Skip to content

Hash OAuth application secrets

Aboobacker MK requested to merge 370871-hash-oauth-application-secrets into master

What does this MR do and why?

Follow up from https://gitlab.com/gitlab-org/gitlab/-/issues/364110 to hash oauth application secrets. This MR is also depends on gitlab-org/build/CNG!1116 (merged) and omnibus-gitlab!6310 (merged) to prepare infrastructure dependencies

Screenshots or screen recordings

Screenshot_2022-09-13_at_10.07.08_PM

Screenshot_2022-09-13_at_10.07.27_PM

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. In rails console enable the experiment fully 
    Feature.enable(:hash_oauth_secrets)
  2. Visit Oauth applications page as http://127.0.0.1:3000/admin/applications
  3. Click the New application button.
  4. Fill name, redirect_ui and scopes field
  5. Click 'Save application button'
  6. Check if the new application created allows copying secrets for the first time

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #370871 (closed)

Edited by Aboobacker MK

Merge request reports