| import { timingSafeEqual } from "node:crypto"; | |
| import { hash } from "@midday/encryption"; | |
| export type OAuthApplication = { | |
| id: string; | |
| active: boolean | null; | |
| clientSecret: string; | |
| }; | |
| export function validateClientCredentials( | |
| application: OAuthApplication | null | undefined, | |
| clientSecret: string, | |
| ): boolean { | |
| if (!application || !application.active) { | |
| return false; | |
| } | |
| const hashedSecret = hash(clientSecret); | |
| const storedSecret = application.clientSecret; | |
| // Use timing-safe comparison to prevent timing attacks | |
| return timingSafeEqual(Buffer.from(storedSecret), Buffer.from(hashedSecret)); | |
| } | |