Fix dynamic client registration to return plaintext secret with hash_application_secrets

Author: Nikita Bulai

CHANGELOG.md

@@ -6,6 +6,7 @@
 - [#232] Implements customizable OpenID request class
 - [#236] Derive token_endpoint_auth_methods_supported from Doorkeeper's client_credentials config
 - [#225] Allow configuration of id_token expiration using a block.
+- [#237] Fix dynamic client registration returning hashed secret when `hash_application_secrets` is enabled
 
 ## v1.8.11 (2025-02-10)
 

app/controllers/doorkeeper/openid_connect/dynamic_client_registration_controller.rb

@@ -28,7 +28,7 @@ def registration_response(doorkeeper_application)
         doorkeeper_config = ::Doorkeeper.configuration
 
         {
-          client_secret: doorkeeper_application.secret,
+          client_secret: doorkeeper_application.plaintext_secret || doorkeeper_application.secret,
           client_id: doorkeeper_application.uid,
           client_id_issued_at: doorkeeper_application.created_at.to_i,
           redirect_uris: doorkeeper_application.redirect_uri.split,

spec/controllers/dynamic_client_registration_controller_spec.rb

@@ -30,7 +30,7 @@
 
       doorkeeper_application = Doorkeeper::Application.first
       expect(JSON.parse(response.body)).to eq({
-        'client_secret' => doorkeeper_application.secret,
+        'client_secret' => doorkeeper_application.plaintext_secret || doorkeeper_application.secret,
         'client_id' => doorkeeper_application.uid,
         'client_id_issued_at' => doorkeeper_application.created_at.to_i,
         'redirect_uris' => redirect_uris,