From 0b0da1783bc701e74a1972869bdb221a3c9a6b2a Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 30 May 2023 11:27:17 +0300
Subject: auth: Change check for client secret

We are saving the client secret in an encrypted form, meaning we have to
verify that the CLIENT_SECRET that is provided is the same one as was
generated at registration in a different way.

Initially, I was doing a direct comparison, having saved the CLIENT_SECRET
value as unencrypted plain-text.
---
 gn3/auth/authentication/oauth2/models/oauth2client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gn3/auth/authentication/oauth2/models/oauth2client.py b/gn3/auth/authentication/oauth2/models/oauth2client.py
index da20200..14c4c94 100644
--- a/gn3/auth/authentication/oauth2/models/oauth2client.py
+++ b/gn3/auth/authentication/oauth2/models/oauth2client.py
@@ -27,7 +27,7 @@ class OAuth2Client(NamedTuple):
 
     def check_client_secret(self, client_secret: str) -> bool:
         """Check whether the `client_secret` matches this client."""
-        return self.client_secret == client_secret
+        return same_password(client_secret, self.client_secret)
 
     @property
     def token_endpoint_auth_method(self) -> str:
-- 
cgit v1.2.3