weaker algorithm. For normal UI login we still want to retain default one.

Description of the Change

Added a setting for specifying client server hasher using CLIENT_SECRET_HASHER.

Checklist

  • PR only contains one change (considered splitting up PR)
  • unit-test added
  • documentation updated
  • CHANGELOG.md updated (only for user relevant changes)
  • author name in AUTHORS

@matejsp matejsp force-pushed the settings-for-password-hasher branch from 033e56d to e6b5779 Compare September 16, 2024 18:43
@n2ygk n2ygk force-pushed the settings-for-password-hasher branch from e6b5779 to 633da22 Compare September 20, 2024 16:23
n2ygk
n2ygk requested changes Sep 20, 2024
View reviewed changes
@matejsp matejsp force-pushed the settings-for-password-hasher branch from 9436528 to f02342b Compare September 21, 2024 13:41
n2ygk
n2ygk approved these changes Sep 22, 2024
View reviewed changes
Copy link
Contributor

@n2ygk n2ygk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this. Nice job documenting and adding test cases!

@n2ygk n2ygk modified the milestones: Future, Release 3.1.0 Sep 22, 2024
@n2ygk n2ygk merged commit 937ae21 into django-oauth:master Sep 22, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@n2ygk n2ygk n2ygk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Release 3.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@matejsp @n2ygk