Add SHA512 token fallback for OAuth application secrets (!200852) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

We are introducing SHA512 hashing for oauth application secrets which is faster and compliance with FIPS. This commit adds fallback mechanism so that actual hashing change can be rolled out safely

This MR also consolidate OAuth token and OAuth application hashing mechanisms together.

References

Related to #551169 (closed)
Similar MR for Oauth access token: !198910 (merged)

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Aug 11, 2025 by Aboobacker MK

Add SHA512 token fallback for OAuth application secrets

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports