Skip to content

Client secret hashed on DataBase #923

New issue
New issue
Open
Task
#947
Open
Client secret hashed on DataBase#923
Task
#947
Assignees
SteDev2
Labels
component/dashboardcomponent/dbIssue that includes one or more db migrations
Milestone
IAM hardening
@SteDev2

Description

@SteDev2
SteDev2
opened on Feb 24, 2025

The client secret is currently stored on database without any encryption, then it should be hashed for security reasons.
This means that the API must ignore any secret received during the creation/update of a client, generate it on POST creation requests and provide it to the user/dashboard one time in the relative response.
If the client's owner loses his client secret, the dashboard will provide him a button to invalidate the current one and generate a new one (returned in the response).
Within the database, the client secret column type won't change but it will be stored as a bcrypt hash instead.
A proper migration that encrypts current client secrets is necessary.

Metadata

Metadata

Assignees

Labels

component/dashboardcomponent/dbIssue that includes one or more db migrations

Type

Task

Projects

v1.14.0

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions