feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/domain/application_oidc.go
+++ b/internal/domain/application_oidc.go
@@ -5,7 +5,6 @@ import (
 	"time"

 	http_util "github.com/zitadel/zitadel/internal/api/http"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 )

@@ -28,7 +27,7 @@ type OIDCApp struct {
 	AppID                    string
 	AppName                  string
 	ClientID                 string
-	ClientSecret             *crypto.CryptoValue
+	EncodedHash              string
 	ClientSecretString       string
 	RedirectUris             []string
 	ResponseTypes            []OIDCResponseType
@@ -62,8 +61,8 @@ func (a *OIDCApp) setClientID(clientID string) {
 	a.ClientID = clientID
 }

-func (a *OIDCApp) setClientSecret(clientSecret *crypto.CryptoValue) {
-	a.ClientSecret = clientSecret
+func (a *OIDCApp) setClientSecret(encodedHash string) {
+	a.EncodedHash = encodedHash
 }

 func (a *OIDCApp) requiresClientSecret() bool {