Content
View differences
Updated by Sagar Gurung over 1 year ago
Hey there!
There was a security fix in the OAuth2 NC app and the client secrets are now stored differently. They used to be encrypted with `ICrypto->encrypt(SECRET)` . They are now hashed with `bin2hex(ICrypto->calculateHMAC(SECRET))` .
This is the NC server PR with the change: [https://github.com/nextcloud/server/pull/47635](https://github.com/nextcloud/server/pull/47635)
This change will be included in:
* Nextcloud 30 (14.09.2024)
* Nextcloud 29.0.7 (you have time for that, 29.0.6 is scheduled for 12.09.2024)
* Nextcloud 28.0.10 (12.09.2024)
* Nextcloud 27.1.11.8 (no idea when this one will come)
For reference, this was the previous adjustment you had to make when oauth2 started to encrypt the secrets: [https://github.com/nextcloud/integration\_openproject/pull/445](https://github.com/nextcloud/integration_openproject/pull/445)
FOR QA:
I think we cannot test this until (new NC version are released). With latest changed `Nextcloud` version, the if we do it manually the verison comes up the RC (example 29.0.7 RC) so its hard to test it manually. But i tried changing it from code to test it with the new hash change. But you can try testing that even after this change the APP does not break.
There was a security fix in the OAuth2 NC app and the client secrets are now stored differently. They used to be encrypted with `ICrypto->encrypt(SECRET)` . They are now hashed with `bin2hex(ICrypto->calculateHMAC(SECRET))` .
This is the NC server PR with the change: [https://github.com/nextcloud/server/pull/47635](https://github.com/nextcloud/server/pull/47635)
This change will be included in:
* Nextcloud 30 (14.09.2024)
* Nextcloud 29.0.7 (you have time for that, 29.0.6 is scheduled for 12.09.2024)
* Nextcloud 28.0.10 (12.09.2024)
* Nextcloud 27.1.11.8 (no idea when this one will come)
For reference, this was the previous adjustment you had to make when oauth2 started to encrypt the secrets: [https://github.com/nextcloud/integration\_openproject/pull/445](https://github.com/nextcloud/integration_openproject/pull/445)
FOR QA:
I think we cannot test this until (new NC version are released). With latest changed `Nextcloud` version, the if we do it manually the verison comes up the RC (example 29.0.7 RC) so its hard to test it manually. But i tried changing it from code to test it with the new hash change. But you can try testing that even after this change the APP does not break.