OAuth UIDs and secrets should be generated, not manually edited

[alexmuller]

Feature request! We have some OAuth UIDs and secrets which are not as long as some other ones, and should be longer.

I think we should do the following:

• The application page should not have editable text fields for UID and secret
• UID and secret should have a minimum length of 64 characters enforced
• There should be a "regenerate" button on the application page which makes new ones

[floehopper]

Feature request! We have some OAuth UIDs and secrets which are not as long as some other ones, and should be longer.

I think we should do the following:

• The application page should not have editable text fields for UID and secret

The UID is still an editable text field:

signon/app/views/doorkeeper_applications/edit.html.erb

Lines 64 to 72 in a0f4e42

	<%= render "govuk_publishing_components/components/input", {
	label: {
	text: "UID"
	},
	name: "doorkeeper_application[uid]",
	type: "text",
	hint: "The app has a copy of this. Used in the signin redirect dance.",
	value: @application.uid,
	} %>

The secret is still an editable text field:

signon/app/views/doorkeeper_applications/edit.html.erb

Lines 74 to 82 in a0f4e42

	<%= render "govuk_publishing_components/components/input", {
	label: {
	text: "Secret"
	},
	name: "doorkeeper_application[secret]",
	type: "text",
	hint: "The app has a copy of this. Used in the signin redirect dance.",
	value: @application.secret,
	} %>

• UID and secret should have a minimum length of 64 characters enforced

There doesn't appear to be any validation enforcing a minimum length on these fields in either the DoorkeeperApplicationsController or the Doorkeeper::Application.

• There should be a "regenerate" button on the application page which makes new ones

There doesn't appear to be any such button on the application page.

Given all the above, I think this is still a valid issue.