madprime
commented
5 years ago probably using the generators from django-oauth-toolkit, e.g.
from oauth2_provider.generators import ClientIdGenerator, ClientSecretGenerator
cig = ClientIdGenerator()
csg = ClientSecretGenerator()
return (cig.hash(), csg.hash())
We should allow projects to refresh OAuth2 key/secret themselves.
Currently they request OH admins to do a refresh for them, which not great security (although a project could simply de-activate to prevent new authorizations).