From fff3d14caca7fedc21f0a5e159b336f957d3bc09 Mon Sep 17 00:00:00 2001
From: loks0n <22452787+loks0n@users.noreply.github.com>
Date: Wed, 28 Feb 2024 23:50:40 +0000
Subject: [PATCH] fix: encode secret in oauth workaround

---
 app/controllers/api/account.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 6c748bec5a..a092b1fcb4 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -934,12 +934,12 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                 ->setPayload($response->output($session, Response::MODEL_SESSION))
             ;
 
-            // TODO: Remove this deprecated, undocumented workaround
+            // TODO: Remove this deprecated workaround - support only token
             if ($state['success']['path'] == $oauthDefaultSuccess) {
                 $query['project'] = $project->getId();
                 $query['domain'] = Config::getParam('cookieDomain');
                 $query['key'] = Auth::$cookieName;
-                $query['secret'] = $secret;
+                $query['secret'] = Auth::encodeSession($user->getId(), $secret);
             }
 
             $response