auth: Change check for client secret

We are saving the client secret in an encrypted form, meaning we have to verify that the CLIENT_SECRET that is provided is the same one as was generated at registration in a different way. Initially, I was doing a direct comparison, having saved the CLIENT_SECRET value as unencrypted plain-text.
author: Frederick Muriuki Muriithi 2023-05-30 11:27:17 +0300
committer: Frederick Muriuki Muriithi 2023-05-30 11:27:17 +0300
commit: 0b0da1783bc701e74a1972869bdb221a3c9a6b2a (patch)
tree: 6467594957167722726963387275a72c5db9cff1
parent: 2aa7abf383df814f24c88beea733c324cda682d0 (diff)
download: genenetwork3-0b0da1783bc701e74a1972869bdb221a3c9a6b2a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/gn3/auth/authentication/oauth2/models/oauth2client.py b/gn3/auth/authentication/oauth2/models/oauth2client.py
index da20200..14c4c94 100644
--- a/gn3/auth/authentication/oauth2/models/oauth2client.py
+++ b/gn3/auth/authentication/oauth2/models/oauth2client.py
@@ -27,7 +27,7 @@ class OAuth2Client(NamedTuple):
 
     def check_client_secret(self, client_secret: str) -> bool:
         """Check whether the `client_secret` matches this client."""
-        return self.client_secret == client_secret
+        return same_password(client_secret, self.client_secret)
 
     @property
     def token_endpoint_auth_method(self) -> str:
author	Frederick Muriuki Muriithi	2023-05-30 11:27:17 +0300
committer	Frederick Muriuki Muriithi	2023-05-30 11:27:17 +0300
commit	0b0da1783bc701e74a1972869bdb221a3c9a6b2a (patch)
tree	6467594957167722726963387275a72c5db9cff1
parent	2aa7abf383df814f24c88beea733c324cda682d0 (diff)
download	genenetwork3-0b0da1783bc701e74a1972869bdb221a3c9a6b2a.tar.gz