PLT-7782 Fix for OAuth (#7566)

* Fix for oauth

* Fix test

1 files changed, 1 insertions, 6 deletions

diff --git a/app/oauth.go b/app/oauth.go
index be0535f35..6e411138b 100644
--- a/app/oauth.go
+++ b/app/oauth.go
@@ -6,7 +6,6 @@ package app
 import (
 	"bytes"
 	b64 "encoding/base64"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -133,7 +132,7 @@ func (a *App) AllowOAuthAppAccessToUser(userId string, authRequest *model.Author
 	}
 
 	authData := &model.AuthData{UserId: userId, ClientId: authRequest.ClientId, CreateAt: model.GetMillis(), RedirectUri: authRequest.RedirectUri, State: authRequest.State, Scope: authRequest.Scope}
-	authData.Code = utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", authRequest.ClientId, authRequest.RedirectUri, authData.CreateAt, userId))
+	authData.Code = model.NewId() + model.NewId()
 
 	// this saves the OAuth2 app as authorized
 	authorizedApp := model.Preference{
@@ -191,10 +190,6 @@ func (a *App) GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret
 			return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.redirect_uri.app_error", nil, "", http.StatusBadRequest)
 		}
 
-		if code != utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, authData.UserId)) {
-			return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusBadRequest)
-		}
-
 		if result := <-a.Srv.Store.User().Get(authData.UserId); result.Err != nil {
 			return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.internal_user.app_error", nil, "", http.StatusNotFound)
 		} else {